Privacy policy

CIDOC 2021 conference main organiser National Heritage Board (‘Muinsuskaitseamet’ in Estonian) is committed to protecting and respecting your privacy in compliance with Europe’s General Data Protection Regulation (GDPR).

This privacy policy will explain when and why we collect your personal information, how we use it, the conditions where we may disclose it to other parties and how we keep it secure. This privacy policy applies to the use of our entire website and our conference ticket sales.

What is National Heritage Board?

National Heritage Board is a governmental institution in Estonia founded by the Republic of Estonia with the aim of organising the fields of heritage protection and museum sector. National Heritage Board is the main organiser of CIDOC 2021 conference.

National Heritage Board has one main office in Tallinn, Estonia. The registered office address is:

Pikk 2, 10123 Talllinn
Estonia, EU

What kind of data do we collect and keep regarding the CIDOC 2021 conference?

We collect and keep the following personal data:

We may also collect (anonymous) feedback, comments and questions received from you in service-related communication and activities, such as meetings, phone calls, documents, emails and post-conference surveys.

From our website, we may collect IP-address and actions taken on the website.

National Heritage Board is the data controller. If you choose to purchase a conference ticket via our website, we will collect your payment information and forward it to the data processor (Maksekeskus AS) in order to process payments.

If you choose to purchase a conference ticket from us, we, our ticketing system provider and/or our third-party payment processors will collect your payment information.
National Heritage Board does not collect or process any special categories of personal data, such as public unique identifiers or sensitive personal data.

When do we collect your personal data?

We collect your personal data when:

Why do we collect and use your personal data?

We collect and use your personal data mainly to send you information regarding your purchased ticket(s) of CIDOC 2021, keep you informed about the conference and the paper you have submitted.

We may use your personal data for the following purposes:

Most of our services do not require any form of registration, allowing you to visit our website without telling us who you are. However, some services – i.e. purchasing our conference ticket(s) or submitting your paper, participating in (online) conference activities – will require you to provide us with your personal data.

The conference will be recorded and broadcasted online via our website in order to provide the possibility to participate in the conference both on site and online. Photographs will be taken at the conference for the purpose of documenting and promoting the event. The recordings and photos will be stored and shared by the National Heritage Board and CIDOC on their webpages and social media channels.

In these situations, if you choose to withhold any personal data we request, it may not be possible for you to purchase ticket(s), submit your paper, participate in the conference, receive crucial information about the event and for us to respond to you.

What happens when you visit our website – our use of cookies, web beacons, tags and scripts

You can visit our website without giving away your personal information. National Heritage Board uses cookies, web beacons, tags and scripts, including Google Analytics, so as to:

We use cookies, web beacons (‘Website Navigational Information’), tags and scripts to collect information as you navigate CIDOC 2021’s website. Website Navigational Information includes standard information from your web browser, such as browser type and browser language; your Internet Protocol (‘IP’) address; and the actions you take on CIDOC 2021 website, such as the web pages viewed and the links clicked.

This information is used to make our website work more efficiently, as well as to provide business and marketing information to National Heritage Board, and to gather such personal data as browser type and operating system, referring page, path through site, domain of ISP, etc. for the purposes of understanding how visitors use our website. Cookies and similar technologies help us tailor our website to your personal needs, as well as to detect and prevent security threats and abuse. If used alone, cookies and web beacons do not personally identify you.

The only way to completely ‘opt out’ of the collection of any information through cookies or other tracking technologies is to actively manage the settings on our browser or mobile device. If you are using Google Chrome or Mozilla Firefox, here are the links to help you with your cookie management:

For all other browsers and mobile devices, please refer to the relevant technical information of your browser and mobile device for instructions on how to delete and disable cookies as well as other tracking/recording tools.

If you would like to learn more about cookies, clear gifs/web beacons and related technologies, you may wish to visit and/or the Network Advertising Initiative’s online resources, at

Our legal basis for collecting your personal data

Collecting your personal data based on consent

The collection of your personal data based on consent will be done using ‘Consent Forms’ that will store documentation related to the consent given by you. Individual consent will always be stored and documented in our systems.

Collecting personal data based on legitimate interest

We may use personal data if it is considered to be of legitimate interest, and if the privacy interests of the data subjects do not override this interest. Normally, to establish the legal basis for data collection, an assessment has been made during which a mutual interest between National Heritage Board and the individual person has been identified. This legal basis is primarily related to our sales and marketing purposes. We will always inform individuals about their privacy rights and the purpose for collecting personal data.

How long do we keep your personal data?

We store your personal data for as long as we find it necessary to fulfil the purpose for which your personal data was collected, while also considering our need to resolve possible problems, to comply with legal requirements under applicable laws, to attend to any legal claims/complaints, and for safeguarding purposes.

This means that we may retain your personal data for a reasonable period of time after your last interaction with us. When the personal data that we have collected is no longer required, we will delete it in a secure manner. We may process data for statistical purposes, but in such cases, data will be anonymised.

Do we share your data with anyone?

We do not share, sell, rent, or trade your information with any third parties without your consent except from what is described below:

We may pass your information on to our partners, sponsors and other associated organisations with the purpose of them providing you relevant services that are happening at or are in direct relation to CIDOC 2021. This includes sharing conference recordings and photos with ICOM Estonia and CIDOC for the purpose of storage and sharing on their websites and social media channels.

We will disclose your personal information if required by law or if we, as an organisation, reasonably believe that disclosure is necessary to protect our organisation’s rights and/or to comply with a judicial proceeding, court order or legal process. However, we will do what we can to ensure that your privacy rights continue to be protected.

Your rights to your personal data

You have the following rights in respect to your personal data:

Any query about your Privacy Rights should be sent to

Changes to this Privacy Policy

National Heritage Board reserves the right to amend this Privacy Policy at any time. The latest applicable version will always be found on our website. We encourage you to check this Privacy Policy occasionally to ensure that you are happy with any changes.

If we make changes that significantly alter our privacy practices, post a notice on our websites prior to the change taking effect.

Your right to complain with a supervisory authority

If you are unhappy with the way in which your personal data has been processed, you may, in the first instance, contact

If you remain dissatisfied, then you have the right to apply directly to the Estonian supervisory authority for a decision. The supervisory authority can be contacted at:

Estonian Data Protection Inspectorate