Privacy Policy

Valid from 16.01.2026

Introduction

This Privacy Policy explains how GBRIS (“we”, “us”, “our”) processes personal data when users visit our website, use our services, or purchase documents and reports. We are committed to protecting personal data and complying with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable data protection laws.

This Privacy Policy applies to:

Visitors to our website

Customers purchasing documents or reports

Individuals whose personal data may appear in documents or reports purchased through our services

Data Controller

Controller: GBRIS
Address: Harju maakond, Tallinn, Põhja-Tallinna linnaosa, Telliskivi tn 60/1-53, 10412, Estonia
Email: [email protected]

GBRIS acts as the data controller within the meaning of Article 4(7) GDPR.

All questions regarding the processing of personal data, the exercise of data subject rights, or privacy-related inquiries should be directed to the above email address.

Types of Data We Process

Publicly Available Entity Information

The information displayed publicly on our website primarily consists of business entity data, such as:

Legal entity name

Registered business address

Registration or identification numbers

This information primarily relates to legal entities. Where such information relates to identifiable natural persons, it is treated as personal data in accordance with GDPR.

Personal Data of Natural Persons

We may process personal data relating to identifiable natural persons, including but not limited to:

Customer contact details (name, email address, billing information)

Technical data (IP address, device identifiers, browser type)

Transaction and order details

Personal data contained in purchased documents or reports (e.g. names of company representatives, sole proprietors, or beneficial owners)

All such data is processed in accordance with GDPR.

Purposes of Processing and Legal Bases (Article 6 GDPR)

We process personal data only where a lawful basis exists under Article 6 GDPR:

Purpose	Legal Basis
Processing orders and delivering purchased documents	Performance of a contract (Art. 6(1)(b))
Customer communication and support	Performance of a contract (Art. 6(1)(b))
Accounting, invoicing, tax, and legal compliance	Legal obligation (Art. 6(1)(c))
Website security, fraud prevention, and abuse monitoring	Legitimate interests (Art. 6(1)(f))
Website analytics (non-essential cookies)	Consent (Art. 6(1)(a))
Advertising and conversion tracking	Consent (Art. 6(1)(a))

Where processing is based on consent, consent may be withdrawn at any time without affecting the lawfulness of processing carried out before withdrawal.

Cookies and Tracking Technologies

We use cookies and similar technologies on our website.

Cookie Categories

Strictly necessary cookies
Required for the operation, security, and functionality of the website.

Non-essential cookies

Analytics cookies (website usage analysis)

Marketing and advertising cookies (including conversion tracking)

Cookie Consent Management

Non-essential cookies are placed only after obtaining explicit user consent

Users may accept or reject non-essential cookies via the cookie banner

Consent can be withdrawn at any time by revisiting cookie settings and selecting “reject”

Cookie durations are defined per cookie and disclosed in the cookie information section

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected:

Customer and transaction data: retained for the duration of the contractual relationship and thereafter as required by accounting and tax laws

Communication data: retained for up to 24 months after the last interaction

Analytics and cookie data: retained according to cookie-specific duration settings

Personal data contained in purchased documents: retained only as long as necessary to fulfil the order and comply with legal obligations

Retention periods may be extended where required by law or for the establishment, exercise, or defence of legal claims.

Data Sharing and Processors

We may share personal data with trusted third-party service providers acting as data processors, including:

Hosting and infrastructure providers

Payment service providers

Analytics and advertising providers (including Google and Microsoft)

Customer communication and support tools

All processors are subject to GDPR-compliant Data Processing Agreements (DPAs) and process personal data solely on our documented instructions.

International Data Transfers

Some of our service providers (including Google and Microsoft group companies) may process personal data outside the EU/EEA.

Where personal data is transferred outside the EU/EEA, we ensure appropriate safeguards, including:

EU Standard Contractual Clauses (SCCs)

Adequacy decisions adopted by the European Commission, where applicable

Additional technical and organisational security measures

Data Subject Rights

Under GDPR, individuals have the following rights:

Right of access

Right to rectification

Right to erasure

Right to restriction of processing

Right to object to processing

Right to data portability

Right to withdraw consent at any time

Right to lodge a complaint with a supervisory authority

Requests may be submitted by email to [email protected].

Supervisory Authority

Individuals have the right to lodge a complaint with their local data protection authority or with the supervisory authority in the EU Member State of their habitual residence, place of work, or place of the alleged infringement.

Security Measures

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, loss, or misuse.

Changes to This Policy

We may update this Privacy Policy from time to time. The latest version is always available on our website and applies from the “Last updated” date stated above.