Company for Business logo

COOKIE POLICY

1. Introduction

This Cookie Policy explains how Company for Business OÜ (“we”, “us”, or “our”) uses cookies and similar tracking technologies on our website www.companyforbusiness.ee (the “Website”). It describes what cookies are, which cookies we use, why we use them, and what rights you have in relation to them.

This Cookie Policy is an integral part of our Privacy Policy and should be read together with it. By visiting our Website, you acknowledge that you have read and understood this Cookie Policy.

This Cookie Policy has been drawn up in accordance with the following applicable legislation:

  • The Electronic Communications Act of Estonia (Elektroonilise side seadus, “ESS”), in particular § 102, which implements Article 5(3) of Directive 2002/58/EC (the ePrivacy Directive) as amended by Directive 2009/136/EC;
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, “GDPR”);
  • The Personal Data Protection Act of Estonia (Isikuandmete kaitse seadus, “IKS”) (RT I, 04.01.2019, 11);
  • The guidelines and recommendations issued by the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, “AKI”) and the European Data Protection Board (“EDPB”).

2. What Are Cookies?

A cookie is a small text file that a website stores on your device (computer, tablet, smartphone, or other internet-connected device) when you visit it. Cookies are widely used to make websites work more efficiently, to provide functionality, and to collect information about how users interact with websites.

Cookies are set either by the website you are visiting (“first-party cookies”) or by third-party services operating on that website (“third-party cookies”). Cookies can be either “session cookies”, which are deleted when you close your browser, or “persistent cookies”, which remain on your device for a defined period or until you delete them manually.

In addition to traditional cookies, we may also use similar technologies such as web beacons, pixel tags, local storage objects, and fingerprinting techniques. For the purposes of this Cookie Policy, all such technologies are collectively referred to as “cookies”.

Depending on the type of cookie and the information it processes, cookies may or may not involve the processing of personal data. Where cookies involve the processing of personal data, such processing is carried out in accordance with the GDPR and the IKS, as further described in our Privacy Policy.

3. Legal Basis for Using Cookies

Under § 102 of the Estonian Electronic Communications Act (ESS), which transposes Article 5(3) of the ePrivacy Directive into Estonian law, the storage of information on a user’s device or the reading of information already stored on a user’s device is only permitted if:

  • the user has given their prior, informed, and freely given consent; or
  • the cookie is strictly necessary for the provision of an information society service explicitly requested by the user (i.e. technically essential cookies).

For cookies that involve the processing of personal data, the lawful bases under the GDPR include:

  • Consent (GDPR Article 6(1)(a)): for analytics, functional, and marketing cookies where we ask for your agreement before placing them;
  • Legitimate interests (GDPR Article 6(1)(f)): only in limited circumstances and where such interests are not overridden by your interests or fundamental rights.

Strictly necessary cookies do not require consent under the ESS and are placed on the basis of the legitimate operation of the Website. For all other cookies, we will ask for your consent through our cookie consent banner, which appears when you first visit the Website. You may withdraw your consent at any time as described in Section 6 of this Cookie Policy.

Consent given through the cookie banner is recorded and timestamped in accordance with GDPR Article 7 and EDPB Guidelines 05/2020 on consent. We maintain records of consent for as long as necessary to demonstrate compliance.

4. Categories of Cookies We Use

4.1 Strictly Necessary Cookies

These cookies are essential for the Website to function properly. They enable core functionality such as page navigation, security, access to restricted areas, and basic user interface elements. Without these cookies, services you have requested cannot be provided.

Strictly necessary cookies do not require your consent under § 102(3) of the ESS and are placed automatically when you visit the Website. You cannot opt out of these cookies through our consent mechanism; however, you may disable them via your browser settings, though this may render the Website non-functional or significantly impaired.

Examples of strictly necessary cookies we use include:

  • Session management cookies that maintain your session state as you navigate between pages;
  • Security cookies that support authentication and protect against cross-site request forgery (CSRF);
  • Cookies that store your cookie consent preferences so that we do not repeatedly ask for your consent.

4.2 Analytics and Performance Cookies

Analytics cookies help us understand how visitors interact with our Website by collecting and reporting information anonymously or pseudonymously. This information helps us improve the Website’s structure, content, and performance. Analytics cookies require your prior consent.

