Privacy policy

Our privacy policy

OK Incure OÜ respects the privacy and rights of individuals, being dedicated to the protection thereof and to ensuring the security of personal data.The present privacy policy describes how OK Incure OÜ collects, uses, preserves and protects the personal data of data subjects.The present privacy policy also contains information which is subject to submission according to Article 14 of regulation (EU) 2016/679, if personal data has been collected.

1. Registrar

OK Incure OÜ
registry code 11542046
Mustamäe tee 16, 10617 Tallinn

2. Additional information

OK Incure OÜ
registry code 11542046
Mustamäe tee 16, 10617 Tallinn

3. Name of the register

OK Incure OÜ – recovery register

4. Legal basis and purpose for processing data

Legal basis for processing personal data pursuant to the General Data Protection Regulation (GDPR 2016/679) of the EU is the performance of the contract by the processor and its legitimate interest. The company conducts a debt recovery process and based on the aforementioned, the processing of personal data is legal.

The recovery of debt serves as the purpose for processing personal data.

5. Registered group

A register group consists of customers/debtors.

Other personal data directly related to the claim may also be recorded in the recovery register. Data on the customer, civil servants and the court involved in the process.
The company processes personal data related to the debt claim and to the debtor based on a contract concluded with the customer with the purpose of performing its contractual obligations and based on legitimate interest, relying on Article 6 (1) (b) and (f) of the GDPR. In this case, the company acts as an authorised processor and the creditor still remains the responsible processor, since the claim is not waived.
OK Incure OÜ also purchases debt claims of customers, in this case the creditor is replaced. In such cases the company processes personal data based on the waived contract and for the purpose of the performance of the contractual obligations, relying on Article 6 (1) (b) of GDPR.
During these processes, the company processes the contact data of a physical person (creditor), a member of the board or an employee of a legal person (creditor), a physical debtor and a member of the board of a legal debtor, a third person related to the debt procedure (e.g., a person who pays the debt for the debtor), an associated person and a guarantor and the data related to the claim that is purchased or pending.
Also, the company processes data related to the financial condition and payment behaviour of a physical debtor when providing a debt recovery service and purchasing debts. Such data comes from the debtor itself, from the creditor and public sources, such as the Land Register and the electronic state journal Ametlikud Teadaanded.

6. Information sources

Information available in public registers
Credit Register (Creditinfo Eesti AS)
Tax and Customs Board
Population register
Information registers
Police and Border Guard Board

7. Collected data

Personal identification code
E-mail address
Information needed for the performance of tasks
Information available in public registers
Information about judgements
Information related to the procedure
Other information needed for the performance of the contract

8. Deletion of data

Personal data will be preserved for as long as it is necessary for the performance of debt recovery tasks and will be deleted after that according to the procedure rules established by the company.

9. Regular data transmission

Data is transmitted based on all the applicable laws and legal acts to:

bailiffs, insolvency practitioners
Police and Border Guard Board
Creditinfo Eesti AS

Additionally, an authorised processor may use a subcontractor or a software provider for processing personal data. The authorised person is also responsible for the lawfulness of the processing.

In order to respond to the information inquiries of state authorities and courts, the company may issue personal data to state authorities (the police, security agencies, the prosecutor’s office, etc.) based on the legal act requiring the issue. The inquiry and the related correspondence and documents will be preserved for 10 years since the completion of the data protection requirement or justified refusal.

10. Description of technical and organisational security measures

The database is protected by firewall, usernames and passwords. The data in the register can only be processed by persons who are justified to do that due to their work tasks. The processors of personal data undertake to comply with the confidentiality requirement. The equipment and data communication are properly secured.

11. Data protection rights

According to the GDPR, a data subject is entitled to get acquainted with his/her personal data and obtain a copy of them, to require the transfer of his/her personal data to another authorised processor, to require the deletion, correction or amendment or limitation of processing of his/her personal data and to submit an objection for processing his/her personal data. These data protection rights are not unlimited and in each case, the company must assess whether and in which extend the legal acts related to data protection allow the fulfilment of such requests. For instance, the company will not delete data related to a debt claim and payment disorder data because processing such data is necessary for preparing, submitting and protecting legal claims. Based on the GDPR, this is the basis for refusing to delete the data.

For using one’s rights, please send us an e-mail to The data subject is entitled to submit an appeal to the Estonian Data Protection Inspectorate against the offered solution. The contact data of the Data Protection Inspectorate: telephone +372 627 4135; e-mail; address Väike-Ameerika 19, Tallinn 10129.

Switch The Language



    Marienthali Keskus (5. floor)
    Mustamäe tee 16, 10617
    PHONE: +372 675 5820
    EMAIL: mail @
    Monday-Friday 09:00-17:00
    Registry code: 11542046
    Tallinn, ESTONIA