Privacy Policy

Here you will find the full information about the data  processing principles of VITS Solutions OÜ (VITS). VITS  seeks to be your trustworthy partner in Personal Data  Processing who respects your rights and is an example to others on the market.

Below you can find the definitions for the terms that are used frequently in the Privacy Policy and that are capitalised.


1.1 Data Subject is a natural person on whom VITS has information, or information with which the natural person can be identified. Data Subjects are, for example, natural persons who are a Client’s employees, Website Visitors, cooperation partners, and employees on whom VITS holds Personal Data.

1.2 Privacy Policy is this text, which sets out the Personal Data Processing principles of VITS.

1.3 Personal Data is information relating to an identified or identifiable natural person.

1.4 Personal Data Processing is any operation performed on the Data Subject’s Personal Data. For example, collecting, recording, organising, storing, altering and disclosing, allowing access to, querying and extracting, using, transmitting, crosschecking, combining, blocking, erasing or destroying Personal Data, or several of the aforementioned operations, regardless of the manner in which the operation is performed and the means used.

1.5 Client is a legal person who uses or has requested to use the Services of VITS.

1.6 Agreement is the Service provision or other type of agreement concluded between VITS and a Client.

1.7 General Terms and Conditions set out the general terms and conditions that apply when entering into an agreement with VITS.

1.8 Website is the website of VITS with the URL

1.9 Visitor is a person who uses the VITS website, including creating a user in the VITS online environment.

1.10 Child is a person under 13 years of age when providing information society services in the Republic of Estonia, in the context of Personal Data Processing.

1.11 Services are any services provided by VITS, primarily the document preparation and management platform related to activities pertaining to health and safety at work.

1.12 Cookies are data files that are sometimes stored on the device of the Website Visitor.

1.13 Sales Channels are the ways of communicating with the Data Subject,
the tools created for selling goods and providing services used by VITS. This includes, for example, email, telephone, public and social media, various chatlines, customised and interactive  advertising, and other similar tools on websites and elsewhere.
1.14 User Account is the personal user account of the Data Subject, which primarily gives access to VITS’ digital products, and through which the Client can identify themselves. The User Account belongs to the Data Subject and it will remain active even when services of VITS are not actively used.

The terms shall be used in the meanings set out above in the Privacy Policy, the
Agreement and the General Terms and Conditions.

The General Provisions provide information about the identity of the Personal Data processor and the occasions when this Privacy Policy applies.


2.1 VITS is the legal person VITS Solutions OÜ, registry code 14232518, location 16 L. Koidula St, 90502, Haapsalu, Estonia.

2.2 VITS can Process Personal Data:

(1) as a data controller, by determining the purposes and means of processing;

(2) as a data processor, following the instructions of the data controller;

(3) as a data recipient to whom Personal Data is transmitted.

VITS uses the following data processors:

(1) Google Analytics, whose servers are located in the European Union, and in some cases outside the European Union (data from only those Visitors who create a User Account in the VITS online environment);

(2) Zone Virtual Server, whose servers are located in the European Union.

2.3 This Privacy Policy of VITS is an integral part of the Agreement concluded between VITS and the Client, and the General Terms and Conditions. It is also an integral part of the relationship between the Visitor and VITS.

2.4 The Privacy Policy applies to the Data Subjects, and all employees and
cooperation partners of VITS that come into contact with Personal Data held by VITS shall follow the rights and obligations set out in the Privacy Policy.

2.5 The Privacy Policy may complement privacy notices published on the Website or on devices, and these may also be used to change and amend
the Privacy Policy.

Here you will find the principles that VITS always follows when Processing your
Personal Data.

