e-Business Register is the official portal that includes the data of companies of all legal entities and self-employed persons registered in Estonia in a single environment. The portal includes foremost information about legal entities (e.g. private limited companies, apartment associations), but also some data regarding the natural person associated with that legal entity (e.g. data of a member of the management board, data of a shareholder).
The data of the registry card of the e-Business Register that are the general information regarding the legal entity and the right of representation are available to everyone and can be indexed (i.e. can be found in search engines). Availability in search engines is necessary primarily because not everyone may be aware of the availability of data through the commercial register and the up-to-date nature of these data. This way, however, everyone can access legal data directly from the original source when searching for the data of a legal entity. It is important to note that other information portals may not have accurate and up-to-date information, but data in the commercial register can always be relied on.
The portal also contains other public information and documents concerning the legal entity – these are data and documents that have either been submitted to the commercial register (e.g. petitions, data of shareholders, data of the supervisory board) or that the commercial register itself has collected from other state portals (e.g. data on taxes, arrears, number of employees obtained from the Tax and Customs Board). These data are not indexable, i.e. visible in search engines, and these can only be accessed through the e-Business Register.
In addition to the foregoing, the commercial register also contains documents related to the registration procedure and which can be accessed only after the registrar has established a legitimate interest.
As stated, the e-Business Register also contains the data of a natural person related to the legal entity.
Article 6(1)(e) and 6(3) of the General Data Protection Regulation (EU) 2016/679 permit the processing of personal data if processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. The basis for processing of personal data is laid down by Union law or Member State law to which the controller is subject.
The legal basis for collecting and processing (incl. disclosure) of personal identification codes in the commercial register arises from the law[1]. In Estonia, personal identification code is considered to be ordinary personal data such as, for example, the person’s name, gender, date of birth, etc. The data in the commercial register (both regarding the legal entity and the natural person, incl. personal identification code) are available to anyone by law. The purpose of the public nature of the data of the commercial register is to disclose information about all relevant legal relationships that legal entities participating in economic activity have. This disclosure is essential for ensuring the credibility of the business environment. Therefore, in order to ensure the legitimacy of transactions between parties, the commercial register must provide information about legal entities, incl. who are the persons who are entitled to represent the legal entity, for example in commercial transactions.
It is important to know that each member of the management board generally has very broad rights to represent the legal entity in all transactions[2], so interested persons must be able to unequivocally identify, for example, whether the person who is signing a substantial contract on behalf of a company actually has the right to signature. It would be very difficult, if not impossible, to ensure one of the main objectives of maintaining a commercial register (credibility of the business environment) without giving the public the opportunity to identify the identities of members of the management board. This can only be done by disclosing personal identification codes as required by law. Otherwise, even if, for example, a date of birth was disclosed instead of the personal identification code, the risk of fraud would increase significantly because those with the same name and born on the same date are not an uncommon coincidence.
Based on the law, the address of the legal person is also entered in the register. When submitting the address of your residence to the business register as the location of a legal entity, you must take into account that it is given a legal meaning and is published in the e-Business Register as the address of a legal person (e.g. a private limited company). It is always possible to change the address in the register. For this, a corresponding application must be submitted. However, it must be noted that the address provided must be the one where the legal person is able to receive the letters sent to it, because it is assumed that the address in the register is correct. The fact that the data provider is responsible for the correctness of the data is also important (including providing false data is punishable under criminal law).
Restrictions on the re-use of personal data which are considered open data[3] based on subsection 31 (8) of the Public Information Act (PIA), e.g. restricting indexation by search engines, should be imposed only if the re-use would significantly breach the inviolability of the private life of the person. As previously stated, the disclosure of the data of the registry card of the commercial register[4] and permitting indexation does not significantly breach the inviolability of the private life of a natural person.
[1] See subsection 22 (1) of the Commercial Code (CC), subsection 26 (1) of the CC, clause 145 (1) 5) of the CC, clause 63 (4) 5) of the Apartment Ownership and Apartment Associations Act (AOAAA), subsection 75 (2) of the Non-profit Associations Act (NPAA), subsection 77 (1) of the NPAA, clause 89 4) of the NPAA, clause 10 (1) 4) of the NPAA, clause 14 (1) 5) of the Foundations Act (FA), clause 8 4) of the Commercial Associations Act (GAA).
[2] See subsection 181 (1) of the CC, subsection 24 (1) of the AOAAA, subsection 27 (1) of the NPAA, subsection 18 (1) of the FA, subsection 58 (1) of the GAA.
[3] See subsection 31 (1) of the PIA: public information, the public use of which is not restricted
[4] i.e. general information about the legal entity and the right of representation