
Data Protection & Privacy Policy
Introduction
​
Data protection, privacy, and security are at the core of Tech Legality’s business, and consequently we place very high value on your privacy. Tech Legality has implemented technical and security measures to optimise the security of your personal data. Information is stored on secure drives and access is strictly restricted to named consultants who are entitled to access our systems.
​
This policy (the “Data Protection and Privacy Policy”) explains which personal data concerning you we collect when you visit our website (the “Website”), when and why we collect the personal data, how we use it, the conditions of our disclosure to third parties, as well has how we secure the stored personal data.
​
Please read the Data Protection and Privacy Policy thoroughly to understand how we process your personal data.
​
The Data Controller:
Tech Legality
Harju maakond, Tallinn, Põhja-Tallinna linnaosa, Saani tn 2/1-2
Estonia, 10149
​
If you have any questions or concerns about Tech Legality’s personal data practices or your privacy rights, you may contact us at info@techlegality.com
​
Tech Legality complies with the EU ePrivacy Directive, including the requirement for website operators to obtain users’ consent prior to creating Cookies. See Tech Legality’s Cookie Policy for more details.
​
How We Collect and Use Your Personal Data
​
Tech Legality collects personally identifiable information in the following ways:
Client Data
​
When Tech Legality contracts with clients we collect personal data from you including
-
First and last name
-
Job title
-
Company
-
Work email address
-
Phone number
​
We rely on fulfillment of contract as the lawful basis under GDPR Article 6(1)(b) for the processing of client data.
​
Human Resources Data
​
Tech Legality hires consultants on a project basis. We no longer maintain a roster of human rights experts due to concerns around data privacy and security where this is hosted by a US company. We have not been able to find a suitable European vendor for this purpose and consequently our roster system is on pause and all personal and non-personal data from our previous roster was deleted in January 2025.
​
Prospective consultants who wish to express an interest in working with us may email us at info@techlegality.com explaining their expertise.
​
When you submit an expression of interest to become a consultant with Tech Legality, we process your personal data in accordance with applicable personal data regulations. This implies that:
-
Your personal data will be treated confidentially
-
We only use your personal data for recruitment purposes
-
We do not disclose your personal data, except for occasionally when communicating with clients for projects you may be working on, and with your prior permission
​
Any personal data received from you with your expression of interest will only be used for the purpose of processing your application and will not be disclosed to third parties.
​
We rely on fulfilment of contract to which the applicant is party or in order to take steps at the request of the applicant prior to entering into a contract as the lawful basis under GDPR Article 6(1)(b) for the processing of Human Resources Data.
​
Website Visitors’ Data
​
In general, website visitors do not need to provide personalized information to Tech Legality. We do collect "aggregate data," that is, group data with no personal identifiers. We use this aggregate data to help us understand how the site is being used and to improve its usability. We also use it to enhance the quality and availability of products and services we offer.
​
Many websites create Cookies (small text files) when a user visits a website, and these Cookies are used to analyse aggregate user behaviour on a website. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier, website’s domain name, and some digits and numbers. In compliance with the EU ePrivacy Directive, Tech Legality’s website asks permission of the visitor prior to setting Cookies. Should the visitor agree, Tech Legality’s server will only collect the following information, depending on the cookies setting you choose:
Necessary cookies
Necessary cookies allow us to offer you the best possible experience when accessing and navigating through our website and using its features. For example, these cookies let us recognize that you have submitted a request through our online form.
Functionality cookies
Functionality cookies let us operate the site in accordance with the choices you make. For example, we will recognize the cookie settings you chose when you initially logged in so that you don’t have to make this selection every time.
Analytical cookies
These cookies enable us and third-party services to collect aggregated data for statistical purposes on how our visitors use the website. These cookies do not contain personal information such as names and email addresses and are used to help us improve your user experience of the website.
Marketing cookies
Marketing cookies are used to target advertising to a site visitor (behavioral targeting). They are often served by third party companies, and track a user across websites.
How to delete cookies?
If you want to restrict or block the cookies that are set by our website, you can do so through your browser settings.
Contacting us
If you have any questions about this policy or our use of cookies, please contact us.
We only use this data to improve the visitor’s website experience.
​
Inquiries
​
When you send an inquiry to us through our contact form, we use the personal data that you have stated in the contact form to answer you. Any personal data received from you will not be used for any other purpose without your prior consent and knowledge and will not be disclosed.
​
We rely on a legitimate interest as the lawful basis under GDPR Article 6(1)(f) for the processing of data in connection to inquiries.
​
Interviews
​
If we contact you to perform stakeholder interviews, any personal data received from you will not be used for any other purpose without your prior consent.
​
Duration of Storage
​
We will store your personal data until these are no longer necessary for us to process. In certain situations, it may be difficult to envisage an exact period, but the below paragraphs list our periods for the processing of your personal data.
​
Client Data
​
-
We store client data as part of projects we are working on for a usual duration of five years for record keeping purposes.
​
Inquiries
​
-
Stored until six months after completion of processing of your inquiry.
​
In general, if we have reason to store your personal data as part of the protection of our legitimate interests, including, for example, legal disputes, we reserve our right to store your personal data for an extended period and minimum until the legal dispute has been determined.
​
Transfer of Your Personal Data
​
We do not rent or sell personally identifiable information with other individuals or organizations.
However, we may transfer your personal data to third parties when it is necessary in order to provide you with our service. Third parties shall mean:
-
Business partners
-
Security-cleared data processors/subcontractors, who are assisting us with IT or other services
​
When we transfer your personal data to business partners, you should be aware that they might have stored personal data concerning you collected by other means, e.g. if you have been in contact with them in another context.
​
We also transfer your personal data to the above or other third parties if we are obliged to do so according to legislation or in order to protect our interests in legal disputes.
​
We rely on a legitimate interest as the lawful basis under GDPR Article 6(1)(f) for the processing of data in connection to transferring personal data to business partners.
​
Your Rights
​
You have the right of access to the personal data we are processing concerning you, as well as to have your personal data updated, rectified, or erased, or to obtain a copy of your personal data. All requests shall be made in writing to info@techlegality.com
​
Transfer of Personal Data to Third Countries
​
Tech Legality partners with various IT vendors from time to time. This will result in a transfer of personal data to a third country or international organisation.
​
In order to ensure a sufficient level of security for such transfer in accordance with the GDPR, Tech Legality has chosen to work only with US vendors that have certified compliance with the EU-U.S. Privacy Shield Framework.
​
Complaints
​
If you want to lodge a complaint over our processing of your personal data, please contact us directly. If we cannot help you, you can lodge a complaint to the national Data Protection Authority.
​
Changes
​
We recognize that data protection and privacy is an ongoing responsibility, so we reserve our right to make changes to this Data Protection and Privacy Policy from time to time as we undertake new personal data practices or adopt new privacy policies, etc. If such changes are substantial, we will notify you via email, if we have your email address.