Last updated: 17 December 2025
1. Who we are
The controller of this website (hereinafter “the website”) is Estonian Literary Museum (70003879), Vanemuise 42, 51003 Tartu, Estonia, kirmus@kirmus.ee.
Our web address is: https://www.etkad.ee/.
2. What data we collect and for what purpose
We collect personal data only to the extent necessary for the functioning of the website and for analysing its use.
2.1. Visitor and usage statistics
We use Google Analytics (GA4) to understand how visitors use our website. Google Analytics may collect, among other things:
IP address (shortened/anonymized IP),
device and browser information,
on-site interactions (clicks, page views, etc.).
The IP address is anonymized within the European Union before being transmitted to Google’s servers.
Legal basis: Article 6(1)(f) GDPR – legitimate interest in ensuring website functionality and statistical analysis.
2.2. Cookies
The website uses cookies to ensure technical functionality and analytics.
Types of cookies used:
Strictly necessary cookies – required for the technical operation of the site; no consent required.
Analytics cookies (Google Analytics) – set only with the user’s consent (via the cookie banner).
Users may delete cookies at any time through their browser settings.
2.3. Comments
If you leave a comment on the website, we collect:
the content of the comment,
your name and email address,
IP address and browser user agent string (for spam detection purposes).
If you use Gravatar, an anonymized hash created from your email address may be transmitted to the Gravatar service.
2.4. Media uploads
If you upload images to the website, please avoid uploading images containing embedded EXIF location data. Other visitors may download and extract such data.
2.5. User accounts
For registered users, we store the personal information provided in their user profile (name, email address, role, settings). Administrators can view and edit all user profiles.
2.6. Login and technical logs
The website may store login and system error log files. These may include IP addresses and access timestamps.
3. Third parties to whom data may be transferred
Your data may be transferred to the following service providers:
Google LLC (Google Analytics)
Data is processed within the EU where possible in anonymized form.
Google may process data outside the EU using Standard Contractual Clauses.
Automattic / WordPress plugin providers (if applicable)
If we use plugins that process personal data, each provider has its own privacy policy.
We do not sell or share personal data with third parties for marketing purposes.
4. Data retention
Comments: stored indefinitely (until deletion).
Google Analytics data: stored for up to 14 months.
User accounts: stored until account deletion.
Log files: depending on technical necessity, typically 30 days to 1 year.
5. Your rights under GDPR
You have the following rights:
Right of access – to receive a copy of your personal data.
Right to rectification – to correct inaccurate data.
Right to erasure (“right to be forgotten”).
Right to restriction of processing.
Right to data portability (where processing is based on contract or consent).
Right to object – where processing is based on legitimate interest (e.g., statistical processing).
Right to withdraw consent (e.g., for analytics cookies).
To exercise your rights, please contact: kirmus@kirmus.ee
You also have the right to lodge a complaint with the supervisory authority:
Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) www.aki.ee
6. Transfers of data outside the EU
Google Analytics may process data on servers located in the United States. In such cases, the following safeguards are applied:
European Commission Standard Contractual Clauses,
IP address anonymization before transfer.
No other transfers of data outside the EU take place.
7. Cookies and consent
When you first visit our website, you are presented with a cookie consent banner that allows you to:
consent to analytics cookies,
decline them,
modify your preferences later.
8. Security
We implement appropriate organizational and technical security measures, including:
access control to servers,
secure connections (HTTPS),
regular plugin updates.
9. Contact
If you have questions regarding this Privacy Policy, please contact:
Estonian Literary Museum
Email: kirmus@kirmus.ee
Address: Vanemuise 42, 51003 Tartu