Privacy policy



The responsible data processor is Tallinna Strategiekeskus, contact person: Ergo Kukk,

The authorized data processor is: Exponaut OÜ (e-environment provider)

The online environment consists of the following parts: homepage; registration and ticketing environment; digital exposure and social network environment.

The legal basis for personal data processing in the online environment is the disclosure of consent data to other users (digital exposition, social network), receiving direct mail) and contract fulfillment (registration, ticket purchase).

The purpose of processing personal data is to ensure the following within the framework of Greentech Week and Nexpo events and the digital Nexpo event: sending a newsletter, registration, performing ticket sales and enabling tickets, accreditation, creating and displaying digital exo profiles, application-related information.

The defining data in the online environment are: name, age, gender, nationality, residence, contact information (phone number, email address, address), profile picture, job title, professional affiliation with institutions.

Information related to ticket purchase: name, age, gender, nationality, residence, contact information (phone number, email address, address), profile picture, job title, professional affiliation with institutions.

Data related to creating a profile: name, age, gender, nationality, residence, contact information (phone number, email address, address), profile picture, job title, professional affiliation with institutions.

Access to personal data (except data that the person himself has disclosed to other users in the environment) is strictly limited and is located in a secure accommodation environment. The data can be accessed and accessed by Erko Kukk from the Tallinn Strategy Center and Exponaut OÜ (environment provider).

Data is stored: 2 years or until withdrawn. According to the Accounting Act, ticket purchase data is stored for 7 years after the ticket is issued. After that, the data will be deleted.

Individuals are guaranteed all the rights that can be found in the city’s data protection terms and conditions:

application, you notice that there is an error in the personal data you entered, if you want to delete your user account, please write to us at

All appeals related to the realization of the data subject’s rights will be answered as soon as possible, but no later than within 30 days.

For all questions or concerns about data processing, please contact




Andmete vastutav töötleja on Tallinna Strateegiakeskus, kontaktisik:  Ergo Kukk,

Andmete volitatud töötleja on: Exponaut OÜ (e-keskkonna pakkuja)

Veebikeskkond koosneb järgmistest osadest: koduleht; registreerimise ja piletimüügikeskkond; digitaalse ekspositsiooni ja sotsiaalvõrgustiku keskkond.

Isikuandmete töötlemise õiguslik alus veebikeskkonnas on nõusolek (andmete avalikustamine teistele kasutajatele (digitaalne ekspositsioon, sotsiaalvõrgustik), otseposti saamine) ja lepingu täitmine (registreerimine, piletiost).

Isikuandmete töötlemise eesmärk on järgneva tagamine Greentech Week ja Nexpo füüsiliste ürituse ja digitaalse Nexpo ürituse raames: uudiskirja saatmine, registreerimine, piletimüügi teostamine ja piletite võimaldamine, akrediteerimine, digiexo profiilide loomine ja kuvamine, kandideerimisega seotud info edastamine.

Veebikeskkonnas töödeldavad andmed on: nimi, vanus, sugu, rahvus, residentsus, kontaktandmed (telefoninumber, meiliaadress, aadress), profiilipilt, töö tiitel, tööalane seotus asutustega.

Piletiostuga seotud andmed: nimi, vanus, sugu, rahvus, residentsus, kontaktandmed (telefoninumber, meiliaadress, aadress), profiilipilt, töö tiitel, tööalane seotus asutustega.

Profiili loomisega seotud andmed: nimi, vanus, sugu, rahvus, residentsus, kontaktandmed (telefoninumber, meiliaadress, aadress), profiilipilt, töö tiitel, tööalane seotus asutustega.

Isikuandmetele (va andmed, mis inimene ise on keskkonnas teistele kasutajatele avalikustanud) on ligipääs rangelt piiratud ning andmed asuvad turvalises majutuskeskkonnas. Andmetele pääseb ligi ning ligipääse haldab Tallinna Strateegiakeskusest Erko Kukk ja Exponaut OÜ (keskkonna pakkuja).

