top of page

Privacy Policy

Last update: 24 January 2024

Icon.Partners is an independent law firm. In the course of Our activities, We collect, store, disclose and/or otherwise process Personal Data.

Our Users' and Visitors' privacy and security are of primary importance to us. We undertake to protect the data You provide to us. This Privacy Policy explains how Icon.Partners (AndAnd Operations OÜ, a company registered under the laws of Estonia with a registered address at Narva mnt 7 – 634 Kesklinna linnaosa Tallinn, 10117 Harju maakond Estonia) (hereinafter – «ICON», «We», «Our») processes information that can be used to directly or indirectly identify individuals («Personal Data») and has been collected through the use of Our Website. Under the «Website», it is understood a website, access to which may be received at


1.1. This Policy applies to the following individuals:

1.1.1. any individual who uses the services available on Our Website or otherwise uses Our Website (for this Policy, We define the term «User», «You» and «Your»);

1.1.2. any individual who visits Our Website, including Users (for this Policy, We define the term «Visitor», «You» and «Your»).


1.2. If You do not carefully read, do not fully understand, or disagree with the Privacy Policy, You must immediately stop using Our Website.

1.3. This Privacy Policy applies only to Our Website.

1.4. Please be attentive when visiting Our Website. Our Website may contain links to other websites. Once You link to another website, this Policy no longer applies. We are not responsible for the content or privacy policies of other websites.

1.5. We assume that all Visitors and Users have read this document carefully, understand its content, and agree to the terms and conditions outlined in this Privacy Policy. If You do not agree to this Privacy Policy, You must refrain from using Our Website.

1.6. We may occasionally change and update Our Privacy Policy, so please review it frequently. All changes and updates to this Privacy Policy are effective when posted on the Website. We reserve the right to change and update this Privacy Policy at any time without prior notice.

1.7. If there are any changes to this Privacy Policy that We believe are material, We will make every effort to notify You in advance through Your contact information provided to us or by posting a notice on Our Website.


2.1. The following terms shall have the following meaning:

«Cookies» — are small text files that are placed on Your device, such as Your computer, smartphone or tablet, by Your browser when You visit any website. They allow You to be recognized as the same visitor and store information collected on one web page until it is needed for use on another.

«Data Controller» — a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and how any Personal Data are or are to be, processed. 

«Personal Data» — information that can be used to directly or indirectly identify individuals and has been collected through the use of Our Website. 

«Visitor» — any individual who visits Our Website, including Users. 

Any terms and definitions not expressly defined in herein shall carry the meanings ascribed to them in the Terms of Use.



Icon.Partners (AndAnd Operations OÜ, a company registered under the laws of Estonia with a registered address at Narva mnt 7 — 634 Kesklinna linnaosa Tallinn, 10117 Harju maakond Estonia) is the Data Controller that is responsible for the Personal Data collected and used within the scope of this Privacy Policy.


4.1. We adhere to the following principles to protect Your privacy:

4.1.1. principle of purposeful limitation — We process Personal Data fairly and transparently, solely for the achievement of specific, clear, and legitimate purposes, and We do not process them in a manner inconsistent with such data processing purposes;

4.1.2. principle of data minimization — We collect Personal Data only to the extent necessary to achieve the defined purposes. We do not store Personal Data if it is no longer needed or if the purposes for which the Personal Data was collected have been achieved;

4.1.3. principle of limited use — We use Personal Data for any other purpose only with the consent of the data subject or without such consent if the competent authority expressly permits it;

4.1.4. principle of data quality — We always keep Personal Data up-to-date and complete to more effectively achieve the ultimate purpose of data processing;

4.1.5. principle of security and integrity — We process Personal Data in a way that ensures adequate security of Personal Data, in particular their protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical and organizational measures;

4.1.6. principle of individual participation — We inform Users and Visitors about data collection. Users and Visitors have the right to access their Personal Data and request the correction of inaccurate or misleading data.


5.1. We may collect, record and analyze information about the Visitors of Our Website. If Our Website is accessed solely for information, i.e., when You do not provide us with any information, We collect only Personal Data that Your browser has transmitted to Our server. If You want to visit Our Website, We collect the following data (after this — «Usage Data»), which is necessary for technical purposes to enable us to display Our Website to You and to ensure sufficient stability and security of access (therefore, the legal basis for this is the legitimate interest of ICON):

5.1.1IP address;

5.1.2Date and time of the request;

5.1.3Time zone difference for Greenwich (GMT);

5.1.4Content of the request (exact access to the web page);

5.1.5Access status / HTTP status code;

5.1.6Amount of data transmitted in each case;

5.1.7Site generating the request;


5.1.9OS and OS interface;

5.1.10Language and browser version.


5.2We use this information in the aggregate to evaluate the popularity of web pages on Our Website and the effectiveness of Our content delivered to You. In combination with other information We know about You from previous visits, this data may be used to identify You personally. The information collected in this way is stored for no more than one (1) year.