We use Google Analytics, a web analytics service provided by Google LLC (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses cookies to collect information about your use of the Website, including your IP address (which is anonymised before storage), the pages you visit, the time and duration of your visit, the source of your visit, and your browser and device information.

The information generated by Google Analytics cookies about your use of the Website is transmitted to and stored on Google’s servers, which may be located in the United States or other countries outside the European Economic Area (EEA). Where data is transferred to the United States, such transfer is subject to the EU–US Data Privacy Framework or, where applicable, Standard Contractual Clauses adopted by the European Commission pursuant to GDPR Article 46(2)(c).

You can opt out of Google Analytics tracking at any time by adjusting your consent preferences in the cookie banner, or by installing the Google Analytics Opt-out Browser Add-on available at https://tools.google.com/dlpage/gaoptout.

Specific analytics cookies we use include:

  • _ga: Registers a unique ID to generate statistical data on how you use the Website. Expires after 2 years.
  • _ga_*: Used by Google Analytics 4 to persist session state. Expires after 2 years.
  • _gid: Registers a unique ID to generate statistical data on how you use the Website. Expires after 24 hours.
  • _gat or _gat_gtag_*: Used to throttle the request rate. Expires after 1 minute.

4.3 Functional Cookies

Functional cookies allow the Website to remember choices you make (such as your preferred language, region, or other settings) and provide enhanced, more personalised features. These cookies may also be used to provide services you have requested, such as watching a video or commenting on content. Functional cookies require your prior consent.

Examples of functional cookies include:

  • Cookies that remember your language or regional preferences;
  • Cookies that remember whether you have previously dismissed certain notifications or banners;
  • Cookies that enable embedded content such as videos or maps to function.

4.4 Marketing and Targeting Cookies

If we deploy marketing or retargeting tools on the Website, marketing cookies may be used to track visitors across websites in order to display ads that are relevant and engaging to the individual user. These cookies also help us measure the effectiveness of advertising campaigns. Marketing cookies require your prior consent.

At present, we do not operate paid advertising campaigns that use marketing or targeting cookies. If we introduce such cookies in the future, this Cookie Policy will be updated and you will be asked for your consent before any such cookies are placed on your device.

4.5 Third-Party Cookies

Our Website may contain links to or embedded content from third-party websites and services. These third parties may place their own cookies on your device, subject to their own cookie and privacy policies. We do not control these third-party cookies and are not responsible for them. We encourage you to review the privacy and cookie policies of any third-party services you use.

Third parties whose cookies may be present on our Website include:

  • Google LLC (Google Analytics) – for website analytics as described in Section 4.2 above;
  • Any other third-party services that may be integrated into the Website from time to time, in which case this Cookie Policy will be updated accordingly.

5. Cookies and Personal Data

Some cookies we use may involve the processing of personal data, including IP addresses, device identifiers, or browsing behaviour. Where cookies process personal data, we act as the data controller within the meaning of GDPR Article 4(7), and the processing is subject to the GDPR, the IKS, and our Privacy Policy.

We do not use cookies to build individual user profiles for profiling purposes unless you have given your explicit consent for such processing. Where third-party cookies (such as Google Analytics) collect pseudonymous data, we have implemented IP anonymisation to further reduce the risk of identification.

The legal bases for processing personal data through cookies are set out in Section 3 of this Cookie Policy. Retention periods for data collected through cookies are determined by the cookie lifespan and the purposes for which the data is collected. We do not retain personal data collected through cookies for longer than is necessary for the stated purpose.

6. How to Manage and Control Cookies

6.1 Cookie Consent Banner

When you first visit our Website, a cookie consent banner will be displayed. You can use the banner to:

  • Accept all cookies, including analytics and functional cookies;
  • Reject all non-essential cookies, in which case only strictly necessary cookies will be placed;
  • Customise your cookie preferences by selecting which categories of cookies you consent to.

Your cookie preferences will be saved for a period of 12 months. At any time, you can change your cookie preferences by clicking the “Cookie Settings” link in the footer of the Website. Any change in preference will take effect immediately for new cookies, though existing cookies already placed on your device will remain until they expire or are deleted manually.

6.2 Browser Settings

In addition to our consent banner, you can manage or delete cookies directly through your browser settings. Most browsers allow you to:

  • View the cookies stored on your device;
  • Delete individual or all cookies;
  • Block cookies from all websites or from specific websites;
  • Configure your browser to alert you when a cookie is being set.