Andmeid säilitatakse:  2 aastat või nõusoleku tagasivõtmiseni. Piletiostu andmeid säilitatakse vastavalt raamatupidamise seadusele 7 aastat pileti osutust. Peale seda andmed kustutatakse.

Isikutele on tagatud kõik õigused, mis on leitavad linna andmekaitsetingimustes:

Juhul, kui märkate, et Teie poolt sisestatud isikuandmetes on viga või soovite oma kasutajakontot kustutada palume meile kirjutada aadressile

Kõigile andmesubjekti õiguste realiseerimisega  seotud pöördumistele vastatakse esimesel võimalusel,  kuid mitte hiljem, kui  30 päeva jooksul.

Kõigi  andmetöötluse kohta tekkivate küsimuste või muredega palume võtta ühendust aadressil


Conditions for receiving newsletters (in english)


The request for news delivered by the Strategy Office/Tallinn City Office must be entered on the website with your e-mail address and confirmed by receiving direct mail/notifications.

The newsletter is an e-mail sent to the subscriber once or twice a month, which contains news related to the Nexpo, Greentech Week events and connected events.

The e-mail address is used for sending newsletters.

When subscribing to newsletters, the subscriber gives the data processor a revocable request to use electronic contact and news transmission.

You can cancel the subscribed newsletter at any time by using the end of the newsletter. If you unsubscribe from the newsletter, the e-mail address will be removed from the list and no more newsletters will be sent. The e-mail address will be immediately deleted from the list of news senders.

Uudiskirjade saamise tingimused (eesti keeles)


Strateegiabüroo/Tallinna Linnakantselei poolt edastatavate uudiste saamiseks tuleb tellijal sisestada veebilehel enda e-posti aadress ja nõustuda otseposti/teavituste saamisega.

Uudiskiri on tellijale üks kuni kaks korda kuus saadetav e-kiri, mis sisaldab uudiseid seoses üritustega Nexpo ja Greentech Week ning seotud üritustega.

E-posti aadressi kasutatakse üksnes uudiskirjade edastamiseks.

Uudiskirjadega liitumisel annab tellija andmete töötlejale tagasivõetava nõusoleku kasutada oma elektroonilisi kontaktandmeid uudiste edastamise eesmärgil.

Tellitud uudiskirjast saab loobuda igal ajal uudiskirja lõpus olevat linki kasutades. Uudiskirjast loobumise korral eemaldatakse e-posti aadress nimistust ja uudiseid enam ei saadeta. E-posti aadress kustutatakse viivitamatult uudiste saajate nimekirjast.

Privacy Policy (Exponaut)



By visiting or related properties, including, but not limited to or other Exponaut’s hosted domains with the platform’s software (the “Site”), you acknowledge that you have read and understood the processes and policies referred to in this Policy. This Privacy Policy (“Policy”) explains how Exponaut OÜ (“Exponaut”) collects and processes your Personal Data. Each time you use our Site, the current version of this Policy will apply. Accordingly, whenever you use our Site, you should check the date of this Policy (which appears at the top) and review any changes since the last version. This Policy is applicable to all Site visitors, registered users, and all other users of our Site. “Personal Data” is any information that enables us to identify you, directly or indirectly, by reference to an identifier such as your name, identification number, location data, online identifier or one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.


Who we are


For the purposes of the General Data Protection Regulation 2016/679 (the “GDPR”), the Data Controller is Exponaut OÜ (registry code: 16067851), registered in Tallinn, Estonia with a business address of Laeva 2, 10111, Tallinn, Estonia.


How to contact us


If you have any questions or concerns about this Policy, please contact us using the Contact section on our Site.


