Privacy Policy

This privacy policy (“Privacy Policy”) describes how Latitude59 conference main organizer MTÜ Latitude59 (“Latitude59”/”us”/”we”/”our”) is committed to protecting and respecting your privacy in compliance with the General Data Protection Regulation 2016/679 (“GDPR”).

This Privacy Policy will explain when and why we collect personal data of different data subjects (also referred as “you”), how we use it, the conditions where we may disclose it to other parties and how we keep it secure. This privacy policy applies to the use of our entire website and our conference ticket sales and other processing connected to Latitude59 activities. Our aim is to protect the privacy of our visitors’, cooperation partners’ and other data subjects’. 

Please read this Privacy Policy as it contains important information about the processing of your personal data and about rights connected to personal data.

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us (see clause 2.2).

1. DEFINITIONS

Definitions are terms often used in the Privacy Policy. Terms are defined in this Section of the Privacy Policy or in the text of the Privacy Policy. 

Personal data protection terms have the same meaning as defined here or in the GDPR. Certain data protection terms may be additionally explained for your convenience.

1.1 Cookies mean data files stored in the Visitor’s device upon visitation of the Website according to the selection made. More information about the use of Cookies by us and on our Website can be found via the Cookie solution on our Website.
1.2 Data Subject is an identified or identifiable natural person (“you”). In case of a legal person data subject’s rights are applicable to the representative of the legal person (e.g., employee, management board member etc.). For example, we process personal data of visitors of our conference and events, speakers, volunteers and other participants of conference and events, our cooperation partners (if natural persons) or their employees/representatives etc. 
1.3 Privacy Policy means this text, which sets out our principles of personal data processing.
1.4 Website means following website(s) and their subdomains:
(a)https://latitude59.ee/ 
(b) and where applicable also refers to our social media pages.

2. GENERAL INFORMATION AND CONTACT DETAILS

Here you will find when the Privacy Policy applies, information about who we are, and how to contact us. 

2.1 About us. MTÜ Latitude 59 is a non-profit association, registration code 80422695, address Harju maakond, Tallinn, Põhja-Tallinna linnaosa, Telliskivi tn 60a/1, 10412, e-mail info@latitude59.ee
2.2 Contacts. You can contact us in matters related to personal data processing by e-mailing us at info@latitude59.ee or writing to us on the address provided in the previous clause i.e., 2.1 and addressing the letter as personal data inquiry. 
2.3 About the Privacy Policy. The Privacy Policy applies to personal data processing done by us when fulfilling our purpose (activities of Latitude59) and in connection to Latitude59 business conference, organising connected events, conducting surveys and to processing done via and on our Website and social media. This Privacy Policy does not apply to processing of personal data of our employees and job applicants (i.e. candidates). 
2.4 Changes. We have the right to unilaterally amend this Privacy Policy. We will notify the Data Subject of all important material changes on the Website or otherwise.
2.5 About the Controller. We are the controller of your personal data for the processing in the scope of this Privacy Policy. 
2.6 Other links/apps etc. Please note, that the links on our Website may lead to media that is governed by privacy terms of the respective service providers’, and not by this Privacy Policy. We are not responsible for anything on those other websites. Processing of your personal data on our social media channels by providers of those platforms is done according to the privacy terms of relevant platform. In case of our social media, we will adhere to the relevant platform’s terms and to this Privacy Policy. 

3. PRINCIPLES OF PERSONAL DATA PROCESSING 

Here you will find the key principles that we are always guided by when processing your personal data.

3.1 Compliance and aim. Our aim is to process personal data in a responsible manner where we are able to demonstrate the compliance of personal data processing with the purposes set and the applicable regulations.
3.2 The principles. All our processes, guidelines and activities related to personal data processing are based on the following principles: lawfulness, fairness, transparency, purposefulness, minimisation, accuracy, storage limitation, integrity, confidentiality, and data protection by default and by design.

