Privacy policy and use of cookies

EKE – AS EKE, registry code 10046500, and the subsidiaries under its management (EKE Group), which process personal data as the chief processor and authorised processor or in whose interests the processing of personal data is carried out.

In the data protection terms, ‘individual’ refers to a natural person who has entered into a rental or service agreement with EKE, is a contact person for an EKE partner, an employee, a member of the managing body, an EKE employee or managing body member, a participant in the EKE recruitment process, or any other natural person who has provided their personal data to EKE, as well as a visitor to the EKE office building/business centre.

1. Purpose of the privacy policy

The purpose of EKE’s privacy policy is to establish the principles for processing personal data and ensure that personal data processing is carried out in accordance with the conditions set out in the Personal Data Protection Act, as well as to inform individuals whose personal data EKE may process, particularly the contact persons of EKE’s business clients and cooperation partners, EKE employees, and visitors.

The processing of personal data is based on the European Union General Data Protection Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data, the Personal Data Protection Act, the Employment Contracts Act, the Law of Obligations Act, and other legal acts related to the processing of personal data, as well as EKE’s internal work procedures and principles, and the contracts concluded with individual employees.

The privacy policy outlines the data EKE processes and the rights individuals have concerning the processing of their data.

EKE’s privacy policy terms do not apply to those EKE Group companies that independently process personal data.

2. How EKE processes personal data

2.1. EKE processes personal data while ensuring appropriate security, including protection against unauthorised or unlawful processing, as well as accidental loss, destruction, or damage. EKE processes personal data only to the extent necessary to achieve the purposes for which the data is collected.

2.2. EKE processes personal data if at least one of the following conditions is met:

the individual has given consent to the processing of their personal data for one or more specific purposes;
processing of personal data is necessary for the performance of a contract entered into with the individual (including an employment contract) or for taking measures prior to entering into a contract;
processing of personal data is necessary for EKE as the data controller or processor in order to perform obligations prescribed by the law;
processing of personal data is necessary to prevent, detect, and deter offenses related to the protection of property and assets (theft and vandalism etc.), ensure the safety of individuals, and identify unauthorised presence in buildings and/or on the premises owned or managed by EKE;
processing is necessary for the purposes of the legitimate interests pursued by EKE as the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

2.3. EKE processes personal data as a data controller when the data is collected for the purpose of concluding a contract with a legal or natural person, fulfilling an existing contract, including employment contracts, participating in recruitment and selection processes, or for other relevant purposes.

2.4. EKE processes personal data as a data processor when collecting personal data for transfer to a service provider, for instance, if an individual wishes to order services from a third party through EKE. In such cases, the service provider (e.g., a provider of support services such as legal services, recruitment services, archiving services, etc.) to whom EKE transfers the relevant data acts as the data controller.

EKE processes personal data as a data processor, providing administrative services to apartment associations, which are the data controllers in this case.

3. Personal data being processed

The personal data being processed may include the individual’s first and last name, date of birth and/or personal identification code, telephone and/or mobile number, email address, address, payment method used for rent or service payments, bank account number, photo, video recordings, network identifiers (e.g., IP address), background check data, interview data, health data, and other information provided to EKE for the purpose of concluding or fulfilling a contract with EKE.

4. Use of personal data and purposes of processing

4.1. EKE processes personal data based on legitimate interest in accordance with the requirements established by law, for purposes such as concluding and fulfilling contracts, including employment contracts, issuing invoices, etc; fulfilling legal obligations, such as complying with the obligation to provide information as required by law, accounting, anti-money laundering obligations, and similar tasks; and based on the individual’s consent.

4.2. Depending on the circumstances, EKE may process the following data on the basis of legitimate interest:

4.2.1. Name and contact details (email, phone) to address issues related to the provision of services, for example.

4.2.2. The bank account number, which is used to pay an individual’s wages or other remuneration based on an employment or other legal relationship.

4.2.3. An individual’s background check data, (job) interview data, and health data that are used during the recruitment and selection process to find a suitable employee and conclude an employment contract, with health data collected to determine whether the applicant’s health condition allows them to perform the duties of the offered position. The purpose of retaining data collected during the recruitment process is to protect the rights of both EKE and the employer, as well as to enable EKE to make job offers to applicants who were not selected or to invite them to participate in future competitions.

4.2.4. In EKE buildings and properties through monitoring devices (surveillance cameras) and security systems (personalised access cards and chips) used for the protection of individuals and property, data obtained include video recordings, photos, and log data from security systems regarding individuals’ movements.