3.1 VITS aims to Process Personal Data responsibly, following best practices, while always being ready to demonstrate the conformity of the Personal Data Processing to the set objectives, as well as always following the interests, rights and freedoms of the Data Subject.
3.2 All of the processes, guidelines, operations and activities of VITS related to Personal Data Processing follow the principles below:
(1) Lawfulness. There shall be a legal basis for Personal Data Processing, e.g. consent;
(2) Fairness. Personal Data Processing shall be fair and shall ensure that the Data Subject has sufficient information about how Personal Data are Processed, e.g. via the register of processing operations;
(3) Transparency. Personal Data Processing shall be transparent to the Data Subject;
(4) Purposefulness. Personal Data shall be collected for clear, well defined and lawful purposes and shall not be Processed later in a manner that is contrary to these purposes;
(5) Minimalism. Personal Data shall be relevant, important and limited to what is required from the perspective of the purpose of Personal Data Processing. When Processing Personal Data, VITS shall follow the principle of minimal Processing and once the Personal Data are no longer required, or required for the purposes for which they were collected, then the Personal Data shall be destroyed;
(6) Correctness. The Personal Data shall be correct and updated, if necessary, and
all reasonable measures shall be implemented to ensure that Personal Data that
are incorrect from the perspective of Personal Data Processing shall be erased
or amended immediately;
(7) Storage limitation. Personal Data shall be stored in a form that only enables the identification of Data Subjects to the extent required for fulfilling the purpose for which the Personal Data is Processed. This means that if VITS wishes to store Personal Data for longer than required from the perspective of the purpose of the collection, then VITS shall anonymise the data in such a way that the Data Subject can no longer be identifiable. VITS shall store data that it has acquired through a client or similar relationship according to best practices, and data that it has acquired on the basis of consent in general until the consent is withdrawn. The storage periods for various processing purposes are listed in the register of processing operations;
(8) Trustworthiness and confidentiality. The Personal Data Processing shall be carried out in such a manner so as to ensure the appropriate security of Personal Data, including protection from unauthorised or unlawful processing and accidental loss, destruction or damage, using reasonable technical or organisational measures. VITS shall have agreements in place with each data processor, which set out best practices, continuous risk assessment and relevant technical and organisational measures for Personal Data Processing. VITS has concluded the required agreements with all Clients.;
(9) Data protection by default and by design. VITS shall ensure that all systems used comply with required technical criteria. Appropriate data protection measures shall be planned for each information or data system update or design (e.g. information systems and business processes shall have been built following the prerequisites for pseudonymisation and encryption).
3.3 When Processing Personal Data, VITS follows the objective of always being able to prove compliance with the aforementioned principles, and additional information about observing these principles can be obtained from the Data Protection Officer.
3.4 VITS is the processor of Personal Data in relation to its Clients. However, as the
data processor, VITS always Processes data following the Agreement between the
Client and VITS, ensuring the security of Personal Data and other requirements
that apply
to a data processor.

Here you will find information about how we collect Personal Data.


4.1 VITS collects the following types of Personal Data, among others:
(1) Personal Data disclosed to VITS by the Data Subject (such as first and last
name, email address, company name, user type (position in the company), but
also other similar types of personal data if required);
(2) Personal Data created during ordinary communications between the Data
Subject and VITS (such as email address, first and last name and other similar
(3) Personal Data that have been made manifestly public by the Data Subject (e.g.
via social media);
(4) Personal Data created during the consumption of Services;
(5) Personal Data created as a result of visits to, and usage of the Website (e.g. time
spent on the Website);
(6) Personal Data gathered from third parties.

Here you will find information
about for which purposes and on
what basis we can Process your
Personal Data.


5.1 VITS Processes the Personal Data of Website Visitors (but only those Visitors who have created a User Account) in order to obtain an overview of whether Clients and Visitors begin to use VITS, how much and at what times.

5.2 To Process these types of Personal Data, VITS uses the services of Google Analytics.

5.3 VITS Processes Personal Data exclusively on the basis of consent or the law. Legal basis for Personal Data Processing includes a legitimate interest or an Agreement concluded between the Data Subject and VITS or an Agreement concluded between the Client and VITS.