4. Information we process

Here you can find categories of Data Subjects and personal data we process.

4.1 Categories of Data Subjects. Generally, we may process personal data of the following Data Subjects:

(a) Cooperation partners (if natural persons);
(b) Representatives and employees of our cooperation partners’;
(c) Speakers at our conference and events;
(d) Founders and other connected people of startups participating;
(e) Website visitors;
(f) Conference and event visitors (incl. different ticket holders e.g., executives, investors);
(g) Volunteers;
(h) our employees or contractors (more precise information given in internal documents);
(i) other Data Subjects (if any).

4.2 Collection of Personal Data. We collect personal data as follows:

(a) Personal data disclosed to us by the Data Subject mainly data submitted for the purpose of co-operation or obtaining information about our activities e.g., for registering to our events, signing up for the newsletter. Usually – name, contact details, e-mail address, other data sent or made available to us by the Data Subject;
(b) Personal data gathered when you purchase a conference ticket and/or take part of our other events (full name, ticket type, contacts, organization information, position, country, industry);
(c) Personal data gathered when you sign up for our Startup Ticket or Startup Demo Area or Pitch Competition via deal management platform (name, ticket type, contacts, country, industry, organization information (as marked on the form), position);
(d) Personal data gathered when you participate in our conference or other event – when you sign up for media accreditation via our media accreditation sign-up form or you sign up to be a conference volunteer via our volunteer sign-up form (name, ticket type, contacts, organization information, position, country);
(e) Personal data resulting from standard communication between us and the Data Subject e.g., correspondence regarding our conference and events and activities;
(f) Personal data resulting from visiting and using the Website (device data, IP address, data gathered by Cookies – see Cookie solution on our Website for more precise information);
(g) Personal data obtained from third parties e.g., when doing KYC on a potential co-operation partner, data from use of third-party services;
(h) Personal data provided to us by our cooperation partners (data depending on the nature of the cooperation);
(i) Personal data generated and combined by us e.g., correspondence within the context of activities of us, activity analytics, surveys and feedback (data depending on the correspondence, name, email).

4.3 Data we process. We mainly process the following personal data:

(a) Cookies and other tracker data – data gathered from use of Website incl., by Cookies (if enabled – see Cookie solution on our Website);
(b) Technical data – IP address, used device, device system, logs of use (incl. movement) of Website and other systems used by us (if any); 
(c) identification data – full name, address/country, contacts, representation rights in an organisation, position, postal code, category of cooperation/ticket (e.g., media, investor, executive, guest, startup, volunteer);
(d) KYC and AML checks data  – if applicable; full name, date of birth, ID-code, sanction check, adverse media, BO data;
(e) contact data – e-mail, phone nr, address;
(f) accounting data – bank details, billing data;
(g) communications – communications with us (emails, sms, chats, calls);
(h) video recording (if any) e.g., when Data Subjects visit our premises (the surveillance recording);
(i) Other data – e.g., provided in the surveys, feedback, comments and questions inc. on our social media, data about participating in our events and activities (if any).

5. GENERAL PURPOSES, GROUNDS FOR, AND ACTIVITIES OF PROCESSING

Here you will find information about the purposes and grounds for processing of your personal data. 

5.1 Main purposes. We collect and use your personal data mainly to keep you informed of Latitude59 news and updates, to send you information regarding your purchased ticket(s), and to perform sales of Latitude59 conference tickets. We may also use your personal data for the following purposes:
5.1.1 To send you marketing communications that you have requested or we believe are of interest to you; to send you  information needed for successfully enjoying our conference or events. These may include information and updates about the Latitude59 conference itself (e.g. venue, side activities, related content, conference program and any other relevant details about the conference), our conference tickets, our conference sponsors, promotions related to our conference and tickets and promotions of our associated sponsors and partners’ products or services. 
5.1.2 To send you information about your conference ticket(s) that you have purchased from us.
5.1.3 To notify you about any problems or disruptions related to the Latitude59 conference or events.
5.1.4 Other purposes and activities stated in this Privacy Policy.

