DATA PROTECTION POLICY

Privacy Policy

1. Introduction

This privacy policy (hereinafter "Privacy Policy") gives you an overview of the purposes, legal bases and means under which a LEI Register group company (hereinafter "LEI Register" or "we") processes personal data. Additionally, the Privacy Policy explains which personal data we process, describes data retention periods as well as your rights as a data subject and how to exercise these rights.
In order to ensure a high level of protection of personal data as well as the fulfilment of all regulatory requirements, LEI Register follows the requirements set forth in the General Data Protection Regulation (EU) 2016/679 (hereinafter "GDPR") and other applicable legislation throughout its operations.

The Controller of your personal data is the LEI Register group company, i.e. a company within the LEI Register group responsible for processing your data, based on a contractual or pre-contractual relationship, or other services offered by the company which you have used or intend to use. The contact details for all LEI Register group companies can be found here.

Should you have any questions related to the processing of personal data, please contact us via e-mail at [email protected].

2. Purposes and legal bases for processing

LEI Register processes your personal data only to the minimum extent necessary to achieve the purposes described in this Chapter of the Privacy Policy. Any processing of personal data has a specific, limited purpose and legal basis, which is described in detail below.

2.1. Concluding and fulfilling contracts for the provision of services

The main operations of LEI Register encompass the activities of an official registration agent of LEI codes (Legal Entity Identifier), which is used worldwide to identify a legal entity. These operations include services provided to legal entities related to the registration, renewal and transfer of an LEI code.

In order to provide these services, LEI Register processes the contact data of the representatives of the legal entities using our services (first and last name, telephone number, email address).

The legal basis for the processing of personal data described in this section is (depending on the stage of service provision or the preparation thereof) the obligation to fulfil the contract concluded between LEI Register and the client or the need to take measures prior to the conclusion of the respective contract (GDPR Article 6(1)(b)).

2.2. Marketing activities

LEI Register and/or our contractual partners may send newsletters and other notifications by post as well as by email to existing customers and potential customers (which are also legal entities) using contact information found in public sources (hereinafter "Newsletters"). The purpose of such data processing is to introduce the services of LEI Register to potential customers, to collect feedback on our services and service experience, and to improve our business processes and service portfolio based on this information.

You can opt out of Newsletters sent to your legal entity by pressing the "unsubscribe" button next to the respective Newsletter (for email Newsletters). It is also possible to opt out of Newsletters (both sent by post and email) by sending us a notification with a respective request using the contact details provided in Chapter 1 of the Privacy Policy.

The legal basis for sending Newsletters is, depending on the specific situation, the data subject's consent (GDPR Article 6(1)(a)) or subsections 103¹ 2 and 3 of the Estonian Electronic Communications Act.

Please note that if the legal basis for processing personal data is consent, the withdrawal of the latter does not affect the legality of data processing based on prior, valid consent.

2.3. Business development, partnerships and cooperation

LEI Register may share the contact details of its customers (legal entities) with other service providers (cooperation partners) for the purposes of business development as well as to ensure that our customers are informed as effectively as possible about services which are of potential interest to them.

Although LEI Register provides services to customers who are legal entities, and although data concerning legal entities is generally not considered personal data, contact details may in certain cases still refer to a specific person. Therefore, depending on the context in which the processing is carried out, the contact details of a legal person may also qualify as personal data in certain cases.

For the purposes set out above, the following data disclosed by the customer to LEI Register may be shared with cooperation partners:

  • business name and registry code;
  • name of the representative and/or other contact person, e-mail address and/or telephone number.

The legal basis for this activity is LEI Register’s legitimate interest in ensuring the sustainability and competitiveness of its business and in providing the best value proposition to its customers (GDPR Art. 6(1)f)). Under GDPR Art 21, data subjects have the right to object at any time to the processing of personal data which is carried out on the basis of GDPR Art 6(1)e) or Art 6(1)f).

