Join us

Privacy Policy

Last updated: 10 December 2025

1. Introduction

This website and the services described in this Privacy Policy are operated by Estonian Business Angels Network (EstBAN) (“EstBAN”, “we”, “us”, “our”).

Legal Entity: MTÜ Eesti Äriinglite Assotsiatsioon
Registration Number: 80306927
Registered Location: Estonia
Contact (Privacy-Related Inquiries): info@estban.ee

EstBAN is committed to protecting your personal data and ensuring that your privacy is respected in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website and related services.


2. Scope

This Privacy Policy explains how EstBAN collects, processes, and uses personal data in connection with our website, services, and activities.

It applies to personal data collected and processed about the following categories of individuals:

  • Visitors to estban.ee and its subpages;
  • Members and prospective members of EstBAN;
  • Event registrants, speakers, sponsors, mentors, and partners participating in EstBAN-organized or co-organized events;
  • Newsletter subscribers and other individuals who communicate or interact with EstBAN;
  • Founders/startups who apply to pitch, seek investment, or otherwise submit information to EstBAN.

This Policy applies regardless of how you interact with us – whether online through our website, by email, or in person at events or meetings.


3. Data we Collect

We collect and process various categories of personal data depending on your relationship and interactions with EstBAN. The types of data we may collect include:

3.1. Identity & Contact Data

  • Name, job title, company or organization;
  • Email address, phone number, country of residence;
  • Professional or social profile links (e.g., LinkedIn or other relevant URLs).

3.2. Membership Data

  • Details provided in membership applications;
  • Investment interests, sector preferences, and participation in EstBAN committees or working groups;
  • Membership status, payment status, and related records.

3.3. Event Data

  • Registration information for EstBAN events, including attendance records and session selections;
  • Dietary and accessibility requirements (if voluntarily provided);
  • Photos and video recordings taken during events.

3.4. Founder / Deal Flow Data

  • Pitch decks and company information submitted to EstBAN;
  • Founder contact details, funding requirements, traction, and financial information relevant to investment opportunities.

3.5. Marketing Preferences

  • Newsletter subscription preferences (opt-in/opt-out);
  • Communication logs and marketing interaction records.

3.6. Website & Technical Data

  • IP address, browser type, and device information;
  • Pages visited, referral source, and general usage data;
  • Cookie identifiers and approximate geolocation (e.g., country or city level).

3.7. Payment & Invoicing Data

  • Billing details such as company name, address, and VAT number (if applicable);
  • Transaction metadata provided by our payment service providers.

Note: EstBAN does not collect or store full credit or debit card details.

3.8. Correspondence Data

  • Records of email communications, messages, and notes from calls or meetings;
  • Information necessary to manage and maintain our relationship with you.


4. Data Sources 

We collect personal data from a variety of sources, depending on how you interact with EstBAN and our services. These sources include:

4.1. Directly from You

Information you provide to us directly, for example through:

  • Online or offline forms and applications;
  • Email correspondence, phone calls, or meetings;
  • Event registrations and participation;
  • Membership or startup application submissions.

4.2. Your Organisation or Referrers

Data shared with us by your employer, colleagues, partners, or referrers — for example, when another individual registers you for an event or introduces you to EstBAN.

4.3. Public Sources

Information available from publicly accessible platforms, such as:

  • Company websites and business directories;
  • Professional networking sites (e.g., LinkedIn);
  • Press releases, media coverage, and public registries.

4.4. Service Providers and Partners

Data generated or hosted by third-party providers that support our operations, including:

  • Event management platforms and CRM systems;
  • Website analytics and cookie-based tools;
  • Payment processors and invoicing systems.

These sources help us ensure the accuracy and completeness of the information we hold, support event organization and communication, and enable us to provide our services effectively.


5. Why we use Your Data & Legal Basis

We only process personal data where there is a lawful basis under applicable data protection laws, including the GDPR. The table below summarises the main purposes for which EstBAN uses personal data and the corresponding legal bases.

Based on the purpose and legal basis, the processing activities are as follows:

5.1. Website operation & security

We process personal data to enable website functionality, load pages, perform basic analytics, and detect or prevent fraud or abuse.
Legal basis: Legitimate interests (for functionality and security) and consent (for optional analytics).

5.2. Membership onboarding & administration

We process membership applications, verify eligibility, manage membership dues and renewals, and maintain member directories.
Legal basis: Contract (member terms) and legitimate interests (for handling prospective members).

5.3. Events & programs

We manage registrations, schedule sessions, coordinate speakers, and conduct post-event follow-ups.
Legal basis: Contract (event terms and conditions) and legitimate interests (e.g., follow-ups and improving general event organisation).

