Privacy Policy

Welcome to (the “Site”), a website managed by EstCap Group OÜ, registry code 16227728 (referred to as “EstCap”, “we”, “us” or “our”). We are specialized in investor onboarding, registry keeping, fund and company administration services, alternative investment management and compliance services for private companies and investment funds (the “Services”).

This Privacy Policy explains in a simple and transparent way what Personal Data we collect, record, store, use, and process and how. By visiting the Site or accessing our Services you accept this Privacy Policy together with our Terms of Use.

This Privacy Policy does not apply to any third-party websites and apps that you may be directed to use when acquiring our Services. You should review the terms and policies of third-party websites and apps before continuing to use any third-party services.

Capitalized terms used but not defined in this Privacy Policy have the meaning given to them and in the Regulation (EU) 2016/679 (General Data Protection Regulation). Please read this Privacy Policy carefully to understand our policies and practices regarding your Personal Data and how we will treat it.

Lawful basis for processing your Personal Data

Processing of Personal Data means every activity that can be carried out in connection with Personal Data such as collecting, recording, storing, adjusting, organising, using, disclosing, transferring, or deleting it in accordance with applicable laws.

We normally collect or use Personal Data from you or others only where we have your consent to do so (e.g. when sending marketing communication), where we need the Personal Data to perform a contract with you (e.g. when providing our Services), or where the processing is in our legitimate interest and not overridden by your protection interests or fundamental rights and freedoms.

Personal Data we collect

For the provision of our Services the Personal Data we may collect and process about you includes:

– identification data (including name, date of birth or personal identification code);

– identity document data (including copy of passport or ID card, issuing country, document number, expiry date,);

– biometric data such as facial identifiers, in case you have been identified via identity verification service provider (e.g. Veriff);

– contact details (including address, telephone number, email address, language etc.);

– communications data (including emails, messages that have been sent to us when providing feedback or contacting our support);

– tax residency data, country of residence, citizenship; – field of activity, educational establishment or occupation;

– financial data (including income, assets, liabilities);

– publicly available relevant data (including information about being politically exposed person (PEP) and checks in public sanction lists);

– source of funds;

– data gathered upon the performance of obligations under the law;

– data related to the use of the Site and the Services (including interaction with our Site, the IP address).

We do not collect any special categories of Personal Data about you.

Please be informed that the exact details of the Personal Data we collect about you may also depend on the scope of the Services we provide to the company you are about to or have invested in. For details, please contact us at

For your verification and identification purposes we use e-identification service provider such as Veriff OÜ. By verifying yourself via our Services, you acknowledge and accept their privacy policy available at

How we collect your personal data

Automatic collection. We automatically collect Personal Data from you and your devices when you use our Services, even when you visit the Site without logging in or signing up to our Service. We automatically collect Personal Data about how you use our Services and the computers or other devices, such as mobile phones or tablets, you use to access our Services. For example:

– IP address;

– Geolocation information that you allow our apps to access;

– Unique device identifiers and device attributes, like operating system and browser type;

– Usage data, such as: web log data, referring and exit pages and URLs, number of clicks, domain names, pages and content viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used our Services, the frequency of your use of our Services, error logs, and other similar information;

– Cookies. To understand what choices you have regarding the cookies, please visit our Cookie Policy.

When provided by you. You provide us with Personal Data about yourself when you:

– Sign-up to our Service or sign-in to your account;

– Verify your identity (via third party service provider);

– Contact us via email, customer support or any other way, as the case may be.

When provided by third parties. Personal Data may be provided to us by our thirdparty partners (for example the service providers connected to our Services) who are legally allowed to share your Personal Data with us.

When provided by the companies or fund initiators to whom we provide the Services and who have legal basis for sharing your Personal Data with us.

How we use your Personal Data

We process your Personal Data in order to:

– perform of a contract with you, in order to provide our Services;

– verify and, if appropriate, rectify and/or supplement and update Personal Data submitted by you;

– collect payments;

– identify and authenticate you (e.g. to register yourself as an investor of an investment fund);

– protect the interests of EstCap, the fund, the fund manager and our other customers;

– for marketing purposes, if you have consented to receive information about out our Services;

– protect our legal rights;

– store, host, back up your Personal Data;

– perform obligations under applicable law;

– monitor, develop and maintain IT systems and software.

Should you have any questions about which data is collected or need further information concerning the lawful basis on which we collect and use your Personal Data, you are welcome to contact us using the contact details provided below.

How we share your Personal Data

You acknowledge and understand that for the provision of our Services we may share your Personal Data as follows:

Third-party service providers. We may share your Personal Data with other companies we use to support the Services. These companies provide services like intelligent search technology, analytics, advertising, payment collection, identification and verification services, fraud detection and customer support. We have contracts with all such service providers that address the safeguarding and proper use of your Personal Data.

