Legal | Imprint | Privacy | European E-Commerce Institute Skip to content

Imprint | Privacy Statement

Imprint Provider Identification

As required by Estonian law, the following contains mandatory information regarding the Website’s provider, data protection requirements, and other key legal references for the Website of the European E-Commerce Institute OÖ. (


Legal provider of this website is the European E-Commerce Institute OÜ

European E-Commerce Institute OÜ

Sepapaja 6

Tallinn 15551, Estonia


European E-Commerce Institute OÖ will be shortened using EEI.


The business name of the private limited company is European E-Commerce Institute OÜ. The address of the private limited company is Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551. Tax registration code 16468679.


The proposed principal activity is Business and other management consultancy activities, EMTAK code 70221 (version 2).

Means of communication


Privacy Policy

We take the security of your personal information extremely seriously. In accordance with current data protection laws, we process any personal information obtained during a website visit. We never publish nor disclose your information to unauthorized third parties.


In the following section, we detail the information we collect and how it is used when you visit one of our websites:


Basic information

Data processing scope


We collect and use users’ personal information only to the extent necessary to support the functionality of our website and its contents and services. The collection and exploitation of our users’ personal information often occurs with their cooperation. There is an exemption when data processing is permitted by law.


Legitimate grounds for processing


Article 6 (1) lit. an of the EU General Data Protection Regulation (GDPR) acts as the legal basis for the processing of personal data where the affected individual’s consent is acquired.


Article 6 (1) lit. b GDPR serves as the legal basis for the processing of personal data necessary to fulfill a contract in which the affected individual is a party. This also applies to processing necessary for pre-contractual measures.


If processing is necessary to protect the legitimate interests of the EEI or a third party and the interests, fundamental rights, and fundamental freedoms of the affected individual do not outweigh the first interest, Article 6 (1) lit. f GDPR serves as the legal basis for such processing.


Data erasure and storage duration


The personal data of the affected individual are erased or blocked when the storage purpose is no longer applicable. The EEI may also be stored if permitted by European or national lawmakers under EU regulations, acts, or other applicable legislation. A blocking or deletion of data occurs only if a storage time defined by one of the aforementioned regulations expires, unless the continued storage of the data is required for the conclusion or performance of a contract.


Contact information for those accountable


The entity accountable for compliance with the General Data Protection Regulation, various national data protection laws, and other data protection laws is the company mentioned as the website owner above.


Website provision and creation of log files


Each time you visit our website, our services and applications automatically collect data and information from your computer’s system.


The following data are temporarily collected:

Your IP address

The date and time of your website visit

URL of the visited page

URL of the previous webpage visited (referrer)

Version and name of your browser or operating system (if transmitted)

These data are preserved in the log files of our systems. These details are not saved alongside the user’s other personal information.


The legal foundation for the temporary storage of data and log files is Article 6 (1), paragraph f, of the General Data Protection Regulation. Log files are utilized for data storage in order to ensure the functionality of the website. The data also helps us enhance our websites, eradicate bugs, and secure our IT infrastructure. Our legitimate interest in data processing pursuant to Article 6(1)(f) GDPR also consists in the aforementioned purposes.


When the data are no longer necessary to fulfill the reason for which they were collected, they are removed. If data are collected in order to provide the website, this occurs when the respective visit ends. Whenever data are stored in log files, this is the case no later than seven days later. Storage beyond this timeframe is feasible. In this instance, the IP addresses of the users are destroyed or removed so that they cannot be assigned to the visiting client.


The recording of data for the supply of the website and storage of data in log files are required for the website’s operation. As a result, users lack the ability to revoke such data recording.


Web site analysis

Google Analytics

If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).


Scope of processing

Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.


[OPTIONAL: We use the User ID function. User ID allows us to assign a unique, persistent ID to one or more sessions (and the activities within those sessions) and to analyze user behavior across devices.]


[OPTIONAL: We use Google Signals. This allows Google Analytics to collect additional information about users who have personalized ads enabled (interests and demographics) and ads can be delivered to these users in cross-device remarketing campaigns.]


Google Analytics 4 has IP address anonymization enabled by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.


During your website visit, your user behavior is recorded in the form of “events”. Events can be:


Page views

  • First visit to the website
  • Start of session
  • Your “click path”, interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • clicks on external links 
  • internal search queries
  • interaction with videos
  • file downloads
  • seen / clicked ads
  • language settings
  • Also recorded:
  • Your approximate location (region)
  • your IP address (in shortened form)
  • technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • your internet service provider
  • the referrer URL (via which website/advertising medium you came to this website)
  • Purposes of processing


On behalf of the operator of this website, Google will use this information to evaluate your [pseudonymous [NOT WHEN USING USER ID]] use of the website and to compile reports on website activity. The reports provided by Google Analytics serve to analyse the performance of our website [OPTIONAL: and the success of our marketing campaigns].



Recipients of the data are/may be:


  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor under Art. 28 DSGVO).
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • It cannot be ruled out that US authorities may access the data stored by Google.


Third country transfer

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.


Duration of storage

The data sent by us and linked to cookies are automatically deleted after 2 [OR: 14] months. The deletion of data whose retention period has been reached occurs automatically once a month.


Legal basis

The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit. a GDPR [IF APLLICABLE:  Art.49a GDPR].



You can revoke your consent at any time with effect for the future by accessing the cookie settings in the footer and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.