2.4. Fulfilment of legal obligations

Under certain circumstances, we have to process personal data to fulfil our legal obligations. This includes, for example, accounting obligations, responding to inquiries from government authorities, obligations arising from AML/CFT regulations and informing supervisory authorities and individuals about (potential) violations.

In such situations, the legal basis for the processing of personal data is our legal obligation (GDPR Article 6(1)c)).

3. Data retention

We store your personal data only for the time for which it is necessary for the purposes stated in Chapter 2 of this Privacy Policy.
Personal data processed for the conclusion and fulfilment of customer contracts
Such personal data is generally stored for the duration of the respective customer relationship and until the expiration date of potential legal claims. Personal data processed in the course of pre-contractual negotiations or consultation, which have not ended with the conclusion of a contract (e.g. data processed during consultation and price inquiries), will be stored for 5 years from the end of the respective negotiations.

  • Personal data processed for marketing activities

Such personal data will be stored until the necessity for processing ceases, but no longer than until the end of the customer relationship or the withdrawal of consent that was the legal basis for specific marketing activities (provided that the legal basis for processing was consent).

  • Data processed in the course of business development activities

In the course of business development activities, LEI Register may share certain data disclosed by the customer as referred to in section 2.3 of the Privacy Policy with its cooperation partners. As these datasets overlap with those necessary for the conclusion and performance of service contracts, this data is retained (including information about the transfer of data to the respective cooperation partner) based on the same principles and retention periods as indicated in the first section of this chapter.

Please note that for data processed for business purposes, the data recipient will generally qualify as a separate data controller within the meaning of GDPR Art 4 clause 7. Therefore, for the purposes of subsequent processing of personal data, the data recipient is subject to all obligations and responsibilities under the GDPR.

  • Personal data processed for the fulfilment of legal obligations

In order to fulfil legal obligations and in other specific circumstances, we may retain personal data for a longer period than stated above, including:

(a) to comply with legal obligations that LEI Register is subject to;

(b) for accounting reasons;

(c) for reasons related to the realization of possible rights of claim.

For example, we retain all original accounting documentation (e.g. invoices) for 7 years from the end of the financial year in which the relevant accounting entry was made. In order to enable submission of claims or submission of objections to potential claims against us, we may retain personal data for 5 years or a maximum of 10 years (in case of intentional breach) in accordance with the limitation periods for claims and, in case of ongoing disputes, until their final resolution.

4. Cookies

In addition to the data processing described above, we use cookies on the website https://www.leicodeaustralia.com (hereinafter “Website”), the purpose of which is to provide you with a better, faster, and safer user experience. Cookies are small text files that are stored on your computer, smartphone, tablet, or other device you use to visit the Website. Cookies provide us with information about how the Website is used, allow us to compile statistics on Website visits, display marketing content that is potentially of interest to you, and ensure the functionality as well as a high standard of user experience of the Website.
The Website uses the following cookies:

Strictly necessary cookies

Cookie Purpose Retention period
__cfruid Cloudflare sets this cookie to identify trusted web traffic. session
enforce_policy PayPal sets this cookie for secure transactions. 1 year
LANG Paypal sets this cookie to provide payment options and security. 9 hours
tsrce PayPal sets this cookie to enable the PayPal payment service on the website. 3 days
x-pp-s PayPal sets this cookie to process payments on the site. session
l7_az PayPal sets this cookie for the PayPal login function on the website. 1 hour
ts PayPal sets this cookie to enable secure transactions through PayPal. 1 year 1 month 4 days
ts_c PayPal sets this cookie to make safe payments through PayPal. 1 year 1 month 4 days
leiregister_order_id The application form ID needed to match the payment to the correct form. Also used to show the correct order data after payment. 3 days
JSESSIONID This cookie is created/sent when session is created to maintain the session for the duration of the visit. session
BIGipServer* This cookie is for load balancing and to ensure consistent user sessions and website performance. session
TS01* This cookie is for security and session management, ensuring secure transactions and consistent user experience. session
PHPSESSID This cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed. session