EKE informs individuals about the use of video recording systems by placing a visible notice about video surveillance at the entry points to areas monitored by the video recording system. EKE does not use video recording systems in break areas, toilets, changing rooms, or other spaces intended for private use by individuals or employees.

4.2.5. Email and cloud services associated with the EKE domain, as well as employee computers connected to EKE information systems and external data carriers, are monitored for the purposes of performance and efficiency analysis, detecting misuse, protecting EKE property, ensuring and verifying the fulfilment of obligations arising from employment contracts, as well as managing work processes, improving the use of work tools, and verifying their intended use. EKE may process all correspondence and data exchanges where there is a legitimate interest.

4.3. To fulfil legal obligations, EKE processes personal data for purposes such as compliance with requirements related to accounting, anti-money laundering, and other legally established obligations (e.g., transferring employee data to the Employment Register, Unemployment Insurance Fund, Health Insurance Fund, Tax and Customs Board, Labour Inspectorate, Technical Regulatory Authority, police) and to ensure the performance of contracts concluded with employees, as well as to protect EKE’s violated or disputed rights (e.g., transferring data to courts, law enforcement agencies, or legal service providers). The processing of personal data for the aforementioned purposes does not require the individual’s consent.

4.4. With the individual’s consent, EKE processes personal data for which the individual has given their consent – for example, to receive advertisements, personal data provided to EKE when contacting EKE (e.g., inquiries made to EKE, applications and documents sent by job applicants, data obtained while using the EKE website).

4.5. EKE uses cookies on its website, the function of which is to collect statistics about website traffic, speed up website usage, and make it more convenient for users. This information will allow EKE to keep its website up-to-date and make information more accessible to the visitor. You can read more about cookies in EKE’s terms of use of cookies.

5. Communication of personal data to third parties

5.1. EKE may communicate the client’s personal data to third parties that provide services to EKE, with whom EKE has entered into a contract and who are required to ensure appropriate safeguards for the processing of personal data.

For example: EKE communicates personal data to service providers to the extent necessary, for example, to access office spaces in order to ensure their maintenance, telecommunications connections, etc.

5.2. EKE may use personal data for the protection of its rights or in the course of carrying out audits or other controls. In this regard, it may communicate to third parties, for example, the personal data of a member of the management board or an employee of a counterparty to the extent necessary.

6. Principles of data retention and security

6.1. EKE processes the client’s personal data in accordance with the requirements provided for by legislation. EKE takes all precautionary measures (including administrative, technical and physical measures) to ensure the protection of the personal data of its clients. Access to data processing is granted only to authorised individuals.

6.2. EKE does not transfer or disclose collected personal data to third parties without the individual’s prior consent, a legal obligation, or a right established in these terms.

6.3. EKE stores personal data as long as necessary to achieve the processing purpose, but no longer than until the expiration dates prescribed by applicable law. When the legally prescribed period for retaining personal data has expired or the collected data is no longer necessary for achieving the purposes, EKE deletes or destroys the collected data.

For example: In case of disputes related to payments, personal data is retained until the claim is fulfilled or the expiry of the limitation period; Log data from physical access tools (cards, door codes, etc) is generally retained in security systems and associated central servers for up to 12 months. Data collected through video recording systems is generally retained in security systems and associated central servers for up to 90 days. Personal data of job applicants collected during the recruitment and selection process is retained electronically in the recruitment database and in paper form in lockable filing cabinets for up to 12 months from the fulfilment of the data collection purpose, unless the applicant has given consent for the further retention of their personal data.

6.4. If an individual suspects that their personal data has been handled contrary to what is described in EKE’s data protection terms and/or there is a risk that the data has been leaked to unauthorised parties, we ask the individual to immediately notify EKE of such an incident via email at .

7. Withdrawal of consent, access to personal data, deletion, and retention

7.1. If personal data is processed based on the individual’s consent, the individual has the right to withdraw their consent.

7.2. The individual has the right to access their personal data at any time, to receive a copy thereof and to request the correction or deletion of their personal data.

An individual does not have the right to request the deletion of their personal data if the law provides otherwise, for example, when such data must be retained for EKE’s accounting purposes or for other reasons to protect EKE’s rights.

7.3. To request the deletion of personal data or withdraw consent for the processing of personal data, the individual must send a signed application to EKE’s email address at or mail the application to AS EKE, Liivalaia 14, Tallinn 10118.

