Privacy policy


Hi! Welcome to our Privacy Policy and glad to see that you care about your personal information. 

We are eAgronom OÜ, a company registered in Estonia with the registration number 14092394.

Our registered address is Tartu maakond, Luunja vald, Veibri küla, Järvekalda tee 10, 62220.

In this Privacy Policy we will give you an overview on how we collect, use, and process your personal data when you use our Website and our Platform. 

Please read this Policy carefully, as it becomes legally binding when you use our Software and access our Website. We take privacy and protection of your data very seriously and are committed to responsibly handling the personal information of those we engage with and in a way that meets the legal requirements of the countries in which we operate. This Policy should be read together with our relevant agreement you have signed with us and our Cookie Policy.


Agreement - means the Agreement between you and eAgronom regarding any services.

Data controller - means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Data processor - means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.

Data processing - means activities which are performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

eAgronom, we, us, our - means eAgronom OÜ, Estonian registry code 14092394.

EEA - means the European Economic Area

GDPR - means the Regulation (EU) 2016/679, referred to as “the General Data Protection Regulation”

Services - means the services that we provide to you under the Agreement.

KYC - means “know-your-client”, a regulatory obligation to identify and verify the clients who use our services

Personal data - means any information relating to an identified or identifiable physical person - an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the identity of that natural person.

Platform - means our software through which we will provide to you the Services. 

Policy - this privacy policy, as amended from time to time and made available in the Platform and the Website.

Website - means the website of eAgronom OÜ, currently:

What data do we collect about you?

When you sign up to use our Services, we need to process your personal data. On a high level, we use and process the following data:

  • Personal details

    • Such as your full name.

  • Contact information

    • Such as your email address and phone number. 

  • Data on how you use the Services - various statistics on your Service usage, for example how many times you use our Platform;

  •  Data to facilitate the usage of the Services - for example your login details and the password, invoice information), browser type and version, time zone settings, operating system of your device to access the Platform.

How we specifically process your personal data, please find a detailed overview of personal data processing in the Annex 1 below. Please be aware that we may collect the information provided in the Annex 1, but depending on the specifics, we do not always collect all of those data points in respect to each individual data subject. 

Why do we use your data

It is necessary for us to process your data in order to provide the Services to you and to fulfil our legal requirements. If you decline to share with us the data we request, we are unable to provide the Services to you. We use your personal data in order to:

  • Carry out our obligation relating to your Agreement with us and to provide you with the information, products and Services;

  • Comply with any applicable legal and/or regulatory requirements;

  • Notify you about changes to our Services;

  • Keep our Services safe and secure;

  • Administer our Services and for internal operations;

  • Improve our Services;

  • Measure or understand the effectiveness of advertising we serve and to deliver relevant advertising to you;

  • Combine information we receive from other sources with the information you provide to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).

Legal basis for using you data

To use the information as provided in section 4, we rely on following data processing grounds:

  • Consent (GDPR Article 6 (1)(a)). We can process your data based on your consent. We for example may send you marketing materials based on your consent;

  • Performance of a contract (GDPR Article 6 (1)(b)). We may process your data to perform our obligations pursuant to the Agreement to provide the Services to you. This might for example be the case if you contact customer support with any questions you might have;

  • Legal obligations (GDPR Article 6 (1)(c)). We may process your data if it is necessary to meet legal obligations we are subject to. This for example might be data processing we conduct during our anti-money laundering activities;

  • Legitimate interest (GDPR Article 6 (1)(f)). We may process your data if we have a legitimate interest to do so. Such necessity might arise for example for business development, to ensure information security, during fraud investigations, if required so by our external cooperation partners or if necessary to protect our legal interest.

Sharing data

We aim to share as little personal data on your as possible to service providers, especially outside the EEA region. Whenever possible, we anonymize the shared data so that you cannot be identified based on that data. In addition to that, we may transfer your personal data to countries outside the EEA area if it is necessary for the purposes as provided in Annex 1 of this Policy. In such cases we shall ensure that adequate safeguards are in place to protect your rights. You may request a copy of such safeguards we have put in place by contacting us via email.

We may also share your personal data if we are legally required to do so, for example in cases of court, tax authority or other relevant authority requesting personal data from us.

We also share your personal data with other eAgronom group entities or resellers which may also reside outside the EEA region. eAgronom entities are subject to same internal data processing principles to ensure sound safeguarding of personal data within our group.

More specifically, we may share your data to following parties:

  • eAgronom group companies - we share your personal data with other eAgronom group entities to provide you the Services. Our group entities are and in the future shall be located either in within the EEA region or in countries who are subject to adequacy decisions issued by the European Commission ( If we establish any group companies outside the EEA region, we shall make sure that adequate safeguards are in place to protect your personal data. Each eAgronom group company can function as an independent controller in such scenarios;

  • Public authorities – upon receiving a valid request from a public authority, we shall share personal data to comply with our legal obligations. Public authorities are deemed to function as independent controllers in such cases;

  • Service providers – in order to provide you with the best Service, we are cooperating with various service providers to (this list is high-level and not conclusive):

    • facilitate the participation in carbon market (for example partners to validate and certify carbon credits; registries; cooperation partners for establishing joint-carbon programs);

    • deliver to you the relevant data (such as market data)

    • support and maintain our IT infrastructure (for example servers);

    • meet our regulatory obligations (KYC and sanction-related monitoring for example), etc. In such situations the service providers will function as data processors.

Where we store your data

Protection of personal data is very important to us. We use various technical and organizational measures to ensure that your data is safe with us. 

Your personal data is either in our databases or in databases of our service providers. Servers storing such data are physically located in the EEA region. In some instances, we may share your data with service providers located outside the EEA region, please see Section 6 for more details.