Functional cookies

Cookie Purpose Retention period
SRM_B Microsoft Advertising sets this cookie for a unique ID for visitors. 1 year 24 days
_uetsid Microsoft Advertising sets this cookie to identify the session ID for a unique session on the site. 1 day
_uetvid Microsoft Advertising sets this cookie to identify a unique, anonymized visitor ID, representing a unique visitor. 1 year 24 days
_vwo_ds VWO sets this cookie for persistent visitor-level data for VWO Insights. 3 months
_vwo_sn VWO sets this cookie to store session-level information. 1 hour
_vis_opt_s VWO sets this cookie to track sessions created for a visior. It measures the number of times the browser was closed and reopened.  3 months 8 days
_vis_opt_test_cookie VWO creates this cookie to determine whether or not cookies are enabled on the user's browser. session
CF5aca6f3602033_1/2 Saves form data entered by users, allowing them to complete the form later without losing their information. 1 days
__lc_cid (customerId) Used by LiveChat's accounts service. The purpose of this cookie is to verify the identity of a customer created in LiveChat. 2 years
__lc_cst (customerSecureToken) Used by the LiveChat's accounts service. The purpose of this cookie is to verify the customer’s token. 2 years
__oauth_redirect_detector Cookie set when the initial POST to https://accounts.livechatinc.com/customer/token happens. It detects any unwanted redirections to the account’s domain. The cookie is set just in case, for example, if a redirection loop happens, which could interrupt LiveChat services. 30 seconds

Statistics cookies

Cookie Purpose Retention period
MR Bing sets this cookie to indicate whether to refresh MUID. 7 days
SM Microsoft Clarity sets this cookie for synchronizing the MUID across Microsoft domains. session
MUID Microsoft Clarity sets this cookie to identify unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes. 1 year 24 days
_gcl_au Google Tag Manager sets this cookie for the "Conversion Linker" functionality - it takes information in ad clicks and stores it in a first-party cookie so that conversions can be attributed outside the landing page. 3 months
_vwo_uuid_v2 VWO sets this cookie for calculating unique traffic on a website. 1 year
_ga_* Google Analytics sets this cookie to store and count page views. 2 years
_ga Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. 2 years
_clck Microsoft Clarity sets this cookie to retain the browser's Clarity User ID and settings exclusive to that website. This guarantees that actions taken during subsequent visits to the same website will be linked to the same user ID. 1 year
_clsk Microsoft Clarity sets this cookie to store and consolidate a user's pageviews into a single session recording. 1 day
CLID Microsoft Clarity sets this cookie to identify the first-time Clarity saw this user on any site using Clarity. 1 year
user_referer_url Determines the source of the traffic to the website. 30 days
utm_email Determines the source of the traffic to the website. 5 days
utm_sms Determines the source of the traffic to the website. 5 days
paper Determines the source of the traffic to the website. 5 days
leivajutus_g Determines the source of the traffic to the website. 30 days
leivajutus_m Determines the source of the traffic to the website. 30 days
_uetmsclkid This is the Microsoft Click ID, which is used to improve the accuracy of conversion tracking. 90 days

Marketing cookies

Cookie Purpose Retention period
MUID Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations. 1 year 24 days
ANONCHK Microsoft Clarity sets this cookie to indicate whether MUID is transferred to ANID, a cookie used for advertising. Clarity doesn't use ANID and so this is always set to 0. 10 minutes
_fbp Facebook sets this cookie to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising after visiting the website. 3 months

Cookies used on the Website may change over time. By visiting the Website, you agree to the use of cookies that are strictly necessary for its functionalities and a separate consent for the use of strictly necessary cookies is not requested. For the use of all other types of cookies, we request your consent via the Website.

You can opt out of cookies at any time by changing the web browser settings of your device and deleting the saved cookies.