5.2 Necessary data. Most of our services do not require any form of registration, allowing you to visit our Website without telling us who you are. However, some services – i.e. purchasing our conference ticket(s), signing up for our Startup Demo Area and/or Pitch Competition, volunteer registration and media accreditation – will require you to provide us with your personal data. In these situations, if you choose to withhold any personal data we request, it may not be possible for you to gain access to certain parts of our Website/service (e.g. the payment confirmation page, profile management for startups), to sign up for relevant activities and for us to respond to you.
5.3 Consent. Based on consent, we process personal data precisely within the limits, to the extent and for the purposes for which the Data Subject has given their consent. The Data Subject’s consent must be freely given, specific, informed, and unambiguous, for example, by ticking the box on the Website or on our service providers´/cooperation partners´ site. Please note that you have the right to withdraw your consent for processing of your personal data at any time. Withdrawal of consent will not influence the rightfulness of personal data processing done under the consent before the withdrawal of the consent. 
5.4 Entry into and performance of a contract. If we enter into a contract with a Data Subject, we may process personal data for entering into the contract, for fulfilling the contract, communicating about the contract and fulfilling the contract, billing, providing support (usually identification data, contact data, communications and accounting data are processed).
5.5 Legal obligation. We process personal data to comply with a legal obligation in accordance with and to the extent provided by law. For example, obligation to retain accounting documents from Estonian Accounting Act, obligations in connection to the International Sanctions Act (KYC, AML data).
5.6 Legitimate interest. Our legitimate interest means our interest in managing or directing our activities and enabling us to fulfil our mission. In case we are using legitimate interest, we have previously assessed our and your interests. You have the right to see conducted assessment connected to processing of your personal data. If you wish to do so contact as at info@latitude59.ee. We may process your personal data (except special categories of personal data) based on legitimate interest for the following purposes:

(a) managing and analysing our CRM database and activities (if not covered with the contract with the Data Subject) to fulfil our mission and ensure managing organizing the conference and events, incl. using a CRM or analytics solutions to enable the foregoing (mainly identification data and contact data is used);
(b) development and improvement of our Website (mainly anonymous; however, depending on the development all data may be used);  
(c) ensuring a better experience with us for that we may monitor the usage of our Website, analyse identifiers and personal data collected when our Website, our social media pages and other sales channels are used, and we may collect statistics about Data Subjects; mainly Cookies and technical data are processed;
(d) sending information to the Data Subject if the respective person has been added as a contact person by our cooperation partner or if the Data Subject has shown interest in our services, has previously purchased our services (if such processing is allowed in relevant jurisdiction). In these cases, the person is always guaranteed to have a simple opportunity to resign from the communication, and we have considered our and the Data Subject’s interests;
(e) making recordings and logging; we may record messages and orders given both in our premises and using means of communication (e-mail, sms, chat) as well as information and other activities we have performed. If necessary, we use these recordings to prove orders, claims or other activities;
(f) video surveillance recordings for security, protection of people and property and proof and protection of claims; 
(g) technical and cyber security reasons, for example measures for combating piracy, fraud and ensuring the security of the Website as well as for making and storing back-up copies and preventing/repairing technical issues (depending on the issue all data may be processed);
(h) processing for allowing for and improving Latitude59 conference and events and connected activities by exchanging information between and with our cooperation partners; this also includes providing startup, founder and visitor data to selected cooperation partners to allow for better communication and business relationship development between those parties, incl., improving startups and other visitors visibility and possibility for investment, business improvement, deals etc (all gathered data may be processed);
(i) processing for organisational purposes between us (incl. our different bodies (if any)) and our cooperation partners; this includes – data exchange between legal entities belonging to the same group with us (if any), processing to further our mission, processing in connection to audits and other potential supervision, including for processing the personal data of co-operation partners’ representatives (depending on the activity all data may be processed); 
(j) establishing, exercising or defending legal claims, incl. assigning claims to, for example, collection service providers, or using legal advisors (depending on the claim/issue all data may be processed);
(k) processing in the context of commercial transactions – mergers, acquisitions, purchase/ sale of shares or a company and/or recunstructioning of legal entities; processing of data in the framework of carrying out a transaction and consulting (all data may be processed);
(l) If you have given us information about not sending you a certain type of information – retaining the information about such prohibition.

