Terms

1.1.The Service is provided by Capture Capital OÜ (registry code 16075394, registered seat in Tallinn, Estonia, email address [email protected]), hereinafter the Service Provider.

1.2.The Terms apply from the date of their publication on the Service's website. The Service Provider will notify users of material changes to the Terms via the Service's website at least 14 days before such changes take effect. Minor clarifications and technical changes may be made without prior notice.

1.3.If the user does not agree with the Terms, the user must discontinue using the Service.

2.1.The primary purpose of the Service is to promote transparency in the Estonian business environment and the reliability of commerce by providing the public with free, fast, and impartial access to public data concerning Estonian legal persons and self-employed persons.

2.2.The Service is based on data obtained from public registers, which is publicly accessible to everyone under § 30 of the Estonian Business Register Act.

2.3.The Service forms part of a free infrastructure serving the public interest and the business environment. The Service Provider seeks to make Estonian Business Register data accessible — both technically and financially — to as broad a user base as possible, including individual researchers, journalists, small business owners, civil society representatives, and developers.

3.1.The core functionality of the Service is free, including individual company views, search, and viewing of data presented within the Service.

3.2.Additional services (such as bulk data ordering and custom exports) may be subject to a fee. The terms of paid services are agreed separately.

3.3.The Service Provider does not apply a paywall to core data and does not restrict ordinary users' access to the Service's core functionality.

4.1.The data published by the Service originates from the Estonian Business Register and other public sources. The data is republished unchanged, except for technical transformations (such as formatting and structure).

4.2.The data update delay is typically up to 24 hours, and in individual cases up to 7 days. For important decisions, data should be verified against the original source (e-Business Register: ariregister.rik.ee).

4.3.The Service Provider is not liable for the accuracy, timeliness, or completeness of the data. The user is solely responsible for decisions made on the basis of using the Service and for their consequences.

4.4.The Service does not collect, process, or publish private data of natural persons such as private real estate, debt relationships, biographical data, political party affiliation, religion, or health data. The Service focuses on public data relating to legal persons.

5.1.The Service may be used for any good-faith purpose, including:

• searching for information for personal use;
• verifying business partners and customers;
• journalistic and academic research;
• analysis and visualisation of public data;
• development, where use of the Service's data forms part of another system or application;
• civil society and public interest projects.

5.2.Commercial use of the Service is permitted on the same terms as personal use, provided that these Terms are observed.

6.1.The Service permits automated queries and programmatic access, provided that:

• queries do not harm the stability of the Service or reduce its availability to other users;
• the rules published in the robots.txt file are observed;
• the developer identifies themselves with a reasonable User-Agent header (e.g. project name and contact address) for higher-volume queries;
• subsequent use of collected data complies with the other provisions of these Terms (in particular the restrictions in section 7).

6.2.Fair use quota for ordinary web interface use: up to 1 000 page views per 24 hours per IP address or user.

6.3.For bulk data collection or automated access exceeding the fair use quota, the Service Provider asks that prior contact be made at [email protected]. In such cases, elevated rate limits, authenticated API access, or use of a database export can be agreed.

6.4.The Service also offers, for a fee, an API and standard machine-readable data formats (including structured JSON responses and Schema.org Organization markup on every company page).

7.1.Use of the Service must not be malicious and must not violate Estonian or European Union law. The following are specifically prohibited:

• using data republished by the Service to send spam or other unsolicited bulk contact to natural persons;
• using the Service's data to profile individuals in a way that harms their fundamental rights (such as profiling based on health, religion, or political beliefs);
• reselling the Service's data in its entirety in a form that substantially reproduces the Service without adding independent value for the user;
• damaging the stability, availability, or security of the Service (DoS attacks, network overload, exploitation of security vulnerabilities, or similar);
• intentionally circumventing restrictions and security measures applied by the Service.

7.2.Commercial use in which the Service's data forms part of the user's own products or services (for example, business information platforms, KYC/AML solutions, financial services) is permitted, provided that the user credits the Service as the source of the data where technically reasonable.

8.1.The Service is provided on an “as is” basis. The Service Provider gives no warranties as to the continuous reliability of the Service, the completeness of the data, or fitness for a particular purpose.

8.2.The Service Provider's liability is limited to the minimum required by applicable law. The Service Provider is not liable for indirect damages, lost profits, or claims by third parties arising from use of the Service's data.

