| Dokumendiregister | Registrite ja Infosüsteemide Keskus |
| Viit | 2-1-1/2024/7307 |
| Registreeritud | 29.08.2024 |
| Sünkroonitud | 30.08.2024 |
| Liik | Väljaminev kiri |
| Funktsioon | 2 Asjaajamine |
| Sari | 2-1 Kirjavahetus üldküsimustes (teated, taotlused, avaldused, teabenõuded, märgukirjad, selgitustaotlused jm dokumendid) |
| Toimik | 2-1-1/2024 |
| Juurdepääsupiirang | Avalik |
| Juurdepääsupiirang | |
| Adressaat | B. B. G. |
| Saabumis/saatmisviis | B. B. G. |
| Vastutaja | Ave Liina Tennokese (Registrite ja Infosüsteemide Keskus, Õigusteenuse tiim) |
| Originaal | Ava uues aknas |
A: Lubja 4, Tallinn 19081, Eesti, T: +372 663 6300, F: +372 646 0165, E: [email protected], I: Reg 70000310, K: 221023778606, W: www.rik.ee
Barış Bulut Gezer
Dear Sir or Madam
In response to your request regarding the disclosure of company owner information in the e-business
register, we explain the following.
Article 6 paragraph 1 point (e) of the General Data Protection Regulation (EU) 2016/679 (hereinafter
GDPR) allows the processing of personal data if the processing is necessary for the performance of a
task carried out in the public interest or in the exercise of official authority vested in the controller.
According to paragraph 3 of the same article, the basis for the processing of personal data referred to in
point (e) of paragraph 1 is established either by Union law or by Member State law to which the controller
is subject.
The legal basis for the collection and processing (including disclosure) of the company owner´s
information (name and personal identification code) in the Estonian commercial register derives from the
Commercial Register Act (hereinafter the Act). In addition, the company data listed in § 12, § 13 and § 26
of the Act (articles of association or other foundation documents; annual reports etc) is also included in
the public file of the commercial register.
According to § 2 (1) of the Act, the commercial register is a database belonging to the state information
system and the purpose of maintaining such database is to collect, retain and disclose information on
private legal persons founded pursuant to Estonian law, sole proprietors and branches of foreign
companies operating in Estonia. § 30 of the Act states that the commercial register is public - everyone
has the right to examine a registry card of the commercial register and the data and documents in a
public file. So, the general idea behind a public commercial register is to publish all relevant legal
relationships that legal persons engaging in business have. This is necessary to ensure trustworthiness of
the business environment.
The re-use of this information is not restricted by law by natural persons or legal persons for commercial
or non-commercial purposes other than the initial purpose within the public duties for which the
information was obtained or produced. The company data including all personal data contained in the
business register are open data based on the currently valid Public Information Act. Due to the general
concept of open data, reuse should take place with as few restrictions as possible and free of charge. At
the same time, disclosing the data does not mean that anything can be done with the data. The General
Data Protection Regulation (GDPR) must be considered in order not to damage the privacy of natural
persons. The business register has already restricted the access of search engines to the company
owner´s information. In addition, further restrictions are being placed on the download of open data that
contains personal data.
If someone (company, organization) uses (discloses, processes) your personal data, this data re-user
becomes the responsible processor. You can always contact the persons reusing personal data and
exercise all rights related to your personal data, including the right to object to the processing of your
Teie Your ref 17.08.2024 No Our ref 29.08.2024 No 2-1-1/2024/7307
personal data and to request the deletion of the personal data for which there is no legal basis according
to Article 6 of the GDPR. In addition, you have the right to appeal to the Data Protection Inspectorate if it
should appear that the recipient of open data in the e-business register has further processed the
received personal data for unlawful purposes.