2. How we collect personal data

2.1. Personal Data that you give us

We may collect and process the following Personal Data:

Contact information, which you provide when corresponding with us by phone, email or otherwise. This includes information you provide when you participate in discussion boards or other social media functions on our Site and when you report a problem with our Site. The information you give us may include your name, address, email address, phone number, financial information and/or credit card information.
Due payment information, including financial information such as credit/debit card and account numbers used to process your Virtual Event ticket registration and/or sponsorship or virtual booth payment.
Purchase information, relating to purchases of delegate passes and Virtual Event participation, either in-person or via our Site. Purchase information will include financial information as well as information concerning the content and time of the purchase.
Personal data collected through the platform, such as Virtual Event chat history, video and / or voice recording.

2.2. Personal data we collect from you

With regard to each of your visits to the Site we will automatically collect the following information:

Technical information, including the Internet protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
Information about your visit, including pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number
Location information

2.3. Personal Data we collect from other sources

We may collect information about you from publicly available and third-party databases or services that help us identify products and services that may be of interest to you.

2.4. Non-Personal Data

We collect information that is sent to us automatically by your web browser and we may use this information to generate aggregate statistics about visitors to our Site, including, without limitation:

IP addresses
Browser type and plug-in details
Device type (e.g., desktop, laptop, tablet, phone, etc.)
Operating system
Local time zone
We may use non-Personal Data for various business purposes such as providing customer service, fraud prevention, market research, and improving our Site. Please check your web browser if you want to learn what information your browser sends or how to change your settings.

3. How we use your personal data

We will only process your Personal Data, including sharing it with third parties, where (1) you have provided your consent which can be withdrawn at any time (GDPR Art. 6 (1) a)), (2) the processing is necessary for the performance of a contract to which you are a party to or in order to take steps at your request prior to entering into a contract (GDPR Art. 6 (1) b)), (3) we are required by law (GDPR Art. 6 (1) c)), or (4) processing is necessary for the purposes of our legitimate commercial interests, except where such interests are overridden by your rights and interests (GDPR Art. 6 (1) f)).

3.1. Personal Data that you give us

We may use Personal Data that you provide directly to us for the following purposes:

to carry out our obligations arising from your Virtual Event registration, or any other contract entered into between you and us and to provide you with the information, products and Virtual Event registration services that you request from us (GDPR Art. 6 (1) b));
to organize Virtual Events that you have purchased or registered for, and to provide you with information, and other materials, relating to the content of the Virtual Event, the speakers, sponsors and other attendees (GDPR Art. 6 (1) b));
to provide our newsletter and other publications, provided you have given your consent (GDPR Art. 6 (1) a));
to respond to your questions and provide related Virtual Event registration services (GDPR Art. 6 (1) b));
to provide you with information about other Virtual Events, products and services we offer that are similar to those that you have already purchased, provided you have not opted-out of receiving that information (GDPR Art. 6 (1) f));
to provide you, or permit selected third parties to provide you, with information about Virtual Events, products or services we feel may interest you, provided you have given your consent (GDPR Art. 6 (1) a));
to transfer your information as part of a merger or sale of the business (GDPR Art. 6 (1) f));
to notify you about changes to our Virtual Events (GDPR Art. 6 (1) b)); and
to ensure that content from our Site is presented most effectively for you (GDPR Art. 6 (1) f)).

3.2. Information we collect about you

We will use Personal Data that we have collected about your use of our Site for our legitimate interests (GDPR Art. 6 (1) f)) in order to:

administer our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
improve our Site to ensure that content is presented most effectively for you and your computer; as part of our efforts to keep our Site safe and secure;
measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
make suggestions and recommendations to you and other users of our Site about goods or services that may interest you or them.
3.3. Personal Data we receive from other sources
We will use this data for our legitimate interests (GDPR Art. 6 (1) f)) to improve our services and interaction with you.