5.7 New purpose. Where personal data is processed for a new purpose other than that for which the personal data are originally collected or it is not based on the Data Subject’s consent, we carefully assess the permissibility of such new processing. We will, in order to ascertain whether processing for a new purpose is compatible with the purpose for which the personal data are initially collected, take into account, inter alia:

(a) any link between the purposes for which the personal data are collected and the purposes of the intended further processing;
(b) the context in which the personal data are collected, in particular regarding the relationship between the Data Subject and us;
(c) the nature of the personal data, in particular whether special categories of personal data are processed or whether personal data related to criminal convictions and offences are processed;
(d) the possible consequences of the intended further processing for Data Subjects;
(e) the existence of appropriate safeguards, which may include encryption or pseudonymisation.

5.8 Overview of our main personal data processing activities in the scope of this Privacy Policy:

Purpose Legal Basis Personal Data (please see categories in clause 4.3)
Sale of tickets to conference or other event GDPR art 6 (1) b; GDPR art 6 (1) f (in case of legal entities) Identification data (as minimally necessary) and accounting data
Registration of tickets to events and conference - contact form on the Website or registering via other service provider GDPR art 6 (1) b Usually – full name, email, organization, position, country, other data indicated or inserted to the contact form. Exact data and obligatory data indicated in the relevant form
Enabling use of our Website Usually GDPR art 6 (1) f; the GDPR art 6 (1) a – for data gathered via Cookies Depending on the usage purpose – usually Cookies data and technical data (non-registered visitation);
Processing for organising and running the conference or event (e.g. volunteers, demo area, pitch competition, enabling meetings and communication solution -Latitude59 app or similar app) GDPR art 6 (1) f (if tickets are sold to a legal person, then representatives’/employees´ PII is generaaly processed under legitimate interest); the GDPR art 6 (1) b- if a contract is entered into with a Data Subjec Identification data, communications, accounting data (if necessary)
Processing of personal data for entering into contract GDPR art 6 (1) b (if contract with a Data Subject) or art 6 (1) f (contract with a legal person) Identification, contact, communication, accounting, KYC data (if necessary)
Personal data processing and exchange with Latitude59 cooperation partners GDPR art 6 (1) f or GDPR art 6 (1) a (e.g., for AWS) All data may be processed
Customer support GDPR art 6 (1) b or GDPR art 6 (1) f (for legal entities) As a general rule, the information that the Data Subject has transmitted. However, depending on the situation, all personal data may be processed.
Marketing for organising events GDPR art 6 (1) f or GDPR art 6 (1) a (for communications data subjects have subscribed to) Cookies data – online marketing; email, name, subscription information or fact of interest/previous purchase
Conducting surveys, e.g. feedback surveys and other analytics and statistics Anonymization may also be used for statistics GDPR art 6 (1)(f) Name, contacts, fact of participation and/or subscription
Sending necessary notices in connection to the conference/event Consent (GDPR Art. 6 (1) b or legitimate interest (if there is no direct contract with the Data Subject) email, ticket/event registration information; in case of legitimate interest: name, e-mail
Sending necessary notices in connection to the conference/event Consent (GDPR Art. 6 (1) b or legitimate interest (if there is no direct contract with the Data Subject) email, ticket/event registration information; in case of legitimate interest: name, e-mail
Service and IT development – improve existing and develop new services and solutions, test technical solutions for ensuring fulfilling our mission Anonymization is also used GDPR art 6 (1) f Generally anonymous, however all data may be processed
Necessary processing related to legal obligations GDPR art 6 (1) c All personal data may be processed
To certify and defend claims based on the performance of a contract or other legal obligation or based on our legitimate interest, e.g. to prepare and respond to legal claims, inquiries, etc. GDPR art 6 (1) f All personal data may be processed
Fraud detection and prevention GDPR art 6 (1) f All personal data may be processed
Security and proof of claims – use of video recordings GDPR art 6 (1) f Information on video recordings, however, all personal data may be processed depending on the situation
Other processing under legitimate interest GDPR art 6 (1) f See clause 5.6