5.3If You interact with Our contact form or submit Your CV application, We may collect and process Your Personal Data, including phone number, name, date of birth or any other that You include in Your application.


6.1. The basis for Usage Data processing is Our legitimate interest. It is necessary for the efficient and effective management, operation of Our business, and the provision of quality services, including website maintenance, product development and improvement, and to identify who may be interested in them.

6.2. Our Website allows You to contact us using the contact form. To do this, You need to specify Your name, phone number (messenger), and the text of Your request. We use the Personal Data collected only to contact You as You await Our response to Your request, and We may also record Your request and Our response to improve the efficiency of the organization and operation of Our support service. We store information that can be used to identify You personally associated with Your request, such as Your name and phone number (messenger) (if You have provided us with such data), so that We can contact You and provide You with quality services. If You do not wish us to collect Your Personal Data, please do not use Our contact form and do not give Your consent. However, regardless of whether You use Our contact form or not, certain Cookies are always active on Our Website and may be placed without Your consent. To learn more and get detailed information about the use of Cookies, Visitors and Users can refer to Our Cookie Policy, which is available on Our Website.

6.3. You can become a part of Our team by using the contact form. To do this, You need to provide Your name, surname, and email address, select a position from those offered in the contact form, and attach Your CV and / or specify other data. We use this data to assess Your suitability for the position and to ensure Our internal control and security.

6.4. The basis for the processing of the Personal Data of Our Visitors is their consent to the processing of their Personal Data for communication with them. We use such Personal Data in ways You would reasonably expect and that have minimal impact on Your privacy.

6.5. The basis for the processing of Personal Data for marketing purposes is also the consent obtained from You. We use Personal Data in ways You would reasonably expect and that have minimal impact on Your privacy.

6.6. Wherever possible, We seek to obtain Your explicit consent to the processing of Your Personal Data, for example, by asking You to consent to the use of Cookies.

6.7. Visitors and Users can control the use of Cookies at a specific browser level. If You reject Cookies, You may still use Our Website, but Your ability to use certain features or sections of Our Website may be limited. To learn more and get detailed information about the use of Cookies, Visitors and Users can refer to Our Cookie Policy, which is available on Our Website.


7.1. Compliance with General Data Protection Regulation (GDPR). For Visitors and Users located in the European Economic Area («EEA»), privacy rights are granted, and all processing and transfer of Personal Data is carried out in accordance with the regulations and rules of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 «On the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, known as the General Data Protection Regulation» (GDPR).

7.2. We process Personal Data as a Controller as defined in the GDPR:

7.2.1. ICON will be the Controller of Visitors' and Users' data as set out above in the «Lawful Basis of Information Processing» section.

7.3. For non-EU persons. Personal Data is treated in compliance with generally accepted international laws and applicable to You regulations, including, but not limited to:

7.3.1. If You are located in California, all processing of Personal Data is performed in accordance with regulations and rules following the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. («CCPA»).

7.3.2. If You are located in the United Kingdom, all processing of Personal Data is performed in accordance with regulations and rules following the Data Protection Act 2018 («DPA 2018») and UK General Data Protection Regulation («UK GDPR»).

7.4We do not sell Your Personal Data to third parties.

7.5If We decide to transfer the rights of the Website, We will inform You about this, so You can forbid Us to transfer Your Personal Data together with Our business. If so, We will delete Your Data from the databases prior to a business transfer.

7.6If You believe Our Privacy Policy does not comply with the laws of Your jurisdiction, We would like to receive feedback from You. Ultimately, however, it is Your choice whether or not You wish to use Our Website.


8.1. Visitors and Users may review, correct, update, delete and transmit their Personal Data. To do this, please contact us at We will acknowledge Your request within seventy-two (72) hours and process it as soon as possible and in accordance with the law. 

8.2. Subject to possible restrictions under applicable national law of the data subject You may have certain rights regarding the Personal Data that We collect on You, particularly:

8.2.1. Right to object to the processing of Your Personal Data. Visitors and Users have the right to object to Our processing of their Personal Data by contacting us at or using the functionality of the Website. Once We receive an objection, We will no longer process Your Personal Data unless it is necessary to provide Our services or We demonstrate other legitimate grounds for Our processing that override Your interests, rights, and freedoms or for legal proceedings.

8.2.2. Right to access Your Personal Data. Visitors and Users have the right to find out whether We process their Personal Data, what categories of Personal Data We process about them, the purposes of the processing, the categories of third parties to whom We may disclose the Personal Data of Visitors and Users, the storage period of their Personal Data or the criteria for determining it by contacting us at

8.2.3Right to verification and correction. Visitors and Users have the right to verify their Personal Data's accuracy and request its update or correction. Upon receipt of such a request, We have the right to verify the grounds for updating or correcting Personal Data and request additional information and documents from You that confirm such grounds. If there are sufficient grounds to update or correct Personal Data, We will make the necessary changes as soon as possible.

