en
 

Privacy Policy

1. Purpose

1.1. As the data controller, Forest Reserves OÜ (registry code 11603960, hereinafter the ‘company’) values your privacy and takes all reasonable steps to protect your personal data. This privacy policy (hereinafter ‘the privacy policy’) describes how the company processes your personal data (including collection, use, disclosure, storage, transfer, deletion, etc.).
1.2. The privacy policy explains, among other things, the principles on which the company processes personal data and your main rights in relation to the processing of personal data.
1.3. The privacy policy applies to all natural persons (hereinafter the client) who use the company’s services and/or website, enter into any contract with the company, engage in pre-contractual negotiations with the company, submit enquiries to the company, or otherwise interact with the company.
1.4. In processing personal data, the company complies with the General Data Protection Regulation (GDPR) (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, hereinafter the GDPR), the Personal Data Protection Act in force in the Republic of Estonia (hereinafter the PDPA), and other applicable legislation.
1.5. The privacy policy forms part of all contracts of the company. By visiting the company’s website, using the company’s services, entering into any contracts with the company, engaging in pre-contractual negotiations with the company or contacting the company, you are subject to the provisions set out in the privacy policy.

2. Personal data collected and purposes of processing

2.1. Personal data means any information relating to an identified or identifiable natural person that the company processes for the purposes specified in section 2.3 of the privacy policy.
2.2. The company processes the following personal data:
2.2.1. identification data – the client’s name, personal identification code, and identity document details;
2.2.2. contact data – email address, telephone number, postal address;
2.2.3. data concerning the client’s immovable;
2.2.4. Transaction data – data relating to declarations of intent connected with a contract, the content of the transaction, invoices and payment data, as well as data concerning the performance of the contract;
2.2.5. other data that the company may or must, within a reasonable scope and to the necessary extent, process for the purposes specified in section 2.3 of the privacy policy.
2.3. As a rule, the company collects personal data directly from the client. In certain exceptional cases, the company may also collect personal data from publicly available sources. For example, in justified cases the company may collect data from the land register.
2.4. The company processes the client’s personal data primarily for the following purposes:
2.4.1. for identifying the client or their representative;
2.4.2. for performing obligations, carrying out activities and providing advice necessary for the provision of services to the client or for the conclusion of contracts;
2.4.3. for conducting pre-contractual negotiations or exchanging pre-contractual information;
2.4.4. for communication related to the provision of services, the conclusion of contracts and economic activities, and for documenting business activities (including transmitting information required for the company to fulfil obligations imposed by legislation);
2.4.5. for improving and developing the quality of customer service;
2.4.6. for preparing and issuing invoices;
2.4.7. for carrying out activities essential for the company’s economic activity (for example, contacting the owner of a neighbouring immovable in connection with works on the company’s immovable, determining access to an immovable or cutting rights being acquired, etc.);
2.4.8. for the preparation, submission or defence of the company’s legal claims, including the transfer of personal data to a law firm or a debt collection agency;
2.4.9. for contacting the client and responding to the client’s enquiries.

3. Legal basis of the processing

3.1. The basis for processing personal data is usually the contract concluded with the client, the client’s consent, a legal obligation, or the company’s legitimate interest, which overrides the client’s interests and fundamental rights and freedoms.
3.2. The company is engaged in forest management and also provides related services. The company processes personal data mainly for the preparation, conclusion and performance of immovable property transfer transactions, cutting rights transfer transactions, or other forest management service contracts. The legal basis for processing is Article 6(1)(b) of the GDPR. The company may also process personal data for the resolution of potential disputes arising from a contract. The transfer of personal data for the preparation and performance of a contract is a requirement for the conclusion of the contract. If you do not provide the requested personal data, the company cannot enter into a contract with you.
3.3. The company processes your personal data for making offers to you if you have given consent to receive offers (Article 6(1)(a) of the GDPR). You have the right to withdraw your consent at any time. In such a case, we will cease processing your data from the moment of withdrawal of consent.
3.4. The company may also process your personal data in other cases on the basis of consent. The purpose of the processing will be specified during the process for granting consent. Any consent granted for processing is purely voluntary and you may withdraw your consent at any time.
3.5. The company processes your personal data for the fulfilment of obligations arising from legislation (Article 6(1)(c) of the GDPR). The obligations arise, for example, from the Accounting Act, the Law of Obligations Act and other applicable legislation. For example, the company has tax reporting and accounting obligations, for the fulfilment of which your personal data are processed and used. This may include transferring your personal data to the tax authority and other public authorities, as well as to an auditor or legal advisers.
3.6. The company processes your personal data on the basis of the company’s legitimate interest (Article 6(1)(f) of the GDPR), including for business purposes as well as for security purposes (fraud detection). For example, the company has a legitimate interest in retaining all transaction data for the duration of the limitation period of claims arising from a contract, for the purpose of protecting its rights. The company also has a legitimate interest in contacting the owner of a neighbouring immovable in connection with works carried out on the company’s immovable. On the basis of legitimate interest, the company may also collect data concerning immovables adjacent to an existing or acquired immovable or cutting rights and their owners, including identifying possible access roads to the immovable.
3.7. The company processes personal data only to the extent minimally necessary for achieving the purposes of processing.