4. When we share and who can access your personal data

We may share your Personal Data for the purposes described in this Policy with:

a member of our group
partners, suppliers and subcontractors, for the performance of obligations arising from your Virtual Event registration, or any other contract we enter into with them or you or to provide you with the information, products and Virtual Event registration services that you request from us
analytics and search engine providers that assist us in the improvement and optimization of our Site
trusted third-party companies and individuals to help us provide, analyse, and improve the Site and our Virtual Event registration services (including but not limited to data storage, maintenance services, database management, web analytics and payment processing)
in the Virtual Event that we sell or buy any business or assets, in which case we will disclose your Personal Data to the prospective seller or buyer of such business or assets
if Exponaut or substantially all of its assets are acquired by a third party, in which case Personal Data held by it about its customers will be one of the transferred assets.
We will only transfer your Personal Data to trusted third-parties who provide sufficient guarantees in respect of the technical and organizational security measures governing the processing to be carried out and who can demonstrate a commitment to compliance with those measures.


Although we use security measures to help protect your Personal Data against loss, misuse or unauthorized disclosure, we cannot guarantee the security of information transmitted to us over the internet. All information you provide to us is stored on secure servers. Any payment transactions will be encrypted using SSL technology.


In order to conduct our economic activities, your personal data may be transferred to and processed by recipients which are located outside the European Economic Area (hereinafter “EEA”). For example, the data servers of some of our third-party providers may be located outside of the European Economic Area. Exponaut will take all measures to ensure that transfers outside the EEA are adequately protected as required by this Policy, the GDPR and applicable law. With respect to transfers to countries not providing an adequate level of data protection, we base the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission or approved certification mechanisms together with binding and enforceable commitments of the recipient. You can obtain more information or a copy of the appropriate or suitable safeguards by contact us using the Contact section on our Site.

7.How long we store and retain your data

We will store your Personal Data, in a form which permits us to identify you, for no longer than is necessary for the purpose for which the Personal Data is collected. We may retain and use your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements and rights. Consistent with these requirements, we will try to delete your Personal Data without undue delay upon request.

We will retain your information for as long as your account is active or as needed to provide you with our Site. If you wish to cancel your account or request that we no longer use your information to provide you service, contact us at directly at We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We maintain one or more databases to store your Personal Data and may keep such information indefinitely.

We use cookies for anonymous tracking data.

9.Links to third party sites and services

Our Sites may contain links to third party websites, applications and services not operated by us. These links are provided as a service and do not imply any endorsement by us of the activities or content of these sites, applications or services nor any association with their operators. Company is not responsible for the privacy policies or practices of any third party including websites or services directly linked to our Service. We encourage you to review the privacy policies of any third party site that you link from our Service.

10.Your rights

If any of the information that we have about you is incorrect, or you wish to have information (including Personal Data) removed from our records, you may do so by contacting us at Under European data protection law, in certain circumstances, you have the right to:

Request access to your Personal Data. You may have the right to request access to any Personal Data we hold about you as well as related information, including the purposes for processing the Personal Data, the recipients or categories of recipients with whom the Personal Data has been shared, where possible, the period for which the Personal Data will be stored, the source of the Personal Data, and the existence of any automated decision making.
Request correction of your Personal Data. You may have the right to obtain without undue delay the rectification of any inaccurate Personal Data we hold about you.
Request erasure of your Personal Data. You may have the right to request that Personal Data held about you is deleted.
Object to processing of your Personal Data. You may have the right to prevent or restrict processing of your Personal Data.
Request restriction of processing your Personal Data
Request transfer of your Personal Data. You may have the right to request transfer of Personal Data directly to a third party where this is technically feasible.
In addition, where you believe that Exponaut has not complied with its obligations under this Policy or European data protection law, you have the right to make a complaint to a complaint to the relevant supervisory authority, which in Estonia is the Data Protection Inspectorate. Their contact details can be found, here: . You can exercise any of these rights by contacting us using the Contact section on our website.

Opting out
Additionally, if you have consented to receive our marketing messages, but no longer prefer to receive such information, please let us know by clicking on the unsubscribe link within any marketing message that you receive, or by sending a message to us at

11.Changes to this policy

If we make any material changes to this Policy or the way we use, share or collect personal Data, we will notify you by revising the “Last Updated” date at the top of this Policy

Last updated on: 15 June 2022

Contact us:  / +372 53 302 552