5.4 VITS Processes Personal Data on the basis of consent exactly within the limits, to the extent, and for the purposes defined by the Data Subject. With consent, VITS follows the principle that each request for consent must be clearly distinguishable from other questions, in a comprehensive and easily accessible form, and in clear and simple language. Consent may be given both in written or in electronic form or as an oral statement. The Data Subject gives consent voluntarily, specifically, knowingly and unambiguously by, for example, ticking a box on the Website.

5.5 Upon concluding and performing the Agreement, Personal Data
Processing may be further set out in the specific Agreement, however VITS can Process Personal Data for the following purposes:
(1) to take measures prior to concluding an Agreement at the request of the Data Subject;
(2) to identify the Client to the extent required by due diligence;
(3) to fulfil obligations to the Client regarding the provision of Services;
(4) to communicate with the Client;
(5) to ensure the Client’s compliance with payment obligations;
(6) to file, realise or defend claims.

5.6 In order to enter into an employment contract on the basis of an
agreement and a legitimate interest, the Processing of Personal Data of an applicant by VITS includes the following:

(1) Processing the data submitted to VITS by the job applicant for the
purpose of concluding an employment contract;

(2) Processing the Personal Data received from the person included as a
referee by the job applicant;

(3) Processing the Personal Data collected from national databases and
registries, as well as from public (social) media.
If the job applicant is not selected, VITS shall store the Personal Data
collected for the purpose of concluding an employment contract for
two years in order to make an offer to the job applicant in the event
that a suitable position becomes vacant. The Personal Data of an
unsuccessful job applicant shall be erased two years from the
submission of the job application.

5.7 Legitimate interest means the interest of VITS in managing and leading its company in order to offer the best possible Services on the market. VITS Processes Personal Data on a legal basis, only after a thorough evaluation in order to ensure that VITS has a legitimate interest on the basis of which Processing Personal Data is required and in accordance with the interests and rights of the Data Subject (after the completion of the socalled threestep test). In particular, the Processing of Personal Data based on legitimate interest may be carried out for the following purposes:

(1) to ensure a trustworthy client relationship, e.g. Processing Personal Data that is strictly necessary to identify the beneficial owners or to prevent fraud;

(2) to manage and analyse the client base in order to improve the accessibility, selection and quality of Services and products, and to provide the Client with better and more personalised offers if they consent to this; 
(3) to collect identifiers and Personal Data generated during the use of
Websites, mobile applications and other Services. VITS uses the data
collected to conduct web analysis or to analyse mobile and information
society services, to ensure functioning, improvement, to generate statistics, and to analyse User behaviour and User experience, as well as to provide a better and more personalised Service;

(4) to organise campaigns, including organising personalised and targeted campaigns, carrying out Client and Visitor satisfaction surveys, and measuring the effectiveness of marketing activities carried out;

(5) to analyse the Client and Visitor behaviour in various Sales Channels and on Websites;

(6) to monitor customer service. VITS may record notifications and orders
given in their own location and via means of communication (email,
telephone, etc.), as well as information and other operations that VITS has
carried out, and use these recordings to prove orders or other operations,
if necessary;

(7) for reasons of network, information and cyber security, e.g. to fight piracy and to ensure Website security, as well as to take measures to backup and store data;

(8) for organisational purposes. Primarily for financial management and for intragroup transmitting of Personal Data for reasons of internal management, including for Processing Personal Data of Clients or employees;

(9) to establish, introduce or defend legal claims.

5.8 In order to fulfil legal obligations, VITS Processes Personal Data to fulfil obligations set out in the law or to implement uses permitted by law. For example, legal obligations arise when processing payments or complying with money laundering rules.

