Industry@Tallinn & Baltic Event
Last updated: May 29, 2026

This Privacy Policy describes the policies and procedures of MTÜ BE and MTÜ Pimedate Ööde Filmifestival regarding the collection, use, and disclosure of your personal data when you register for, attend, or otherwise participate in the Industry@Tallinn & Baltic Event (the "Event"), and explains your privacy rights and how the law protects you.

By registering for or attending the Event, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Data Controller
The data controller responsible for your personal data is:
MTÜ BE, Reg. code 80213483, Nurme 45, 11621 Tallinn, Estonia, email: balticevent@poff.ee
For the purposes of the General Data Protection Regulation (GDPR) and the Estonian Personal Data Protection Act (Isikuandmete kaitse seadus, IKS), MTÜ BE is the Data Controller.

2. Definitions
For the purposes of this Privacy Policy:
• "You" means the individual registering for or attending the Event.
• "Personal Data" means any information relating to an identified or identifiable natural person.
• "Processing" means any operation performed on personal data, such as collection, recording, storage, use, or disclosure.
• "Event" means the Industry@Tallinn & Baltic Event organised by MTÜ BE and MTÜ Pimedate Ööde Filmifestival.
• "Service Providers" mean third-party companies or individuals engaged by MTÜ BE or Pimedate Ööde Filmifestival to facilitate the Event or provide related services.

3. Personal Data We Collect
3.1 Event Registration Data
When you register for the Event, we collect the following personal data:
• Full name
• Email address
• Company / organisation name
• Job title / professional role
• Country of residence
• Any other information you voluntarily provide during registration

3.2 Meeting Platform Data
If you use a meeting application or platform associated with the Event, we may collect:
• Profile information (name, photo, bio, company)
• Connection activity within the platform
• Meeting requests and scheduling data
• Technical identifiers such as device type and IP address

3.3 Photos and Videos
During the Event, we may capture photographs and video recordings for documentation, marketing, and promotional purposes. You may be captured in these materials as an attendee. We will seek your consent prior to capturing or publishing identifiable images of you.

3.4 Usage Data
We may automatically collect technical data such as your IP address, browser type, and pages visited when you access Event-related websites or the networking platform.

4. Legal Basis for Processing
We process your personal data on the following legal bases under GDPR Article 6 and the Estonian IKS:
• Consent (Article 6(1)(a) GDPR): For photos and videos, email marketing, and optional networking features where you have given explicit consent.
• Contract performance (Article 6(1)(b) GDPR): To register you for the Event and fulfil our obligations to you as an attendee.
• Legitimate interests (Article 6(1)(f) GDPR): To improve Event organisation, ensure security on-site, and conduct post-event analysis, where our interests are not overridden by your rights.
• Legal obligation (Article 6(1)(c) GDPR): Where processing is required to comply with Estonian law or other applicable EU legislation.

5. How We Use Your Personal Data
We use your personal data for the following purposes:
• To register you for and manage your attendance at the Event.
• To communicate with you about the Event, including schedules, updates, and logistical information.
• To facilitate meetings with our Projects via the Event meeting platform Fiona.
• To photograph and film the Event for documentary, marketing, and promotional use (website, social media, press).
• To send you post-event surveys, newsletters, and information about future events — you may opt out at any time.
• To comply with legal and regulatory obligations.
• To detect, prevent, and address technical or security issues.

6. Sharing Your Personal Data
We may share your personal data with:
• Service providers: Third parties that help organise and run the Event (e.g., venue operators, ticketing platforms, meeting app providers, email marketing tools). These parties are bound by data processing agreements and may only use your data on our instructions.
• Sponsors and partners: With your consent, we may share your contact details with Event sponsors or partners for their own marketing purposes.
• Other attendees: Your name, company, and profile information may be visible to other attendees, to the extent you choose to share it.
• Public authorities: We may disclose your data to law enforcement or regulatory bodies when required by Estonian or EU law.
• Business transfers: In the event of a merger, acquisition, or transfer of assets, your data may be transferred to the acquiring entity.
We do not sell your personal data to third parties.

7. Cookies and Tracking Technologies
Our Event website and meeting platform use cookies and similar tracking technologies. These include:
• Essential cookies: Required for the platform to function correctly and to authenticate users.
• Functional cookies: Used to remember your preferences and settings.
• Analytics cookies (third-party): Used to monitor traffic and improve our services. We use Google Analytics — see https://policies.google.com/privacy for more information.
You may configure your browser to decline cookies. Declining non-essential cookies will not affect your ability to register for or attend the Event, but may limit certain platform features.

8. Retention of Your Personal Data
We retain your personal data only as long as necessary for the purposes outlined in this Policy, or as required by Estonian or EU law. Typical retention periods are:
• Registration data: Up to 3 years after the Event for accounting, legal, and reporting obligations.
• Meeting platform data: Deleted within 12 months after the Event, unless you request earlier deletion.
• Photos and videos: Retained for 30 years for archival and promotional use, unless you request removal of identifiable images by writing to balticevent@poff.ee.
• Usage/technical data: Up to 12 months.

9. International Data Transfers
Your personal data is processed primarily in Estonia (EU/EEA). Where data is transferred to countries outside the EEA (e.g., via third-party service providers such as Fiona, Google or Mailchimp), we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) or equivalent mechanisms under GDPR Chapter V.

10. Your Rights
Under GDPR and the Estonian IKS, you have the following rights:
• Right of access: To request a copy of the personal data we hold about you.
• Right to rectification: To request correction of inaccurate or incomplete data.
• Right to erasure ("right to be forgotten"): To request deletion of your data where there is no compelling reason for continued processing.
• Right to restriction: To request that we restrict processing of your data in certain circumstances.
• Right to data portability: To receive your data in a structured, machine-readable format.
• Right to object: To object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, please contact us at: balticevent@poff.ee
We will respond within one month, extendable by two months for complex requests. We may ask you to verify your identity before fulfilling your request.
If you are not satisfied with our response, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon): www.aki.ee | info@aki.ee | +372 627 4135.

11. Children's Privacy
The Event and its associated services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us immediately at balticevent@poff.ee and we will take steps to delete such information.

12. Security
We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

13. Third-Party Links
Our website or meeting platform may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies.

14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website prior to the change taking effect. The date of the last revision is shown at the top of this document.

15. Contact Us
For any questions or requests regarding this Privacy Policy:
MTÜ BE, reg. code 80213483
Nurme 45, 11621 Tallinn, Estonia
Email: balticevent@poff.ee