Please read the whole Privacy Policy for full details. 

6. TRANSFER AND AUTHORISED PROCESSING OF PERSONAL DATA

Here you will find information about the transfer and authorised processing of personal data.

6.1 Usage of cooperation partners. We may cooperate with persons to whom we may transmit data, including personal data. We may have different type of controller-processor-sub-processor relationships with those cooperation partners. When transferring personal data to third parties (generally our cooperation partners), we comply with the applicable data protection requirements. If you have consented or we have other suitable legal grounds for it we may provide our cooperation partners your information for example we may provide investor ticket holders startups information that may include personal data.
6.2 Requirements for the usage of cooperation partners that are our processors. Such third parties may include:
6.2.1 advertising and marketing partners (Cookies data, name, contact data);
6.2.2 advisers e.g., financial adviser, tax (depending on the case connected data);
6.2.3 IT partners, i.e., service providers for various technical services (e.g., CRM; depending on the service all data may be processed);
6.2.4 accounting service provider (identification, KYC and accounting data);
6.2.5 meeting and chat service provider for the conference/ events (identification data, communications on the app, technical data).

We may use such processors provided that the respective purpose and processing are lawful and personal data are processed pursuant to the instructions of us and on the basis of a valid data processing agreement. 

If you wish to get more information about which processors we may give your personal data, please contact us at info@latitude59.ee.

6.3 Other transfers. In other cases, we may transmit your personal data to third parties provided that we have a valid ground to do so e.g., your consent or a legal obligation or there is an exception in the event that the transfer is necessary to protect your vital interests.

6.3.1 We may disclose your personal data:
(a) Connected service provides who are separate controllers – e.g., payment service providers, attorneys, banks, ticket sales platforms etc.;
(b) For Law Enforcement and other public authorities. Under certain circumstances, we may be required to disclose your personal data if required to do so by law or in response to valid requests by public authorities. We always assess the lawfulness of information requests before disclosing any personal data.  We may also be obligated to provide certain data due to a legal obligation. We may also forward data to relevant public authorities or investors/grant providers if necessary.

1.2 Transfers outside the EEA. We may use service providers/co-operation partners from outside the EEA. Such transfers are only commenced if requirements from the GDPR Chapter V are met e.g., adequacy decision* (see the GDPR art 45) or EU SCC (see the GDPR art 46). We usually use EU standard contractual clauses** or EU-US Data Privacy Framework*** for transferring your personal data outside of the EEA. We will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. * Adopted adequacy decisions can be found here. ** You can find the text of standard contractual clauses here.  *** Participants of the EU-US Data Privacy framework can be found here. If you want more information about transfers outside the EEA, contact us at info@latitude59.ee.  

2. STORAGE AND SECURITY OF PROCESSING PERSONAL DATA

Here you will find a description of how we protect your personal data and for how long we store personal data.