5.4. Deal flow & introductions

We collect startup and founder information and share relevant details with EstBAN members or committees where appropriate.
Legal basis: Legitimate interests, and in some cases consent (e.g., where founders authorise wider data circulation).

5.5. Communications & newsletters

We send service-related emails, membership or policy updates, event invitations, and newsletters.
Legal basis: Legitimate interests (for essential service and member communications) and consent (for optional marketing communications).

5.6. Photos & media at events

We take and publish photos or videos to document community activity and to promote EstBAN’s initiatives.
Legal basis: Legitimate interests (e.g., for general event documentation and communication), with consent or opt-out options provided where required.

5.7. Compliance & record-keeping

We maintain accounting and tax records, respond to legal requests, and perform sanctions or compliance checks (where applicable).
Legal basis: Legal obligation (accounting, tax, and statutory reporting) and legitimate interests (for internal records, ensuring regulatory compliance, and protecting EstBAN’s rights in case of audits or disputes).

5.8. Processing payments

We collect and process membership and event fees.
Legal basis: Contract (to process payments and provide the requested membership or event services) and legal obligation (for accounting and record-keeping).

5.9. Improving services

We conduct surveys, collect feedback, and analyse usage to improve our services and user experience.
Legal basis: Legitimate interests and consent (where participation is voluntary).

Legitimate Interests Test

Where we rely on legitimate interests, we carefully assess and balance our operational needs – such as running a member network, organising events, facilitating deal flow, and maintaining security – against your fundamental rights and expectations. You have the right to object to processing based on legitimate interests at any time (see Section 10).


6. Cookies and similar technologies

Our website uses cookies and similar technologies to ensure the site functions properly, improve user experience, and – if you allow – analyse traffic and personalise content.

The cookies that are categorised as “Necessary” are stored on your browser as they are essential for enabling the basic functionalities of the site.

We also use third-party cookies that help us analyse how you use this website, store your preferences, and provide the content and advertisements that are relevant to you. These cookies will only be stored in your browser with your prior consent.

You can choose to enable or disable some or all of these cookies but disabling some of them may affect your browsing experience.

6.1 Types of cookies we use

Based on category, purpose, examples and consent requirement, cookies used on this website are:

Necessary cookies
These cookies enable core site functions such as site security, maintenance and full functionality.
Examples: session identifiers, Elementor.
Consent required: No (used on the basis of legitimate interest).

Functional cookies
These cookies enable website features such as social media sharing, feedback collection and other interactive services.
Examples: VISITOR_INFO1_LIVE, yt-remote-connected-devices.
Consent required: Yes.

Analytics cookies
These cookies help us understand how visitors use our website so we can improve it.
Examples: Google Analytics (_ga), YSC.
Consent required: Yes.

Performance cookies
These cookies are used to track site performance and improve user experience.
Examples: currently not in use / not applicable.
Consent required: not applicable.

Advertisement cookies
These cookies are used to track visitors across websites in order to display relevant ads or measure marketing performance.
Examples: YouTube cookies (yt.innertube::nextId, yt.innertube::requests).
Consent required: Yes.

6.2 Cookie control

  • Non-essential cookies are disabled by default.
  • When you visit the site for the first time, you will see a cookie banner allowing you to Accept All, Reject Non-Essential, or Manage Preferences.
  • You can withdraw or change consent at any time via the Cookie Settings link in the website footer.
  • You can also block or delete cookies through your browser settings.

6.3 Third-party cookies

Some cookies may come from trusted service providers (e.g., Google, Meta, LinkedIn) for analytics or marketing. We only load these after you provide consent.
Data may be transferred outside the EEA under EU Standard Contractual Clauses.

6.4 Cookie retention

Cookies remain on your device for their individual lifespan or until you delete them.
Session cookies expire when you close your browser; more detailed information is provided in the cookie disclaimer.


7. Disclosures & International Transfers

We share personal data only to the extent necessary to operate our services, fulfil contractual obligations, comply with legal requirements, and pursue our legitimate interests. EstBAN does not sell personal data.

7.1. Vendors

We use trusted third-party service providers to support our operations, including:

  • Website hosting and maintenance (WordPress);
  • Customer relationship management (CRM) and communication tools (e.g., Pipedrive, Mailchimp, Notion, Dealum, Google workspace, WordPress);
  • Emailing and newsletter distribution (e.g. Pipedrive, Mailchimp, Gmail);
  • Event management and ticketing platforms (e.g., Luma);
  • Payment processing and accounting systems (e.g. Envoice, Smart Accounts);
  • Analytics, IT, and security services (e.g., Google Analytics);
  • Media and content hosting providers (e.g., Instagram, LinkedIn, Facebook).

