Положение о конфиденциальности



This document (Policy) describes how IPOCrowdwise OÜ (Company) gathers, uses and discloses Personal Data (as defined below), as well as the measures taken by the Company to protect such Personal Data within the Company’s website www.IPO.ONE (Site) and providing services (Services). This Policy applies solely to Personal Data collected by this Site.

Personal Data is understood as any information identifying an individual (Data Subject), either directly or indirectly, regardless of the form or format of such data existence. You or User are understood as the individual using this Site, which must coincide with or be authorized by the Data Subject, to whom the Personal Data refer. All other terms, if used capitalized, are to be understood as in the License Agreement.


The website www.IPO.ONE is owned and operated by IPOCrowdwise OÜ Company, registration number 14515305, situated in Tallinn, Estonia, which is responsible for the processing of Your Personal Data (Data Controller). Because of that, the data processing and the Privacy Policy are subject to Estonian laws.


The Company collects the following Personal Data in the following ways:

  1. The User may provide the Company with his/her Personal Data (for example, the User’s name, surname, date of birth, contact information (for example, email address, phone number, address, country, state, province, ZIP/postal code), photos, videos, financial information (for example, bank account number, securities account number)) upon registration, making investments, providing documents, signing up for notifications during the registration procedure, contacting us, etc.;
  2. The Company collects certain data by automated means, such as cookies, when the User visits the Company’s Site (for example, IP address or domain names of the computers utilized to use this Site, browser type, operating system, referring URLs, URL addresses, information on actions taken on the Site, the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer, the country of origin, dates and times of Site visits, and the details about the path within the Site with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment).

The failure to provide and process certain Personal Data may make it impossible to use this Site and the Company’s Services. Such Personal Data is usually marked with asterisk or otherwise.


Cookies are small pieces of data that are installed on Your computer from websites that the User visits. The following types of cookies exist:

    1. absolutely necessary/essential cookies without which it is not possible to use the website functions and provide the services;
    2. performance cookies that collect information about what the User does when visiting a website and are used to improve how a website works;
    3. functionality cookies that allow the website to remember the User’s choices (for example, User name, language) and provide enhanced, more personal functions;
    4. behaviorally targeted advertising cookies that are used to show advertising most relevant to the User’s interests. They are usually placed by advertising networks with the website operator’s permission. They remember that the User has visited a website and this information is shared with other organizations (e.g. advertisers).

Most web browsers allow its Users to control cookies through the web browser settings. The Site supports “Don’t track!” request.

The Company uses the following types of cookies:

Service provider Service provider Type of cookie Content Expiration Additional information
IPOCrowdwise has_js Functionality cookie Stores information whether Your browser supports JavaScript and allows us to present You our Site with appropriate capabilities. Session
IPOCrowdwise auth* Session cookie Stores Your session and keeps You logged in 1 hour or until You log out
Google Analytics _ut* Analytics cookie Used to identify visitors 2 years Not used when a visitor activates “Don’t track” function
Google Analytics _ga* Analytics cookie Used to throttle request rate 10 minuts Not used when a visitor activates “Don’t track” function


The Company doesn’t use the User’s Personal Data for any other purposes than specified in the License Agreement/Policy. For example, the Company may use the User’s Personal Data for the following purposes:

    1. to perform its obligations under the License Agreement (for example, to provide Services, to perform registration and authentication of the Site’s users, to contact the User, to provide assistance, to collect feedback, to post and receive comments and replies thereto, to display content from external platforms, to interact with external social networks and platforms (for example, Facebook, Linkedin, Twitter, Vkontakte, Instagram);
    2. to exercise any rights and obligations under the law (for example, perform accounting functions, resolve disputes and protect our rights);
    3. to analyze, improve and personalize the Site and Services (for example, to provide the Users with customized content and information, to monitor and analyze the effectiveness of the Company’s Site and Services, the Users’ behavior and third-party marketing activities (for example, Google Analytics and so on), to collect aggregate Site operation metrics, such as total number of visitors and pages viewed);
    4. to maintain this Site (for example, system logs, IP address).