9.1.In the case of a reasonable, non-malicious breach of the Terms (such as inadvertent exceedance of the fair use quota), the Service Provider will, where possible, notify the user before applying any restrictions and offer the opportunity to resolve the situation.

9.2.In the case of an intentional or repeated breach, the Service Provider has the right to restrict or terminate the user's access to the Service.

9.3.The Service Provider does not impose fines and does not automatically lock a user's access if the breach has been remedied or if the user contacts the Service Provider promptly to resolve the situation.

10.1.The Service uses technically necessary cookies that are essential for the core functionality of the Service (such as session management and security recommendations). These cookies are not used for advertising or tracking purposes.

10.2.The Service does not use third-party advertising technology cookies. Anonymised usage statistics may be collected to improve the Service, but only at the level of IP address and browser type, and without linking to personal data.

11.1.Estonian law applies to these Terms.

11.2.Disputes arising from these Terms shall be resolved through negotiation where possible. Failing agreement, the competent court is Harju County Court (Harju Maakohus).

11.3.Last amended: 10 May 2026.

1.1.Data Controller: Capture Capital OÜ (registry code 16075394, registered seat in Tallinn, Estonia, email address [email protected]).

1.2.Service: the web environment located at nimistu.ee.

1.3.Data Subject: an identified or identifiable natural person.

1.4.Personal Data: information concerning an identified or identifiable natural person.

1.5.GDPR: the General Data Protection Regulation (EU 2016/679).

2.1.The Service processes the following Personal Data obtained from public sources:

• the names of representatives of legal persons, members of governing bodies, owners, and beneficial owners;
• their dates of birth (required to distinguish between individuals with the same or similar names);
• public register data concerning legal persons and self-employed persons.

2.2.The source of this data is the Estonian Business Register (ariregister.rik.ee). Business Register data is public under § 30 of the Business Register Act.

2.3.The Data Controller does not process:

• special categories of personal data (race, ethnic origin, political opinions, religious beliefs, health data, sexual orientation, trade union membership, or similar);
• private personal data of natural persons (private real estate, debt relationships, biographical data, media coverage);
• private contact details (email address, telephone number, home address).

3.1.Purpose: to promote transparency in the Estonian business environment and the reliability of commerce by enabling anyone to verify the representatives of a legal person or self-employed individual and to assess the reliability of business partners.

3.2.Legal basis:

• GDPR Article 6(1)(e) (task carried out in the public interest): the data is public under § 30 of the Business Register Act, and its publication forms part of the public register's information function;

additionally, GDPR Article 6(1)(f) (legitimate interest): the Data Controller's legitimate interest in providing a free service supporting transparency outweighs the interests of the Data Subjects, taking into account that the processed data is already public and its further publication does not materially change its accessibility. A Legitimate Interest Assessment (LIA) has been documented; a copy can be requested at [email protected].

4.1.Personal Data is updated in line with changes at the source, generally within 24 hours.

4.2.The retention period is not predetermined, as historical Business Register data is also public.

The Data Subject has the following rights under the GDPR:

5.1.To receive information about the processing of their Personal Data and to access it (GDPR Article 15).

5.2.To request the correction of inaccurate data (GDPR Article 16). For substantive corrections, we recommend contacting the Business Register directly first, as the Service republishes data from the source.

5.3.To request the deletion or restriction of processing of data (GDPR Articles 17, 18). Note that the data processed originates from a public register and that deletion is limited to cases where it outweighs the public interest.

5.4.To object to processing (GDPR Article 21).

5.5.To lodge a complaint with the supervisory authority: the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, registry code 70004235, email address [email protected]).

5.6.To exercise the rights of the Data Subject, a request should be submitted to [email protected]. We respond to such requests within 30 days.

6.1.The Data Controller does not sell or transfer the Personal Data processed by the Service to third parties for marketing or other commercial purposes.

6.2.Data may be shared with:

• IT infrastructure providers (server administration, data communications);
• public authorities, where this is legally required (for example, by court order).

7.1.The Data Controller applies appropriate technical and organisational measures pursuant to GDPR Article 32, including:

• encryption of data in transit (TLS) and at rest;
• access restricted on a need-to-know basis;
• regular security updates;
• backup and recovery capabilities.

8.1.The Data Controller will notify users of changes to this Privacy Policy on the Service's website at least 14 days before the changes take effect.

8.2.Last amended: 10 May 2026.