These processors act on our behalf and only process personal data under our instructions, subject to appropriate confidentiality and data protection agreements.

Some data may be processed by Google, Meta, or other vendors based in the US.

7.2. Members and Partners

Personal data may be shared with EstBAN members or partners for legitimate network purposes – for example:

  • Reviewing deal flow and startup applications;
  • Coordinating investment activities;
  • Participating in events or internal working groups.

We take steps to ensure that confidentiality is respected in all such exchanges.

We may share limited personal data with event or program partners and sponsors when necessary for participation, coordination, or co-hosting purposes, and only to the extent proportionate and relevant.

7.3. Authorities and Advisers

We may disclose personal data when required by law or regulation, or to establish, exercise, or defend legal claims – for example, to competent authorities, regulators, auditors, or professional advisers (such as legal or accounting counsel).

7.4. International Data Transfers

If personal data is transferred outside the European Union (EU) or European Economic Area (EEA), we ensure that appropriate safeguards are in place. These may include:

  • EU Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Adequacy decisions confirming that the destination country provides adequate data protection;
  • Risk assessments of local laws and practices.

You may request further details about the applicable safeguards by contacting us (see Section 10).


8. How Long We Keep Your Data

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the purposes for which it was collected, and any legal, regulatory, or contractual requirements. We also take into account the periods during which we may need to retain personal data to address inquiries, complaints, legal claims, or to meet our statutory obligations (for example, accounting and tax record-keeping).

Membership data – kept for the duration of membership and up to 15 years after termination to manage renewals, resolve disputes, and maintain accounting records.

Event registration and participation data – retained for up to 5 years after the event for follow-up, reporting, and feedback collection.

Deal flow and founder data – retained for up to 3 years after the last interaction or until the information is no longer relevant to investment activities.

Newsletter and marketing preferences – kept until you withdraw consent or unsubscribe.

Accounting and payment records – stored for 7 years from the end of the financial year in accordance with Estonian accounting and tax laws.
Communications and correspondence – retained for up to 4 years after the last contact to handle inquiries and maintain communication records.

Website analytics data (cookies) – retained depending on the cookie’s lifetime and your consent settings.

Photos and media from events – kept until they are no longer relevant for EstBAN’s communication purposes or until you request removal. Participants are informed in advance or at the event about photography and may opt out by contacting the organizer.

Once the retention period has expired, personal data will be securely deleted, anonymised, or archived in accordance with applicable legal and regulatory requirements. After anonymisation, we may continue to use the data only in a de-identified and aggregated form and will not attempt to re-identify it, except as permitted by law.


9. Security

We implement appropriate technical and organisational measures to protect personal data, including access controls, encryption in transit, backups, least-privilege permissions, vendor due diligence, and staff awareness.

No system is 100 % secure; we maintain incident response processes and will notify where legally required.


10. Your rights

Under the EU General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct any inaccurate or incomplete information.
  • Erasure (“Right to be Forgotten”): Request deletion of your data in certain circumstances.
  • Restriction: Ask us to limit the processing of your data in specific situations.
  • Objection: Object at any time to processing based on our legitimate interests or for direct marketing.
  • Data Portability: Request to receive the data you have provided to us in a structured, commonly used, and machine-readable format, and have it transferred to another controller where technically feasible.
  • Withdraw Consent: Withdraw your consent at any time (this does not affect processing carried out before withdrawal).
  • Lodge a Complaint: Submit a complaint to a data protection supervisory authority if you believe your rights have been infringed.

To exercise any of these rights, please contact us as described in Section 1.


11. Supervisory authority

If you have concerns about how your personal data is handled, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon):

Website: https://www.aki.ee/en
Address: Tatari 39, 10134 Tallinn, Estonia 

Phone: +372 627 4135
Email: info@aki.ee

We encourage you to contact EstBAN first so we can address your concerns directly before you approach the supervisory authority.


12. How To Contact Us

If you have any questions about this Privacy Policy or how we process your personal data, please contact us:

Email: info@estban.ee

We aim to respond to all inquiries within 30 days. If your request is complex or requires additional time, we will inform you of the delay and explain the reasons.


13. Changes To This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings.
Significant updates will be highlighted on this page, and where appropriate, we will notify you by email or through relevant contact channels.

We encourage you to review this page periodically to stay informed about how we protect your personal data.

Navigate

Investors

Startup

Partners

About

Events

News

Join us

As a member

As a fund member

As a partner

Contact us

MTÜ Eesti Äriinglite Assotsiatsioon
Pärnu mnt 12, 10146 Tallinn, Workland Vabaduse
info@estban.ee
Privacy policy

Instagram