Fund initiators/investee companies. Based on your interest in investing to the particular investment fund, instrument or the company, or using other services, we may share your Personal Data with the fund manager or the company.

Marketing partners. We may share your Personal Data with marketing service providers, or other similar parties engaged for marketing activities.

Law enforcement and other governmental agencies. We may disclose Personal Data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.

Our business transactions. We may share your Personal Data during a corporate transaction like a merger, or sale of our assets or as part of the due diligence for such contemplated transactions. If a corporate transaction occurs, we will provide notification to our customers.

We may share your Personal Data in other ways if you have asked us to do so or have given specific consent (for example, receiving a marketing communication).

Most of the third-party service providers are considered data processors. In certain cases, the third-party service providers may be considered data controllers or organisations processing such Personal Data, not as data intermediaries. These service providers are for example our attorneys, auditors, insurers, banking partners and accountants who perform certain activities on behalf of us and are subject to data processing rules as independent controllers. Some of these third-party service providers may be located outside the country where you accessed the Services.

We require all third-party service providers to maintain appropriate technical and organisational measures to meet the requirement of applicable law and protect your rights. Transmission of your Personal Data outside EEA.

You acknowledge that your Personal Data is processed in Member States of the European Union or the European Economic Area (EU/EEA), where an adequate level of data protection is ensured.

Should there be a need to transfer your Personal Data from the EEA to a jurisdiction outside these countries/regions, it is done so only subject to appropriate safeguards as set out by applicable law, giving the required protection to your Personal Data under applicable data protection laws.

Retention of your Personal Data

We only retain the Personal Data collected from you for as long as your account with us is active or otherwise for a limited period of time as long as we need it to fulfil the purposes for which we have initially collected it, unless otherwise required by law.

We will retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements as follows:

– payment information is retained for a period of 7 years according to the Estonian accounting and taxation laws;

– backups are kept for 6 months;

– identification and verification data is retained for a period of 5 years from terminating the termination with us;

– information on legal transactions is retained for a period of 10 years in accordance with the general limitation period set for civil claims in the Estonian General Part of the Civil Code Act.

Your rights regarding your Personal Data

You have the following rights in relation to your Personal Data:

Request access to your Personal Data. This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights).

– Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

– Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us to continue to process it. However, we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

– Object to processing of your Personal Data. This enables you to object to the processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes.

– Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data.

– Withdraw a consent you have given to us. This enables you to withdraw consent at any time where we are relying on consent to process your Personal Data this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or Services to you.

– Request the transfer. This enables you to request the transfer of your Personal Data to you or to a third-party.

– The right to submit a complaint. Should you be unsatisfied with the way we have responded to your concerns, you have the right to submit a complaint to us. Please send your request to We may ask you to send your request from an e-mail address you have used to sign up for our Services. In other cases, we reserve the right to ask for additional details about you to help us to identify you. This is a security measure to ensure that your Personal Data is not disclosed to any other person who has no right to receive it. We try to respond to all legitimate requests within one month.

You can also contact the data protection authority in your country. The Estonian Data Protection Inspectorate is the lead data protection supervisory authority for EstCap (registered office at 19 Väike-Ameerika St., 10129 Tallinn, phone nr + 372 627 4135, e-mail

How we use cookies

We may make use of browser “cookies.” Cookies are small pieces of information that are stored by your browser on your computer’s hard drive when you use our Services. They allow us to see if you have logged in, checked your status as a subscriber or user, and facilitate access to your preferences. Cookies can be deleted from your device if you wish. Most web browsers automatically accept cookies, but you can change your browser settings to prevent that. Certain parts of our Services will not function properly if the usage of cookies is blocked. We are not liable for any loss of functionality or quality of the Services if usage of cookies is blocked.

We may also use tracking software to monitor customer traffic patterns and the usage of our Services for research and development purposes, customer engagement and also to keep you informed of our activities.

How we protect your Personal Data

We take appropriate technical and organisational measures to ensure the confidentiality and integrity of your Personal Data and the way it’s processed. We apply an internal framework of policies and minimum standards to keep your Personal Data safe. To help us continue to protect your Personal Data, you should always contact us if you suspect that your Personal Data may have been compromised.

Changes to this Privacy Policy

We may amend this Privacy Statement to remain compliant with any changes in law and/or to reflect how we process Personal Data. The changes will be posted on our Site. Where we are required to seek further consents under applicable law, we will do so.

How to contact us

To ask questions or comment about this Privacy Policy and our privacy practices, contact us by email at