How long we keep your data

We generally store your personal data as long as necessary for the purpose under which we collected the information. We will delete data that is no longer required by a relevant law or jurisdiction in which we operate. Our general data retention period is 5 years after ending the business relationship with you. This is a statutory data retention period which we have to follow to be compliant with our legal obligations. In some cases we may need to hold your personal data for longer to meet our legal obligations or if we have a legitimate interest (if longer data retention is for example required by our cooperation partners) to do so.

Your data protection rights

Under relevant data protection laws and this Policy, you have various rights related to your personal data as provided below:

  • Right to access. You have the right to request access to the information we hold about you. Please be aware that this right can sometimes be limited by our regulatory obligations. We are unable to provide you access to personal data that would cause us to break the law.

  • Right to rectification. You have the right ask us to update any of the information about you that you think is inaccurate or incorrect.

  • Right to erasure and restriction of processing. You have the right to ask us to delete, stop processing or limit our use of your information that we hold. Please be aware that if we have a regulatory obligation to still retain this information, we might be unable to facilitate this request until the required retention period has elapsed.

  • Right to data portability. You have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format and you have the right to request us to transmit this data to another data controller if the data was gathered by your consent, pursuant to the Agreement between us or via automated means.

  • Right to withdraw your consent. Your consent is voluntary, and you have the opportunity to withdraw your consent at any time. Please be aware that in such cases we may not be able to provide Services to you. In addition to that, you always have the right to withdraw your consent from receiving marketing materials from us. We provide you with the option to unsubscribe from such communications in each email, via the unsubscribe link. We still shall send you relevant information regarding the Services and our Agreement.

Automated decisions

We may make automated decisions about you. This means that we may use technology that can evaluate your personal circumstances and other factors to predict risks or outcomes. We do this for the efficient running of our services and to ensure decisions are fair, consistent and based on the right information. Most of automated decisions we make are connected to providing the Services to you. If we make automated decisions about you that limit your rights or access to the Platform, we will review those decisions manually as soon as possible.

Our Platform can only be accessed from regions in which we have decided to operate in. We automatically restrict access to our Platform in regions that we do not operate in.


If you have any concerns about our use of your personal data, you can make a query or a complaint to us at and we will do our best to address the issue.

If you feel that we have not addressed your questions or concerns adequately, or you believe that your data protection or privacy rights have been infringed, you can complain to the Estonian Data Protection Inspectorate ( if you are unhappy with how we have used your data. You have a right to bring an action before a court.

  1. Applicable law and jurisdiction

This Policy will be governed by and construed in accordance with the Estonian law. Without prejudice to any rights you may have to refer a complaint to the authorities, the courts of Estonia have exclusive jurisdiction to settle any dispute arising in connection with this Agreement and for such purposes we and you irrevocably submit to the jurisdiction of the Estonian courts.

  1. Changes to this Policy

We continuously review our policies and procedures. We’ll post any changes we make to this policy on this page and let you know about any significant changes via email.

Annex 1

Personal data processing details

Personal dataPurposeSource Legal basisPersonal data: first and last name, phone number, date of birth, personal identification number (or equivalent)To meet our regulatory obligations for the provision of ServicesDirectly from the data subject, some data points are verified using public databases, which depends on the residence of the data subject

 Performance of a contract (GDPR art 6 (1)(b)), legal obligations (GDPR art 6 (1)(c)Contact information: email address, residence address, geographical location (IP address)To know how we can contact you and for regulatory purposesPerformance of a contract (GDPR art 6 (1)(b)), legal obligations (GDPR art 6 (1)(c)Background information: bank account information, IP address, tax residency and tax ID number, if applicable, citizenship, employment information, personal identification card data points (date of issue, expiry date, picture, country of issuance)To understand to who we shall provide the Services and to fulfil our regulatory obligations (related to KYC)Legal obligations (GDPR art 6 (1)(c), legitimate interest (GDPR art 6 (1)(f)Data on how you use the Services: information on how long and how often you use the Services, what features you use the most and what not, etc. To improve the Platform and our ServicesDirectly from the data subject

 Legitimate interest (GDPR art 6 (1)(f))Marketing: email address, citizenship, etc. To provide you with marketing materialsConsent (GDPR art 6 (1)(a))Financial data: your payment information (cards, bank accounts, etc.), orders.To provide the ServicesDirectly from the data subject, from service providers used by the data subjectPerformance of a contract (GDPR art 6 (1)(b)), legitimate interest (GDPR art 6 (1)(f))Customer support: different kinds of communications (emails, other messages, phone calls, etc.), information provided in those communicationsTo provide the ServicesDirectly from the data subjectPerformance of a contract (GDPR art 6 (1)(b))Data related to information security measures (technical information on how our Website and Platform is accessed and used)To provide the ServicesDirectly from the data subject, public databasesLegitimate interest (GDPR art 6 (1)(f))

Have any questions?

Project is financed by the Republic of Estonia

The project was funded by the Entrepreneurs Support Program for Applied Research and Product Development (RUP).

Project name:

Software Technology and Applications Competence Centre (STACC)

Have any questions?

Project is financed by the Republic of Estonia

The project was funded by the Entrepreneurs Support Program for Applied Research and Product Development (RUP).

Project name:

Software Technology and Applications Competence Centre (STACC)

Have any questions?

Project is financed by the Republic of Estonia

The project was funded by the Entrepreneurs Support Program for Applied Research and Product Development (RUP).

Project name:

Software Technology and Applications Competence Centre (STACC)

Have any questions?

Project is financed by the Republic of Estonia

The project was funded by the Entrepreneurs Support Program for Applied Research and Product Development (RUP).

Project name:

Software Technology and Applications Competence Centre (STACC)

ISO 27001 BUREAU VERITAS Certification