Instructions for managing cookies in common browsers are available at the following links:

  • Google Chrome: https://support.google.com/chrome/answer/95647
  • Mozilla Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
  • Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge
  • Apple Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
  • Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Please note that restricting or deleting cookies may affect the functionality of the Website, and some features may not work as intended if cookies are disabled.

6.3 Opt-Out Tools Provided by Third Parties

Where third-party services place cookies on our Website, those third parties may also provide their own opt-out mechanisms:

  • Google Analytics opt-out browser add-on: https://tools.google.com/dlpage/gaoptout
  • Google’s general privacy controls: https://myaccount.google.com/data-and-privacy
  • Network Advertising Initiative (NAI) opt-out: https://optout.networkadvertising.org/
  • Your Online Choices (for European users): https://www.youronlinechoices.eu/

7. Your Rights

As a data subject under the GDPR and the IKS, you have the following rights with respect to personal data processed through cookies:

  • Right to information (GDPR Articles 13–14): You have the right to be informed about the personal data we collect and how we process it.
  • Right of access (GDPR Article 15): You have the right to obtain confirmation of whether we are processing personal data about you and to receive a copy of that data.
  • Right to rectification (GDPR Article 16): You have the right to have inaccurate personal data corrected and incomplete data completed.
  • Right to erasure (GDPR Article 17): You have the right to request the deletion of your personal data in certain circumstances, including where the data is no longer necessary for the purpose it was collected, or where you withdraw consent.
  • Right to restriction of processing (GDPR Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to data portability (GDPR Article 20): Where processing is based on consent or a contract, you have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object (GDPR Article 21): You have the right to object to the processing of your personal data where processing is based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent (GDPR Article 7(3)): Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal.
  • Right to lodge a complaint (GDPR Article 77): You have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or any other competent supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

To exercise any of these rights, please contact us using the contact details in Section 9. We will respond to your request within one month of receipt, as required by GDPR Article 12. This period may be extended by a further two months where requests are complex or numerous, in which case we will inform you of the extension and the reasons for it.

8. Supervisory Authority

The competent supervisory authority for data protection matters in Estonia is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, “AKI”). If you believe that our processing of your personal data, including through the use of cookies, infringes the GDPR or applicable Estonian data protection legislation, you have the right to lodge a complaint with the AKI.

Contact details for the Estonian Data Protection Inspectorate:

  • Address: Tatari 39, 10134 Tallinn, Estonia
  • Telephone: +372 627 4135
  • Email: [email protected]
  • Website: www.aki.ee

You may also contact the supervisory authority in the EU member state where you habitually reside or work, or where the alleged infringement took place.

9. Contact Us

If you have any questions, concerns, or requests relating to this Cookie Policy or to the processing of your personal data through cookies, please contact us:

  • Company: Company for Business OÜ
  • Registration number: 14589114
  • Address: Tartu mnt 83-407, Kesklinna linnaosa, 10115 Tallinn, Harju maakond, Estonia
  • Website: www.companyforbusiness.ee

We will make every effort to address your query promptly and no later than within the statutory time limits set out under the GDPR.

10. Changes to This Cookie Policy

We reserve the right to amend or update this Cookie Policy at any time in order to reflect changes in the cookies we use, changes in applicable law or regulatory guidance, or for other operational, legal, or regulatory reasons.

When we make material changes to this Cookie Policy, we will notify you by updating the “Last updated” date at the top of this document and, where appropriate, by displaying a notification on the Website. If changes affect cookies that require consent, the cookie consent banner will reappear to allow you to review and accept or reject the updated cookies.

We encourage you to review this Cookie Policy periodically to stay informed about how we use cookies. Your continued use of the Website after the effective date of any changes constitutes your acknowledgement of those changes. Where changes require your consent, we will seek your renewed consent through the appropriate mechanism.

Previous versions of this Cookie Policy are available on request by contacting us using the details provided in Section 9.

This Cookie Policy was prepared in compliance with the Electronic Communications Act (ESS) § 102, Regulation (EU) 2016/679 (GDPR), and the Personal Data Protection Act (IKS) of Estonia. This document does not constitute legal advice. Company for Business OÜ, registration number 14589114.