2.1 Storage. We comply with the purpose of processing principle and have set storage periods for personal data, e.g., we use claim limitation periods set in applicable law for potential claims, and storage periods provided for in the law. We store personal data as long as need depending on the purpose of the processing. Cooperation partner’s data is generally retained, for the duration of cooperation + if needed additional 7 years. We renew data about contact persons and representatives as needed. Certain personal data is stored depending on the requirement deriving from applicable law e.g., 7 years accounting data, 10 years data of employment contracts. Personal data for which the storage period has expired are destroyed or made anonymous. If you want more precise information on data retention, then write to us at info@latitude59.ee
2.2 Security measures. We have established guidelines and rules of procedure on how to ensure the security of personal data through the use of both organisational and technical measures. Among other, we do the following to ensure security and confidentiality:

(a) We have access-level management system in use;
(b) We process the personal data transferred to us only for the purpose and to the extent necessary for providing the Website and in connection to our activities; and other purposes laid out in this Privacy Policy;
(c) we use software solutions that help ensure a level of security that meets the market standard.

2.3 Incident. In the event of any incident involving personal data, we do our best to mitigate the consequences and alleviate the relevant risks in the future. We will follow notice requirements of the GDPR.

3. GDPR Data Protection Rights

Here you can read about your rights in connection to your personal data. 

3.1 We would like to make sure you are fully aware of all of your data protection rights. Every Data Subject is entitled to the following rights (under certain preconditions):

(a) The right to access – you have the right to access and to request copies of your personal data.   
(b) The right to rectification – you have the right to request that we correct any information that is inaccurate.
(c) The right to erasure – you have the right to request that we erase your personal data, under certain conditions (e.g., we are processing your personal data under your consent).
(d) The right to restrict processing – you have the right to request that we restrict the processing of your personal data, under certain conditions (e.g., we are processing your personal data under consent).
(e) The right to object to processing – you have the right to object to our processing of your personal data, under certain conditions (e.g., we are processing your personal data under legitimate interest).
(f) The right to data portability – you have the right to request that we transfer the data that you have provided us to another organization, or directly to you, under certain conditions.
(g) Rights in connection to consent – if we process your personal data using consent as legal basis, then you have the right to withdraw your consent at any time (e.g., by unsubscribing or emailing us). Withdrawing your consent won’t change the legality of processing done before withdrawal. 
(h) Rights in connection to use of legitimate interest – if we process your personal data under legitimate interest, then you have the right to see the conducted legitimate interest assessment connected to the processing of your personal data. For this write us at info@latitude59.ee.
(i) Rights related to automated processing and profiling mean that the Data Subject, on grounds relating to their particular situation, has the right to object at any time to the processing of personal data concerning them based on automated decisions/profiling and to require human intervention. The Data Subject may also require an explanation regarding the logic of making an automated decision. For avoidance of doubt, we do not use automated processing or profiling that has a significant effect on the Data Subject or their rights.
(j) The right to file a complaint and seek judicial remedy – you have the right to file a complaint with us or supervisory authority or court if you think that your rights in connection to personal data have been infringed. We kindly ask you to contact us first for finding a solution. If needed our data protection supervisory authority is Estonian Data protection Inspectorate (Andmekaitse Inspekstioon) contacts can be find: https://www.aki.ee/en/contacts. In addition, as a Data Subject you have a right to file a complaint in the EU Member State of your residence or a place of work or of where alleged infringement of the GDPR took place. If you are a resident of EU, you can find the details of respective data protection authority from here.

3.2 Responses and additional information. If you make a request connected to personal data processing, we have one month to respond to you (in certain cases we have the right to extend that time period). If you would like to exercise any of these rights or need more information on your rights, please contact us. Please note, that we may need to identify you before granting you any of the rights connected to your personal data.

4. Children’s Information

4.1 We do not intend to process data of children (as defined in the GDPR). Our activities are not connected nor offered to people underage. We follow data protection requirements applicable for processing child’s personal data (if any). 

5. Changes

5.1 The latest changes and entry into force of the Privacy Policy:

Publication Entry into force Key changes
29.07.2025 20.07.2025 2nd version of the Privacy Policy where we specified and put together our purposes, legal basis and data categories processed.
23.11.2018 20.11.2018 1st version of the Privacy Policy – view PDF