5.9 If Personal Data Processing is carried out for a new purpose, different from that for which the Personal Data were originally collected, or if it is not based on the consent of the Data Subject, VITS shall carefully assess the admissibility of this new type of Processing. When assessing whether Processing for a new purpose is in accordance with the purpose that the Personal Data were originally collected for, VITS shall take into account, among other things:

(1) the connection between the purpose for which the Personal Data were
collected and the purpose for the planned further Processing;
(2) the context for collecting Personal Data, in particular the connection between the Data Subject and VITS;
(3) the type of Personal Data, in particular whether the Processing is performed with a special type of Personal Data or with Personal Data associated with criminal convictions and offences in criminal matters;
(4) the potential consequences of the planned further Processing to the Data Subjects;
(5) whether appropriate defence measures are in place, including
encrypting and pseudonymisation.

Here you will find information
about when we may transmit
your Personal Data to our
cooperation partners.


6.1 VITS cooperates with persons to whom VITS may transmit data related to Data Subjects, including Personal Data, in the context of cooperation activities and for cooperation purposes.

6.2 These third parties may include advertising and marketing partners, companies conducting customer satisfaction surveys, debt collecting service providers, credit registers, ITpartners, (e)mail service providers or mediators, authorities and organisations, on the condition that:
(1) the relevant purpose and Processing are lawful;
(2) Personal Data Processing takes place in accordance with the instructions of VITS and on the basis of a valid agreement.

6.3 VITS only transmits Personal Data outside the European Union if the country has sufficient protection in place; protective measures have been agreed on (e.g. binding intragroup rules or standard data protection clauses); the Data Subject has clearly and deliberately consented to this type of transmission; the transmission is unambiguously required under the agreement concluded with the Data Subject; the transmission is not repetitive, concerns only a limited number of Data Subjects, is necessary for the purposes of compelling legitimate interests pursued by VITS which are not overridden by the interests or rights and freedoms of the Data Subject, and all the circumstances surrounding the data transmission
have been assessed and suitable safeguards with regard to the protection of Personal Data have been provided, or if there is another legitimate basis for it. VITS shall notify the Data Protection Inspectorate of transmissions based on legitimate interest.

Here you will find a description of
how we protect your Personal Data
and where to find information
about the storage periods for
Personal Data.


7.1 VITS stores Personal Data for strictly the time period necessary, depending on whether the Visitor or Client is using the Services of VITS or whether there is cause to think that they will do so in the future.
Personal Data with an expired storage period shall be destroyed according to best practices and in accordance with the relevant procedures set by VITS.

7.2 In the event that any incident involving Personal Data takes place, VITS shall implement all necessary measures to mitigate the consequences and to manage relevant risks in the future. Among other things, VITS shall record all incidents and notify the Data Protection Inspectorate and the Data Subject where required directly (e.g. via email) or publicly (e.g. via the news).

The Services of  VITS are not
intended for Children.


8.1 The Services of VITS, including information society services, are not intended for Children.

8.2 VITS does not knowingly collect information on persons below 13 years of age, i.e. Children, and in cases where this is done, we shall follow the wishes of the parent or guardian (including consent to send products addressed to the Child’s name).

8.3 In the event that VITS becomes aware of having independently collected Personal Data from a Child or about a Child, VITS shall do its best to cease the Processing of such Personal Data.

Your Personal Data belong to you and here you will find information about your
rights in regard to protecting your Personal Data.


9.1 Rights related to consent:

(1) The Data Subject has a right to notify VITS at any time with a request to withdraw their consent to Personal Data Processing.

(2) Consents given to VITS can be viewed, amended and withdrawn by contacting VITS. Contact details can be found in clause 13 of the Privacy Policy.

9.2 The Data Subject also has the following rights related to Personal Data Processing:

(1) Right to information i.e. the Data Subject has the right to receive information about Personal Data collected on them.

(2) Right of access to the data, including the Data Subject’s right to obtain a copy of the Personal Data being Processed.

(3) Right to rectify incorrect Personal Data. The Data Subject also has the
option to rectify incorrect data on their User Account.