You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google, by


  1. not giving your consent to the setting of the cookie or
  2. downloading and installing the browser add-on to disable Google Analytics here:

For more information on Google Analytics’ terms of use and Google’s privacy policy, please visit and at


Server side data collection

When you visit our websites, the server might collect the following information and data from your computer’s computer system:


IP address, shortened for privacy

Two cookies to distinguish between visitors (pk id and pk sess).

Referrer (previously visited URL), if transmitted by the browser

Operating system designation and variant

The browser’s name, version, and language settings

In addition, if JavaScript is enabled:


URLs accessed on this site

Dates and times of page visits

Format of HTML requests

Display resolution and color saturation

Formats and procedures supported by the web browser (e.g. cookies, Java, Flash, PDF, WindowsMedia, QuickTime, RealPlayer, Director, SilverLight, Google Gears)

Data are exclusively kept and evaluated on a central server operated by EEI. Along with the core website, it is utilized by the majority of EEI and the majority of EEI-assigned project websites.


The legal basis for processing the personal data of users is Article 6 (1) (f) GDPR. The processing of personal data helps us to analyze our users’ usage patterns. The evaluation of the data we collect enables us to compile information regarding the usage of each component of our websites. This allows us to constantly enhance the usability of our websites. Our legitimate interest in data processing pursuant to Article 6(1)(f) GDPR also consists in the aforementioned purposes. The anonymization of the IP address adequately accounts for the users’ desire for the protection of their personal information.


The data are erased when the final annual amounts for access statistics have been calculated.


Obviously, you have the ability to revoke data collection. You have the following independent options to withdraw the central server’s data recording:


Activate the do-not-track or do-not-follow settings in your browser. If these settings are enabled, our central server will not keep any of your data. Important: The do-not-track directive typically only applies to the device and browser on which it is activated. If you use multiple devices/browsers, you will need to activate do-not-track in each place independently.


These details are not saved alongside the user’s other personal information.


Employment of cookies

Our website makes use of cookies. Cookies are text files that are kept in the Internet browser or on the user’s computer system by the Internet browser. A cookie can be kept on a user’s operating system when the user visits a website. This cookie contains a string of characters that allows the browser to be uniquely identified when returning to the website.


Additionally, we employ cookies on our website to enable the analysis of user behavior. Please refer to the information provided under C for additional details on this topic.



On our website, there is an option to sign up for a free newsletter. When registering for the newsletter, we receive the information from the data submission form. Typically, they are your email address, last name, and first name. During the registration process, we provide you with information about the specific data processing and get your consent. In addition, this data-protection statement is mentioned. The data are used solely for newsletter distribution.


The legal basis for the processing of data following the user’s registration for the newsletter is the user’s consent in accordance with Article 6 (1), paragraph a, of the GDPR. The purpose of data collection is to distribute the newsletter. When the data are no longer necessary for the reason for which they were collected, they are removed. Consequently, the user’s email address is saved for the duration of the newsletter subscription. The individual user may unsubscribe from the newsletter at any time.


Google Maps

This webpage displays a map using Google Maps. Google Maps is operated by Google Inc. at 1600 Amphitheatre Parkway, Mountain View, California 94043, United States of America.


By using this website, you agree to the recording, processing, and use of your automatically obtained data by Google, one of its agents, or third-party vendors.

The Google Maps terms of service can be found at Google Maps Terms of Service. For complete information, please read Google’s Privacy & Terms.



On our websites, users can register by filling out a data entry form with their personal information. Typically, we collect your email address, last name, and first name. During the registration process, we provide you with information about the specific data processing and get your consent. In addition, this data protection declaration is mentioned.


The legal foundation for data processing is the user’s consent under Article 6 (1), paragraph an of the GDPR. If registration is necessary for the performance of a contract in which the user is a party or for the implementation of pre-contractual procedures, the additional legal justification for data processing is Article 6 (1) lit. b GDPR. To provide specific content and services on our website, to fulfill a contract with the user, or to implement pre-contractual procedures, registration of the user is required. When the data are no longer necessary to fulfill the reason for which they were collected, they are removed. This is the case for information collected during the registration process on our websites if registration is canceled or amended. If the data are no longer required for the registration procedure to fulfill a contract or to implement pre-contractual measures, this is the case. In order to comply with contractual or legal responsibilities, it may be required to continue storing the contractual partner’s personal information after the relationship has expired.


You can cancel your registration at any moment as a user. You can modify the information associated with yourself at any moment. Detailed instructions are provided in the specific registration procedure. If the data are necessary for the performance of a contract or the implementation of pre-contractual procedures, their early erasure is only feasible if no contractual or regulatory duties hinder such deletion.


Data transmission

For certain services, the administration and storage of your personal information occurs.



Management of Newsletter subscriptions upon registration

Your personal information will only be shared with state institutions and authorities where required by law or for criminal prosecution stemming from assaults on our network infrastructure. The information is not shared with other parties for other reasons.


Rights of affected individuals

As an individual whose personal data are collected in connection with the aforementioned services, you have the following rights, provided that no legal restrictions apply:


  • Documentation (Article 15 GDPR)
  • Modification (Article 16 GDPR)
  • (Article 17 (1) of the GDPR)
  • Limitations on processing (Article 18 GDPR)
  • Data transfer (Article 20 GDPR)
  • withdrawal of processing (Article 21 GDPR)
  • Article 7 (3) GDPR – Revocation of consent
  • Right to file a complaint with the governing body (Article 77 GDPR). This is the Estonian Data Protection Authority.