EKE will respond to the individual’s request without undue delay, but no later than one calendar month from receiving the request.

7.4. Personal data is stored electronically on servers located in Estonia and within the territory of European Union Member States or in paper format at EKE’s premises.

5. Communication of personal data to third parties

6. Principles of data retention and security

6.2. EKE does not transfer or disclose collected personal data to third parties without the individual’s prior consent, a legal obligation, or a right established in these terms.

7. Withdrawal of consent, access to personal data, deletion, and retention

7.1. If personal data is processed based on the individual’s consent, the individual has the right to withdraw their consent.

7.2. The individual has the right to access their personal data at any time, to receive a copy thereof and to request the correction or deletion of their personal data.

EKE will respond to the individual’s request without undue delay, but no later than one calendar month from receiving the request.

7.4. Personal data is stored electronically on servers located in Estonia and within the territory of European Union Member States or in paper format at EKE’s premises.

8. Settlement of disputes

For questions related to data protection, please contact us at or send a letter/application/request by mail to AS EKE, Liivalaia 14, Tallinn 10118.

The supervisory authority is the Republic of Estonia Data Protection Inspectorate, email address .

9. Use of cookies

www.eke.ee website uses cookies to ensure a better user experience.

1. A cookie is a small text file that is stored on the device of a visitor to EKE’s website (for example, a computer, tablet, or mobile phone). Cookies essential for the proper functioning of the website may be added to the visitor’s device during their visit without the visitor’s consent. All other cookies must be approved before being stored in the browser. Cookies do not pose any risk to your computer or smart device. EKE informs you of the use of cookies in the pop-up window that appears upon visiting the website.

2. The purpose of cookies is to make navigation on the website more convenient and provide a more personalised user experience, speed up website usage, and collect statistical data on website traffic. This information will help EKE to keep its website up-to-date and make information more accessible to the website visitor.

3. Cookies ensure:

ensuring the website functions according to the visitor’s expectations, including remembering the visitor’s settings and preferences;
collecting the visitor’s usage habits and statistical data, and tailoring marketing messages and personalised offers according to the visitor’s preferences;
facilitating the sharing of website content on social media;
improving the website’s security and speed;
collecting data for planning the website’s development;

4. EKE uses persistent cookies on its website to remember the visitor’s preferences. EKE’s persistent cookies remain on the visitor’s device even after closing the website. Persistent cookies have different expiration periods and are valid within the designated timeframe for each persistent cookie. Persistent cookies are activated on the device that stored the cookie each time you visit the EKE website.

5. Other types of cookies:

Necessary cookies help improve the usability of the EKE website by enabling essential functions such as navigation between pages and access to protected areas of the website. The website does not function properly without these cookies.
Preference cookies allow a website to retain information that changes the way the website functions or looks – for example, your preferred language or location.
Statistical cookies help website owners understand how visitors interact with the website by collecting and reporting data anonymously.
Advertising cookies are used to track visitors across different websites. The purpose is to show the user advertisements that are relevant and interesting to them, making them more valuable to publishers and third-party advertisers.
Unclassified cookies are cookies that we classify together with individual cookie providers.

6. Third-party cookies:

Google also uses conversion cookies, the main purpose of which is to help identify how many people who clicked on EKE ads show interest in the real estate developments offered by EKE. Google does not use conversion cookies for personalised advertising targeting, and their storage period is limited. The use of such cookies is governed by the privacy policies of the installers Google’s cookie policy can be found at https://www.google.com/policies/technologies/cookies/, https://www.googleadservices.com.

7. Managing cookies and opting out of cookies

If cookies are blocked or deleted, EKE cannot guarantee the proper functioning of the website, and the visitor may lose access to certain website features.

You can manage the use of cookies through the options available in the cookie settings popup window that appears when you enter the EKE website.

You can also opt out of cookies by changing the settings of your browser on the device you are using and deleting the stored cookies.

8. Changing the cookie settings in your browser affects every website that you visit.

Most browsers can be configured to prevent cookies from being stored on your device, but in this case, you will need to manually adjust certain preferences each time you visit a website, and some services and features may not function properly (e.g., logging in).

It is important to note that if a third-party opt-out link is used to block a cookie, it may not delete the cookie from the browser, but only block its further use.

To be sure that a cookie is deleted, you must do it manually in your browser.

Managing cookies in different browsers: