PRIVACY POLICY

This Privacy Policy describes how Capture Capital OÜ, registry code 16075394, license number FIU000432, address Parda tn 8, 10151 Tallinn, Estonia, processes personal data when you visit capture.ee or app.capture.ee and when you use any of the services provided by Capture Capital OÜ (“Capture”, “we”, “us”, “our”).

1. Contact Information

If you have any questions about this Privacy Policy or about the processing of your personal data, or if you wish to exercise your data protection rights, contact us at:

info@capture.ee

2. Definitions

Client – A legal entity, founder, or individual using or ordering Capture’s services, including natural persons acting in connection with the establishment of an Estonian company.

User – Any individual visiting the Website or using the App.

Personal Data – Any information relating to an identified or identifiable natural person.

Controller – Capture Capital OÜ.

Processing – Any operation performed on Personal Data.

Website / App – capture.ee and app.capture.ee.

Services – All services provided by Capture, including registered address services, licensed contact person services, mail handling, company formation support, notary-based company formation via Power of Attorney, e-Residency application guidance, VAT registration support, registry filing and amendment assistance, banking and fintech guidance, document assistance, and support through email or other communication channels.

3. Personal Data We Process

3.1. Data you provide when ordering services

To provide Services, Capture collects and processes personal data required by law and necessary for contractual performance. This may include your name, Estonian personal identification code, including for e-residents, email address, telephone number, residential address, citizenship, and payment-related information. Payment card details are processed only by third-party payment service providers and are not stored by Capture.

3.2. Data required for AML/KYC purposes

For regulated services, we are legally required to collect additional information for identity verification, risk assessment, and ongoing compliance. This may include beneficial owner information, ownership and share structure, identity document details, AML/KYC questionnaires, risk-assessment-related information, source of funds or source of wealth information where required, and proof of address where required.

Where identity verification is carried out through a third-party provider using facial comparison or similar tools, that provider may process video, images, and biometric data strictly for identity verification, fraud prevention, legal compliance, and related security purposes.

3.3. Data required for company formation or filings

If you request formation or amendment services, we may process company name and details, articles of association, registry filings and application data, board member and shareholder information, Power of Attorney information for notary services, and resolutions, minutes, or other company documents you provide.

3.4. Data for e-Residency application guidance

If you purchase this service, we may process motivation text, supporting documents, and required identification information.

3.5. Automatic data collected on the Website and App

When you browse the Website or use the App, we may collect technical and usage-related information such as IP address, browser type and version, device information, operating system, traffic data, usage patterns, pages visited, referral source, and session data. This data may be collected through cookies, analytics tools, tag management systems, and similar technologies.

Where possible, IP anonymisation or comparable privacy-enhancing settings are used where supported by the relevant provider.

3.6. Newsletter data

If you subscribe to our newsletter, we process your email address and related subscription preferences.

3.7. Payment data

Payment card information is processed exclusively by third-party payment service providers and is never stored by Capture.

3.8. Live chat data

If you use a live chat feature on our Website or App, the chat provider may process chat transcripts, name, email address, IP address, browser and device information, and session data to provide and secure the chat service.

4. Purposes and Legal Bases for Processing

4.1. Providing the Services

We process personal data to activate and maintain your chosen service package, verify identity as required by law, act as a licensed contact person, provide registered address and mail services, assist with company formation, prepare documents, assist with registry filings and amendments, support notary-based formation when requested, and provide banking and fintech guidance.

Legal basis: performance of a contract and compliance with legal obligations.

4.2. Improving the Website, App, and Services

We process usage and technical data to understand how our Website, App, and Services are used and to improve functionality, reliability, security, and user experience.

Legal basis: legitimate interests.

4.3. Customer support and administrative communication

We process personal data to answer requests, assist with filings, resolve issues, send service-related notices, and provide administrative communication.

Legal basis: performance of a contract and legitimate interests.

4.4. Marketing

We process personal data for newsletter communications only where you have given consent. You may withdraw consent at any time by unsubscribing.

Legal basis: consent.

4.5. AML/KYC and sanctions compliance

We process personal data to perform identity verification, beneficial ownership review, risk assessments, sanctions screening, and ongoing monitoring, as required by applicable law.

Legal basis: compliance with legal obligations.

4.6. Fraud prevention and security

We process personal data to protect the security of our Website, App, and Services and to detect, prevent, and investigate fraud, misuse, or unauthorised access.