For other purposes, the Company processes the Users’ Personal Data only in accordance with applicable legislation and under condition of notifying the User beforehand and by asking the User’s consent.

The information obtained via the third social networks and platforms is completely subject to the User’s privacy settings for each social network and platform.

The Company adds the User’s e-mail address to its newsletter mailing list only upon his or her prior consent. The User can always unsubscribe from commercial or promotional e-mails in the account settings or through a direct link for unsubscribing from newsletters (in the bottom part of newsletters).


The Company may disclose the User’s Personal Data to third parties without his or her prior consent only if provided in this Privacy Policy or in Terms/Agreement or by the law. The Company does not sell, rent, or trade the Users’ Personal Data. The Company may disclose Your Personal Data to the following third parties:

    1. service providers the Company uses to provide the User with the Services and perform under the License Agreement (for example, third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies). (If not stated otherwise) the Company remains responsible for the Users Personal Data and takes all the necessary measures to protect his or her Personal Data as provided in this Privacy Policy. The User may request the up-to-date list of these parties from the Company at any time;
    2. an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets;
    3. government supervisory authorities;
    4. the Company’s lawyers, auditors, accountants.

The User may have profiles on the third-party resources that other users and/or the public can see. The information posted within the campaigns (for example, names, images, and details of the team members posted within the campaigns, videos etc.) are publicly available. Besides the Personal Data provided (for example, name, country, e-mail address, phone number, picture, profession), the profile visible for other clients may contain information about the User’s interactions with this Site (for example, the User’s investments, comments, documents posted, the campaigns the User is following, etc.).


The User’s Personal Data is processed at the Company’s operating centers and operating centers of our official partners in Estonia or the European Union.

In some cases, the Company may transfer the Users’ Personal Data to third countries. In case the User’s Personal Data is transferred to third countries, the Company follows data protection rules relevant for the Company and applies relevant Personal Data security measures.


The Company only stores the Users’ Personal Data as long as necessary for the purposes of the Personal Data collection and as long as required by law.

Should the User want to delete his or her account or any Personal Data from the Site, the User should notify the Company about it. The User’s account and Personal Data will be deleted as soon as possible, usually within 3 working days. Note that it may take a bit longer with back-up data. If the User has made any investments, it may be impossible to delete some of the Personal Data related to such campaigns or investments. Such Personal Data are stored until necessary, depending on the investment type, but at least 10 years.

Under the Estonian accounting and taxation laws, invoice-related information should be stored for 7 years as of the end of the financial year when such information was provided to the Company.

Information on any legal transactions between the Company and the User may be stored for10 years as of their provision to the Company in accordance with the general limitation period set for civil claims in the Estonian General Part of the Civil Code Act.


The Company performs all the relevant organizational, technical, and physical measures to protect the User’s Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, or access and against all unlawful forms of processing. The Company uses firewalls, password protection and other access and authentication controls to avoid unauthorized access to the User’s Personal Data. The Company uses servers located in a secure environment with limited access. Only employees who need it have access to the User’s Personal Data.


Under the applicable law, the User has the right to:

    1. receive information about his/her Personal Data the Company processes;
    2. ask the Company to correct Your Personal Data that is incorrect;
    3. ask the Company to stop or restrict processing, disclosing or enabling access to, delete or close the User’s Personal Data the processing of which is not permitted under the law;
    4. withdraw any consent the User has given to the Company for Personal Data processing;
    5. ask the User’s Personal Data portability;
    6. object automated decisions with respect to the User;
    7. turn to the Data Protection Inspectorate or the court to protect the User’s rights.

These actions can either be performed automatically by the User by changing the respective settings of his/her account or, if not automatically possible, then by contacting the customer support service, except the latter on the list, for which the User will have to contact the Data Protection Inspectorate.

In some cases, the Company may make (partially) automated decisions regarding the User (for example, during KYC/AML checks). In case the User would like to debate automated decisions, he/she should contact the Company by regular post or e-mail.


This Policy is covered by the provisions set out in the License Agreement regarding changes.


Should the User have any questions, comments, complaints, or requests related to this Policy or the processing of the Personal Data, the User can contact the Company via email: info@ipo.one.