Privacy Policy

Data controller: Estonian Gaming Association MTÜ (registry code 80673799, address Ülikooli tn 2a, 51003 Tartu, Estonia).

For data protection inquiries, contact us by email: hello@estoniangaming.ee.

We collect personal data via the membership application form (/join-us):

• first and last name;
• email address;
• phone number (optional);
• role at the company you represent;
• company name, registry code, website, location;
• information about membership in other similar associations (optional);
• information on how you could contribute to EGA;
• information on how you heard about EGA (optional).

We may also store technical metadata (submission timestamp, IP address) for security and administration purposes.

For users of our internal tool (the commenting and document environment), we log technical sign-in data for security purposes — IP address, access time, and device/browser type — as well as failed login attempts. This data is used solely to detect account misuse and unauthorized access and is never shared with third parties.

We process personal data on the following legal grounds:

• Consent (GDPR Art. 6(1)(a)) — by submitting the form you give consent to processing your data for the purposes of handling your application;
• Legitimate interest (GDPR Art. 6(1)(f)) — EGA has a legitimate interest in processing membership applications, maintaining sector dialogue, and communicating with prospective members.

We use the data only for the following purposes:

• processing the membership application;
• contacting you during the application process and after possible membership;
• compiling sector statistics in anonymized form.

We retain membership application data for 5 years from submission. During this period we may contact you regarding your application, membership, or EGA activities.

Upon request for deletion we mark your application as inactive (soft-delete), meaning the data remains archived in our system and is not used for active communication. Upon request we can also physically delete the data unless this conflicts with statutory retention obligations.

Your data is accessible to the EGA board. EGA does not share your personal data with third parties for marketing purposes.

Technical processors (data processors):

• Supabase (database, hosted in EU, Frankfurt);
• Vercel (web hosting, EU edge);
• Resend (email delivery).

All processors are GDPR-compliant and we have appropriate data processing agreements.

You have the following rights regarding your personal data:

• Right to information — what data we process about you;
• Right to rectification of inaccurate data;
• Right to erasure (“right to be forgotten”) — see section 4 regarding soft-delete logic;
• Right to restrict processing;
• Right to data portability — we can provide your data in a structured format;
• Right to object to automated decision-making (EGA does not make such decisions);
• Right to lodge a complaint with the Estonian Data Protection Inspectorate.

To exercise your rights, contact: hello@estoniangaming.ee. We respond within 30 days.

This website does not use cookies for marketing or analytics purposes. We use only technical session cookies necessary for the login function (if you use it).

EGA reserves the right to update this privacy policy over time. We will notify you of significant changes separately (by email if you have submitted a form).