(4) Right to erasure i.e. in certain cases the Data Subject has the right to request that the Personal Data be erased, for example when Processing is carried out solely on the basis of consent.

(5) Right to restrict the processing of Personal Data. This right arises, for
example, when Personal Data Processing is not permitted on a legal basis or when the Data Subject contests the accuracy of Personal Data. The Data Subject has the right to request that the Personal Data be restricted for a period of time that would enable the data controller to verify the accuracy of the Personal Data, or if the Personal Data Processing is unlawful, but the Data Subject does not request that the Personal Data be erased.

(6) Right to data portability i.e. the Data Subject has a right in certain cases to receive the Personal Data in a machinereadable format or to transmit those data to another data controller.

(7) Rights relating to automated Processing mean, among other things, that the Data Subject has the right to object at any time, on grounds relating to their particular situation, to the Processing of their Personal Data which is based on automated decisionmaking. To be clear VITS can Process Personal Data for making automated decisions that promote business (e.g. in the context of marketing to segment Visitors in order to target them with personalised messages, in the context of employment to ensure that our employees follow internal security rules). Automated Processing can partly be based on data collected from public sources. You have a right to avoid any decisions based on automatic Personal Data Processing, if these can be categorised as profiling.

(8) Right to an evaluation by a supervisory authority on whether the
Processing of a Data Subject’s Personal Data is lawful.

(9) Right to compensation.

Here you will find information about how to request explanations or how and where
to submit a complaint.


10.1 Exercising rights. The Data Subject has the right to contact VITS in relation to a question, request or complaint involving Personal Data Processing, using the contact details listed in clause 13.

10.2 Submitting complaints. The Data Subject has the right to contact VITS, the Data Protection Inspectorate, or the court with a complaint if the Data Subject finds that their rights have been violated by Personal Data Processing. Contact details for the Data Protection Inspectorate can be found on their website:

Here you will find information about what Cookies or other technology we use and how you can control the use of these technologies.


11.1 VITS may collect data on the Visitors of Websites and other information society services through the use of Cookies (i.e. small data files that the Visitor’s browser stores on the hard disk of the Visitor’s computer or other device) or other similar technologies (e.g. IPaddress, device information, location information), and Process these data.

11.2 VITS uses the data collected to enable the provision of the Service in accordance with the habits of the Visitor or the Client; to ensure the best Service quality; to inform the Visitor and the Client about the content and to make recommendations; to make adverts more relevant and to enhance marketing efforts; to facilitate logging in and data protection. Data collected are also used to count Visitors and to record their usage habits.

11.3 VITS uses session, persistent and advertising Cookies. Session Cookies are automatically erased after each visit; persistent Cookies are kept if the Website is visited repeatedly, and advertising and third party Cookies are used by the Websites of partners of VITS that are connected to the VITS Website. VITS does not control the creation of these Cookies, therefore information about these Cookies can be obtained from third parties.

11.4 Visitors agree to the use of Cookies on the Website, in information society services or in the web browser.

11.5 Most web browsers allow Cookies. Website functionality is not available to Visitors without fully allowing Cookies. Allowing or disabling Cookies and other similar technologies is under the control of the Visitor via their web browser settings, the settings of information society services, and platforms that enhance this kind of privacy.

Here you will find our contact details.


12.1 Contact details relevant to Data Subjects of VITS:

(1) VITS can be contacted in matters relating to Personal Data via the email address

Here is the information about the validity of the Privacy Policy and amendments to it.


13.1 VITS has the right to unilaterally amend this Privacy Policy.VITS shall notify Data Subjects about amendments via the VITS home page, e-mail or other means.

13.2 Latest amendments to the Privacy Policy and its coming into force:

-Applicable to existing Visitors and Clients
-Applicable to new Visitors and Clients
-Key amendments

We don’t just demo. We offer insights

Our experts will show how VITS can benefit your company