Infragate Eesti Plc. (henceforth Infragate) adheres to the requirements and principles stipulated in this policy. Infragate values the privacy of individuals and the protection of personal data. As such, we have compiled this privacy policy that stipulates the purposes and conditions of processing data, as well as the rights associated with the data subjects’ personal data. Infragate commits to protecting personal data and maintaining its confidentiality, and guarantees legal data processing.

  1. Notions

    1. Personal data - information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    2. Data processing - any operation or set of operations, which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

    3. Responsible data processor - a physical or legal person, public sector or local government institution that acts as the primary personal data collector. The responsible data processor determines the aims and methods of processing data.

    4. Authorised data processor - a physical or legal person, public sector or local government institution that processes personal data as tasked or instructed by the responsible data processor.

    5. Third person - a physical or legal person, public sector or local government institution.

    6. Personal data breath - a security incident that leads to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

    7. Data subject – the person whose data is processed.

  1. Principles

    1. Infragate processes data according to the following principles:

      1. The principle of legality, fairness and transparency - data is processed legally and fairly, and transparently to the data subject;

      2. The principle of purpose limitation - personal data is collected for precisely, clearly and legally set aims, and will not be processed later contrary to these aims;

      3. The principle of collecting as little data as possible - personal data is relevant, important and limited to the data necessary for the processing purpose;

      4. The principle of accuracy - personal data is accurate and updated as necessary, and all reasonable measures are implemented to immediately delete or amend data that is inaccurate for the data processing purpose;

      5. The principle of a limit on storage - personal data is stored in a way that enables identifying the data subject only until necessary for the purpose the data is processed;

      6. The principle of reliability and confidentiality - personal data is processed so as to guarantee the due safety of personal data, incl. protection against unauthorised or unlawful processing and accidental loss, destruction or damage, by implementing the required technical and organisational measures.

  1. Secure Data Processing

    1. Based on the principle of reasonableness, Infragate implements a variety of organisational, physical and IT security measures to protect personal data.

    2. Infragate may use authorised data processors to process personal data and provide services. Infragate guarantees that the authorised data processors process personal data according to Infragate’s instructions and valid law, and implement the required safety measures. Non-disclosure agreements have been concluded with all authorised data processors.

    3. Infragate will immediately inform data subjects of a personal data breach.

  1. Types of Personal Data

    1. Infragate processes personal data received directly from the data subject and personal data that Infragate comes into contact with while providing its services.

    2. Infragate processes the personal data listed below:

      1. First and family name;

      2. Personal identity code;

      3. Email address;

      4. Phone number;

      5. Address;

      6. Webpage analytics;

    3. Infragate is the responsible data processor and adheres to all confidentiality principles to guarantee the individual’s right to privacy.

    4. Only people authorised by Infragate can amend and process personal data.

  1. Purposes of Processing Personal Data

    1. Infragate processes personal data to perform its legal obligations and to perform and to guarantee performance of a contract, according to permission or legitimate interest.

    2. The personal data listed in clause 4.2 of this privacy policy is processed to:

      1. Coordinate plans with real estate owners;

      2. Forward important information related to current projects;

      3. Conclude contracts;

      4. Submit invoices for provided services; and

      5. For project administration purposes.

  1. Third and Authorised Persons

    1. Infragate may transfer only personal data to third and authorised persons if strictly required and for the following purposes:

      1. Transferring personal data to the contractor to work on a project;

      2. Improving the webpage’s user experience.

    2. Infragate confirms that it only transfers personal data to third and authorised parties that implement sufficient security measures to guarantee the security of personal data.

  1. The Rights of the Data Subject

    1. The data subject may request the deletion of personal data.

    2. The data subject may request information concerning his/her personal data that he/she has submitted to Infragate.

    3. The data subject may impose limits on data processing.

    4. The data subject may file a complaint regarding how Infragate processes personal data to the Estonian Data Protection Inspectorate.

  1. Storing Personal Data

    1. Personal data will be archived once the project is completed and will be deleted from the archive five years after the contract is terminated, unless Infragate has filed a legal claim that implements different terms for storing personal data.

  1. Cookies

    1. The website managed by Infragate,, may use cookies to improve the user experience.

    2. A cookie is a small piece of data sent from a website and stored on the user's device. We use cookies to:

      1. Collect anonymous and general statistics regarding the number of visitors to the website and information on how the website is used in order to improve the website and make it more user friendly.

    3. If you do not agree to the use of cookies, you may block cookies on your device. To do so, you will need to change the settings on your web browser. The website may not work properly and you may not have access to all services when you block cookies.

  1. Amendments to the Privacy Policy

    1. Infragate values privacy and regularly updates this privacy policy. The most up-to-date privacy policy is displayed on our webpage.

  1. Contact

    1. If you have any questions, concerns or proposals concerning the processing of personal data, please contact the responsible employee at

      This email address is being protected from spambots. You need JavaScript enabled to view it.

      or by phone at 626 7777.