5. Data sources and right of access

We may receive personal data from Website visitors and from users of our services (for example, if a Website visitor submits a request for registration, renewal or transfer of an LEI code through the Website). We may also obtain personal data about contact persons of potential customers (legal entities) from the business registry and other public sources.

Access to the personal data described in the Privacy Policy is only granted to our board members and employees in order to fulfil their specific professional obligations. For example, data related to LEI code registration requests are processed by customer service and operations specialists in order to fulfil their specific work duties.

In certain cases, service providers providing specific services to us (e.g. IT services, accounting services, Newsletter delivery services) may also have access to a limited scope of personal data.

We generally do not transfer personal data to countries outside the European Economic Area. However, if such transfers are unavoidably necessary to achieve the purposes described in Chapter 2 of the Privacy Policy, we will only transfer personal data to recipients outside the European Economic Area, whose country of residence ensures an adequate level of personal data protection (the European Commission has published a decision on the adequacy of protection in this regard) and/or the corresponding level of protection can be achieved through appropriate safeguards, e.g. by implementing standard data protection clauses and/or binding corporate rules.

6. Data subject rights

In relation with the processing of your personal data by LEI Register, you have the following rights as specified in the GDPR:

  • The right of access

You have the right to request information about whether and which personal data, on which legal basis and manner we process about you. You also have the right to request a copy of the personal data processed about you.

  • The right to rectification

You have the right to request that we correct any errors in your personal data (for example, if your personal data has changed). This right can be exercised if the personal data we process about you is incomplete, out of date or otherwise incorrect.

  • The right to be forgotten

You can request the deletion of you personal data if:

  • the processed personal data is no longer required to achieve the purposes of the processing;
  • you withdraw the consent for the processing of personal data (provided that the legal basis for processing was consent).
  • The right to restrict the processing of personal data

You have the right to request that we restrict the processing of your personal data in the following situations:

  • you dispute the validity of your personal data;
  • it becomes evident that there is a lack of legal basis for the processing of your personal data, but you do not request the deletion of personal data;
  • you require the personal data to prepare, present or defend a legal claim.
  • The right to object

You have the right to object to any automated decision-making by us and the processing of personal data related to direct marketing.

  • The right to transfer personal data to another controller

If we process your personal data on the basis of consent or an obligation arising from a contractual relationship between us, you have the right to demand that we provide you with your personal data in a structured, commonly used format and in machine-readable form. If technically feasible, you also have the right to request that we transfer personal data to another data controller indicated by you.

  • The right to withdraw consent at any time

If the legal basis for the processing of your personal data is consent, you have the right to withdraw your consent at any time. Please note that withdrawal of consent does not affect the legality of prior data processing, that was based on valid consent.

To exercise the rights described above, please contact us at [email protected]. Please note that data subject rights are not absolute, and for each request we must assess whether and to what extent applicable data protection legislation allows us to satisfy your request. We will respond to your request within one month of receipt. If it is not possible to respond to the request within one month, we may extend the response deadline by a further two months, informing you of the extension of the deadline and the reason for it within one month of receipt of the request.

7. Questions & complaints

Should you have any questions or complaints related to the processing of personal data, please do not hesitate to contact us at [email protected]. We will respond to you within one month of receiving the question or complaint.

If you do not agree with the answer you received, you have the right to file a complaint with the Data Protection Inspectorate (address: Tatari 39, Tallinn 10134; e-mail: [email protected]; telephone: +372 627 4135) as well as with the respective data protection authority in your country.

Information about other data protection authorities in the European Union is available here.

8. Updating the Privacy Policy

We constantly strive to ensure that both the data processing activities we carry out as well as the related documentation are kept simple, clear, and transparent and meet all the requirements set forth in the legislation and the best data protection practices. Accordingly, we regularly update, specify, and improve this Privacy Policy.

You can always find an up-to-date version of this Privacy Policy on our Website.

Last updated: 15/10/2024