8.2.4Right to restrict the processing of Your Personal Data. Visitors and Users have the right, under specific circumstances, to request that We restrict the processing of their Personal Data as required by applicable data protection laws, such as when Our processing is unlawful. In this case, We will not process Your Personal Data for any purpose other than to store it.

8.2.5Right to receive Your Personal Data and to transmit it to another Controller. Where Our processing is based on Your consent and is carried out by automated means, You have the right to receive Your Personal Data in a structured, commonly used, and machine-readable format and, where technically feasible, to transmit it to another Controller without any hindrance.

8.2.6Right to withdraw consent. Where Our processing is based on Your consent, You may withdraw Your consent at any time by sending us an email to with Your request for Personal Data to be deleted, and We will delete Your Personal Data within seventy-two (72) hours.

8.3.You also have the right to file a complaint with a supervisory authority if You believe We are violating Your rights. But We ask You to contact us first so that We can help You.

8.4When We receive any request to access, edit or delete personally identifiable information, We reserve the right to initially take reasonable steps to verify Your identity before granting You access or otherwise taking action. This is essential to protect Your information.


9.1. We may send marketing and informational messages to Users and Visitors through various platforms, such as email and instant messaging systems. Where required by law, We ask for Your explicit consent to receive such messages. When We send You messages, We aim to include instructions on how to opt-out of receiving such messages in the future. Still, if We do not include such instructions, You may contact us at to unsubscribe from receiving such messages.

9.2. We may use Your data to form an idea of what We think You may need or be interested in. This is how We decide which products, services, and offers may be relevant to You (We call this marketing).

9.3. You will receive marketing and informational messages and other news about Our services from us if You have requested information or purchased Our services or if You have provided us with Your data when You contacted us and explicitly indicated that You wish to receive this information.

9.4. We may send You the following messages to a targeted set of individuals from Our marketing database: invitations to industry events that We host or attend; informational messages; current industry news; news about Our company and the services We offer; other information that We believe may be of interest to Our Users and Visitors.

9.5. We may also inform You about products or services provided by trusted partners. We may also survey You to determine Your opinion about Our services.

9.6. We do not provide lists of Users and Visitors to third parties in any way, except as outlined in this Privacy Policy.


10.1. Personal Data shall be processed and stored only for as long as is necessary for the purpose for which it was collected.

10.2. We will store Your Personal Data for as long as You are Our User or Visitor. Suppose You are no longer a Visitor or User. In that case, We will store Your Personal Data for the minimum period necessary to fulfill the purposes outlined in this Privacy Policy and applicable legal obligations, but no longer than twelve (12) months. Personal Data that is collected and processed with Your consent will be stored for as long as We have Your consent.

10.3. Information received through contact forms is deleted annually. We will delete Your information if You have not contacted customer support at for more than twelve (12) months.

10.4. We will delete any Usage Data collected for technical purposes no later than twelve (12) months after it has been collected.

10.5. After the expiry of the storage period, We shall delete Personal Data. Therefore, the right to object to the processing, the right to access, the right to delete, the right to correction, the right to restrict the processing, and the right to receive and transmit Personal Data cannot be exercised after the expiry of the storage period.


11.1. We care about the security of Your Personal Data. We adhere to generally accepted industry standards to protect the data transmitted to us, both during transmission, and after it is received. We take technical, physical, and administrative security measures to ensure that Your Personal Data is adequately protected. When We process Your data, We also ensure that Your data is protected against unauthorized access, loss, manipulation, falsification, destruction, or unauthorized disclosure. This is achieved through appropriate administrative, technical, and physical measures.

11.2. No 100% secure way to transmit data over the Internet or electronic storage exists. Therefore, We cannot guarantee their absolute security.

11.3. We never process any special categories of Personal Data and/or data on criminal offenses. In addition, We never conduct Personal Data profiling.


12.1. We cooperate with third-party service providers who provide us with services such as website development, hosting of Our Website, maintenance, emailing, marketing, technical support and collateral, information technology and cybersecurity services, customer support, and other services. These contractors may access the Personal Data or process it on Our behalf as part of their services to us. We limit the information provided to Our service providers to only that which is reasonably necessary to perform their functions.

12.2. We may need to transfer Your Personal Data to third parties who provide these services. If Your Personal Data is transferred outside the European Economic Area («EEA»), We require such third parties to maintain appropriate security measures.

12.3. We ensure that We hold data processing agreements with Our service providers that ensure compliance with the GDPR and Our contracts with them which require the privacy of Personal Data. All data transfers within and outside the EEA are carried out under these data processing agreements. All data transfers are carried out under the strictest security rules.

12.4. For more information on cross-border information transfers to Our partners, service providers, and developers outside the EU/EEA, please contact us using the details provided in the «Contact us» section below.


13.1. If You have any questions about the operation of Our Website or Your interaction with it, please contact us at


bottom of page