Legal basis: legitimate interests.

5. Recipients and Categories of Recipients

We may share personal data with trusted third parties where necessary to provide Services, comply with law, or protect our legitimate interests.

5.1. Categories of recipients

These may include accounting and legal service providers, identity verification and compliance service providers, the Estonian Business Register and other public registries, notaries where notary-based formation is requested, IT, hosting, and infrastructure providers, payment service providers, analytics and tag management providers, advertising platform providers, live chat and customer support providers, CRM and communication tools, and other subcontractors necessary for service delivery.

5.2. Data sharing for service delivery

Where the provision of a requested Service requires sharing data with third parties, including notaries, public registries, identity verification providers, payment processors, or accounting partners, Capture shares data only to the extent necessary for performance of the requested Service and compliance with legal obligations.

5.3. Banking and fintech guidance

Capture does not send your personal data to banks or fintech companies without your knowledge. Where you request banking guidance or related assistance, relevant company or contact information may be shared with recommended providers to the extent necessary to support the requested process.

5.4. Third countries

If personal data is transferred outside the EU or EEA, it is done only using lawful safeguards, such as an adequacy decision, standard contractual clauses, or another mechanism permitted under applicable data protection law.

5.5. Law enforcement and regulators

We may disclose personal data where required by law, regulation, court order, or competent authority, including the Estonian Financial Intelligence Unit and other supervisory authorities.

6. Cookies and Tracking Technologies

6.1. Cookie categories

We use the following categories of cookies and similar technologies:

Functional – strictly necessary cookies required for basic site or app operation.

Preferences – cookies used to store user preferences such as language or display settings.

Statistics – cookies used for analytics and measurement.

Marketing – cookies used for advertising, remarketing, and similar tracking purposes.

6.2. Cookie consent

Cookie consent is managed through a consent management platform on capture.ee. Consent choices may apply across capture.ee and app.capture.ee where configured to do so. You may change your preferences at any time through the consent management tool available on the Website.

6.3. Third-party services

Our Website and App may use third-party analytics, advertising, tag management, behaviour analysis, and live chat services. These services may place cookies or process data as described in their own privacy documentation.

6.4. Cookie management

You may manage or delete cookies through your browser settings at any time. Declining non-essential cookies may affect certain features or functionality of the Website or App.

7. Data Retention

7.1. AML/KYC data

AML/KYC data is stored for 5 years after the end of the business relationship, as required by applicable law.

7.2. Service-related data

Client data related to service delivery is retained for the duration of the business relationship and afterwards for as long as necessary for accounting, legal compliance, backup, fraud prevention, dispute resolution, and legal protection.

7.3. Newsletter data

Newsletter data is retained until you unsubscribe or withdraw consent.

7.4. Automatic data

Analytics and cookie-related data is retained in accordance with the settings and retention periods of the relevant provider, or until it is no longer needed for the relevant purpose.

7.5. Deletion criteria

Where no specific retention period is required by law or operational necessity, personal data is deleted or anonymised within a reasonable period after it is no longer needed for the purpose for which it was collected.

8. Your Rights

Under applicable data protection law, you may have the right to:

access your personal data

rectify inaccurate personal data

request erasure, where permitted by law

object to processing based on legitimate interests

restrict processing

request data portability where applicable

withdraw consent, where processing is based on consent

lodge a complaint with the Estonian Data Protection Inspectorate

Please note that some rights may be limited where processing is required by law, including AML/KYC retention obligations, or where overriding legal grounds apply.

Requests are normally processed within 30 days. This period may be extended where permitted by law due to the complexity or volume of requests, with prior notice where required.

To exercise your rights, contact us at info@capture.ee.

9. Security Measures

Capture implements appropriate technical and organisational measures to protect personal data, including encrypted connections, secure servers and firewalls, access controls and authentication, pseudonymisation where appropriate, secure storage with trusted service providers, and incident handling and notification where required by law.

10. Data Processing Agreement

Where required, a Data Processing Agreement forms part of the contractual relationship between Capture and the Client, as referenced in the Terms of Service or other applicable agreements.

11. Children’s Data

Our Services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children.

12. Amendments

This Privacy Policy may be updated periodically. The latest version is always available on our Website. Clients with active subscriptions may be notified of material changes where appropriate.

Last updated: 30.03.2026

© Capture Capital OÜ. All rights reserved.