1. Data Controller

Nordic C-Management OÜ
Company registration number: 16827954
Address: Nordic C-Management, Aia tn 4, 10111 Tallinn
Email: maret@c-management.ee

2. Contact Person for Registry Matters

Name: Jörgen Weckström
Email: maret@c-management.ee

3. Name of the Register

C-Management Customer and Marketing Register

4. Registered Individuals

– Representatives of client companies
– Employees of client companies (e.g. payroll, HR)
– Company owners and board members
– Partners and service providers
– Website visitors (cookies and analytics)

5. Purpose of Processing Personal Data

Personal data is collected and processed for the following purposes:
– Accounting and financial management – Invoicing, taxation, reporting
– Payroll and HR services – Contracts, salary processing, reporting
– Client relationship management – Communication, contracts, invoicing
– Internationalisation services – Market analysis, business development
– Website usage analytics – Cookies, performance tracking

Legal grounds for processing:
– Contractual obligations (GDPR Article 6(1)(b))
– Legal obligations under Estonian law (e.g. Raamatupidamise seadus, Tulumaksuseadus)
– Consent (e.g. for marketing and cookies)

6. Contents of the Register

Data may include:
– Name, email, phone number, job title
– Invoices, contracts, salary information, tax data
– Bank details for payroll
– IP address, browser, and OS from website usage

7. Regular Data Disclosures

Data may be disclosed to:
– Estonian Tax and Customs Board (Maksu- ja Tolliamet)
– Payroll and accounting software providers
– Banks and payment processors
– IT, hosting and security service providers
No data is sold or shared for third-party marketing without consent.

8. Transfer of Data Outside the EU/EEA

Data is primarily stored and processed within the EU/EEA.
In rare cases where data is transferred outside the EU, appropriate safeguards (e.g. Standard Contractual Clauses) will be used in accordance with GDPR.

9. Data Security

We ensure data security with:
– Encrypted connections and secure servers
– Firewalls and restricted access
– Regular audits and access logs
Only authorised personnel can access personal data.

10. Data Retention

– Accounting data: stored for 7 years, in line with Raamatupidamise seadus
– Payroll data: stored for 7–10 years, in line with Tulumaksuseadus
– Customer data: retained for up to 2 years after the relationship ends
– Cookie/analytics data: retained per cookie policy

Once retention periods expire, data is deleted or anonymised. You may request deletion unless legal requirements prevent it.

11. Rights of the Data Subject

Under GDPR, you have the right to:
– Confirm whether your data is being processed
– Access and update your data
– Request erasure of your data
– Restrict or object to processing
– Withdraw consent (e.g. from marketing)
– Lodge a complaint with Andmekaitse Inspektsioon (Estonian Data Protection Authority): www.aki.ee

Requests will be answered within 30 days.

12. Cookies

Our website uses cookies to improve functionality and user experience.

Types of cookies used:
– Essential cookies – For basic site operation
– Analytics cookies – e.g. Google Analytics
– Functional cookies – e.g. language preference
– Marketing cookies – Used only with your consent

You may manage cookies through your browser settings.