4. Retention of personal data

4.1. The company is legally required to retain collected personal data. The company does not retain personal data for longer than is necessary for the fulfilment of the company’s obligations, unless you have given consent for longer retention and processing of the data.
4.2. The company treats all personal data as confidential information. The company ensures that your data are processed and retained within the territory of the European Union.
4.3. The company ensures the security of personal data processing in accordance with applicable legislation, including the GDPR and the PDPA.
4.4. Taking into account the latest developments in science and technology and the costs of implementation, as well as the nature, scope, context and purposes of personal data processing, the company applies appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
4.5. The company may retain personal data for 10 years from the last deadline relating to the performance of the contract if there is a justified suspicion of intentional breach of obligations. Accounting records are kept for seven years as required by law. If the company transfers personal data to another controller (e.g. notaries, courts, banks, the Environmental Board, the Tax and Customs Board, etc.), the retention periods are determined by the recipient of the data.
4.6. If the basis for processing personal data is the company’s legitimate interest and you declare that you do not wish your personal data to be used and retained, the company will delete the personal data collected upon receipt of the request. If certain personal data must nevertheless be retained for the purpose of legal proceedings, for example to apply for access through the courts, the company will inform you of this separately.

5. Client’s rights

5.1. In the cases provided by law, the client has, among other things, the right:
5.1.1. to request from the company access to personal data concerning the client;
5.1.2. to receive from the company information on the scope and use of the client’s data processing;
5.1.3. to demand the rectification and deletion of personal data;
5.1.4. to restrict the processing of personal data;
5.1.5. to object to the processing of personal data;
5.1.6. to file a complaint with the data protection supervisory authority (Data Protection Inspectorate, www.aki.ee) or to turn to a court.
5.2. If the basis for processing personal data is the client’s consent, then in addition to what is set out in section 4.1 of the privacy policy, the client has the right to withdraw the consent at any time, regardless of the reason. Withdrawal of consent does not affect the lawfulness of data processing carried out previously on the basis of consent.  Please note that withdrawal of consent affects only operations related to personal data processed on the basis of consent (e.g. sending an offer in response to a client enquiry). Notwithstanding the withdrawal of consent, the company has the right to continue processing the client’s personal data for which another legal basis applies, for example where the data are necessary for bringing a legal claim against the client or where processing of the client’s personal data is necessary for the company to comply with a legal obligation.
5.3. To exercise the rights referred to in sections 5.1 and 5.2 of the privacy policy, the client must submit a notice in written form to the company’s e‑mail address info@forestreserves.ee (for written form, a transaction in electronic form is deemed equivalent within the meaning of section 80 of the General Part of the Civil Code Act).

6. Amendments

6.1. The company has the right to amend, supplement or clarify the privacy policy by giving notice thereof via the company’s website www.maa.ee and publishing the new privacy policy there as well.
6.2. For any questions regarding the privacy policy, data processing or the client’s rights, the company requests that enquiries be made by e-mail to info@forestreserves.ee. Enquiries may also be sent by post to Jaama 76-13, Tartu, Tartu County, 50605.
6.3. Last amended on 16 May 2025.

 

 

Terms of use of cookies

This cookie policy has been drawn up on the basis of Regulation (EU) 2016/679 of the European Parliament and of the Council and govern the use of cookies on the Website by Forest Reserves OÜ.

A cookie is a small text file that the web browser automatically stores on the device used by the user, and which we use solely to make the www.maa.ee website and services function better and more efficiently.

1. Use of cookies

Cookies are used to ensure that:

  • The website functions in accordance with your expectations.
  • Your settings are remembered.
  • The speed and security of the website are improved.
  • The content of the website can be shared more easily on social media.
  • Improvements and developments of the website can be planned.
  • Offers and marketing messages are tailored more closely to your needs.

2. Cookies in use

The website may install the following cookies on the device of the user or visitor:

2.1 Essential cookies

These cookies allow you to use the functions of the website and remember the information entered in the forms even if the user navigates to other subpages of the website during the session.

Without such cookies, some services of the website are not available.

Strictly necessary cookies do not collect information for marketing purposes or track the pages you view on the internet.

2.2 Performance Cookies

Performance cookies collect information about your use of the website and can be used to improve the functionality of the website.

Performance cookies show which webpages were visited most often, which pages of the website had issues when using them, and so on.

Performance cookies do not collect personal information and the information collected is anonymous.

2.3 Functionality cookies

Functionality cookies remember your choices and provide enhanced and personalised functions.

Such cookies remember any changes made but do not record activities on third-party websites.

2.4 Third-party cookies

Third parties (e.g. Google) may use their own cookies or other methods to collect information about the content of our website that you have visited. Third parties use the collected information to provide usage statistics analysis and advertisements on topics that are of interest to you.

Forest Reserves OÜ does not access or control cookies originating from third parties – the use of such cookies is subject to the privacy policy of the respective provider. For this, the website visitor can read the privacy policy of all third parties separately.

You can read the terms of Google’s cookies here: https://www.google.com/policies/technologies/cookies/

3. Managing and deleting cookies

Essential cookies are required for the website to function. A visitor to the website may delete and/or block cookies stored on their devices by changing the relevant settings of their web browser.

If cookies are deleted or disabled, the website may not function as intended and/or some functionalities may not be available to users.

More information on how cookies work or how to disable cookies can be found at www.allaboutcookies.org.