Controller
Who is responsible for processing
The operator and controller of personal data for eLearning.ee is IT ProLab OÜ.
Contact
info@elearning.ee
Purpose
Certificate verification and related platform administration
What we process
Categories of personal data
Certificate record data
We may process certificate-related data such as UID, learner name, course name, issuer name, document type, issue date, certificate number, status and internal notes.
Verification usage data
We may process technical request data needed for secure and reliable verification, such as access logs, request metadata and service diagnostics.
Communication data
If you contact us or a connected organisation regarding a certificate record, we may process your contact details and message contents.
Why we process data
Purposes of processing
Certificate verification
To confirm whether a certificate or diploma corresponds to a record in the verification system.
Platform administration
To operate, maintain, protect and improve the verification service and connected platform functions.
Support and communication
To respond to questions, requests and data protection enquiries from certificate holders, connected organisations and other users.
Legal basis
How we justify processing
Depending on the situation, we may process personal data on the basis of consent, legitimate interests, or where processing is necessary to provide and administer certificate verification services.
Where fuller public display of certificate details is enabled for shareable verification use, we aim to rely on clear prior information and, where appropriate, consent.
Personal data should be processed lawfully, fairly and transparently, and only to the extent necessary for the intended verification purpose.
Public verification
What may be shown on verification pages
Verification pages may display limited certificate data needed to confirm the existence and status of a certificate record. Depending on the record configuration, the page may show either fuller information or a limited display format.
Limited display
Some records may be shown in a limited or masked format in order to reduce the amount of personal information displayed while still allowing verification.
Shareable verification links
If a certificate holder chooses to share a verification link, the linked verification result becomes accessible to the recipients of that link.
UID-based access
Verification records are accessed through long unique UIDs. eLearning.ee uses long randomly generated identifiers to make accidental discovery or guessing of a valid verification link extremely unlikely.
Data sharing
Who may receive personal data
Personal data may be processed by the platform operator, connected issuing organisations, service providers acting on our behalf, and recipients of a verification link where a certificate holder or another authorised party shares that link.
Retention
How long we keep data
We retain certificate verification records and related administrative data only for as long as reasonably necessary for the verification purpose, platform administration, legal compliance, dispute handling and record integrity.
Security
How we protect data
We apply organisational and technical measures intended to reduce unauthorised access, misuse, accidental loss and destruction of personal data.
These measures are designed to support lawful, fair and transparent processing and to reduce the risk of unauthorised access, accidental loss or destruction.
Your rights
Rights of data subjects
Access and information
You have the right to receive information about how your personal data is processed and to request access to your data.
Rectification and objection
You may request correction of inaccurate data and, where applicable, object to certain processing activities.
Erasure and restriction
You may request erasure or restriction of processing where the legal conditions for those rights are met.
Response timing
We aim to respond to data protection requests within a reasonable period and, where applicable, within the time limits required by law.
Contact
How to contact us
For privacy-related questions, certificate display requests, objections, correction requests or other data protection matters, please contact:
Complaints
Supervisory authority
If you believe your personal data has been processed unlawfully, you may contact the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, AKI).
Updates
Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in the platform, verification workflows, legal requirements or organisational practices.