Taking into consideration the above, we regret to inform you that we cannot make the company owner´s
information private nor remove the company data from the public file. However, we are conscious of the
risks associated with the disclosure of personal information in the commercial register and the Estonian
Ministry of Justice is currently in the process of renewing the data access regime of the commercial
register. With additional questions, you can contact the Ministry of Justice, which is the controller of the e-
business register.
Sincerely Yours,
/signed digitally/
Ave Liina Tennokese
Lawyer
Legal service team
A: Lubja 4, Tallinn 19081, Eesti, T: +372 663 6300, F: +372 646 0165, E: [email protected], I: Reg 70000310, K: 221023778606, W: www.rik.ee
Barış Bulut Gezer
Dear Sir or Madam
In response to your request regarding the disclosure of company owner information in the e-business
register, we explain the following.
Article 6 paragraph 1 point (e) of the General Data Protection Regulation (EU) 2016/679 (hereinafter
GDPR) allows the processing of personal data if the processing is necessary for the performance of a
task carried out in the public interest or in the exercise of official authority vested in the controller.
According to paragraph 3 of the same article, the basis for the processing of personal data referred to in
point (e) of paragraph 1 is established either by Union law or by Member State law to which the controller
is subject.
The legal basis for the collection and processing (including disclosure) of the company owner´s
information (name and personal identification code) in the Estonian commercial register derives from the
Commercial Register Act (hereinafter the Act). In addition, the company data listed in § 12, § 13 and § 26
of the Act (articles of association or other foundation documents; annual reports etc) is also included in
the public file of the commercial register.
According to § 2 (1) of the Act, the commercial register is a database belonging to the state information
system and the purpose of maintaining such database is to collect, retain and disclose information on
private legal persons founded pursuant to Estonian law, sole proprietors and branches of foreign
companies operating in Estonia. § 30 of the Act states that the commercial register is public - everyone
has the right to examine a registry card of the commercial register and the data and documents in a
public file. So, the general idea behind a public commercial register is to publish all relevant legal
relationships that legal persons engaging in business have. This is necessary to ensure trustworthiness of
the business environment.
The re-use of this information is not restricted by law by natural persons or legal persons for commercial
or non-commercial purposes other than the initial purpose within the public duties for which the
information was obtained or produced. The company data including all personal data contained in the
business register are open data based on the currently valid Public Information Act. Due to the general
concept of open data, reuse should take place with as few restrictions as possible and free of charge. At
the same time, disclosing the data does not mean that anything can be done with the data. The General
Data Protection Regulation (GDPR) must be considered in order not to damage the privacy of natural
persons. The business register has already restricted the access of search engines to the company
owner´s information. In addition, further restrictions are being placed on the download of open data that
contains personal data.
If someone (company, organization) uses (discloses, processes) your personal data, this data re-user
becomes the responsible processor. You can always contact the persons reusing personal data and
exercise all rights related to your personal data, including the right to object to the processing of your
Teie Your ref 17.08.2024 No Our ref 29.08.2024 No 2-1-1/2024/7307
personal data and to request the deletion of the personal data for which there is no legal basis according
to Article 6 of the GDPR. In addition, you have the right to appeal to the Data Protection Inspectorate if it
should appear that the recipient of open data in the e-business register has further processed the
received personal data for unlawful purposes.
Taking into consideration the above, we regret to inform you that we cannot make the company owner´s
information private nor remove the company data from the public file. However, we are conscious of the
risks associated with the disclosure of personal information in the commercial register and the Estonian
Ministry of Justice is currently in the process of renewing the data access regime of the commercial
register. With additional questions, you can contact the Ministry of Justice, which is the controller of the e-
business register.
Sincerely Yours,
/signed digitally/
Ave Liina Tennokese
Lawyer
Legal service team
| Nimi | K.p. | Δ | Viit | Tüüp | Org | Osapooled |
|---|---|---|---|---|---|---|
| Privacy protection of the companies | 29.08.2024 | 1 | 2-1-1/2024/7307 🔒 | Sissetulev kiri | rik | B. B. G. |