Privacy Policy

1. Figure Baltic Advisory as a personal data processor.

1.1 The personal data controllers are Figure Baltic Advisory OÜ, Reg No 11466977 and Figure Baltic Advisory SIA, Reg No 40203423228 (hereinafter Figure). Contacts: 627 7077;, postal address Sepapaja 6, Tallinn 11415.

1.2 You can contact Figure Data Protection Officer by e-mail at

1.3 Figure is a talent advisory agency. Figure's main focus is on finding and developing talents, as well as conducting research on human resources. We offer career development solutions for talents, help companies to find new employees and keep them, and design new organizational cultures and salary systems.

1.4 Figure abides by the following principles of personal data processing.

  • Processing of personal data is legal, fair and transparent.
  • Figure collects and processes personal data only for specified and lawful purposes.
  • Personal data is relevant, important, correct, collected to the extent necessary and updated, and the correction of the data is guaranteed when needed.

1.5 Figure saves personal data as long as is necessary for provision of the services that the data subject has requested, either until the deadline fixed in the cooperation agreement or for the term set by the law. Any collected data that is not personalized will be saved indefinitely.

1.6 Figure has thoroughly considered data protection issues and has taken various measures to ensure data security. The measures taken are the following: encryption, pseudonymization, authentication with passwords, password hashing and secure connection (https).

1.7 While choosing IT partners Figure takes into account the importance of data protection and obliges partners to comply with data protection rules.


2. Personal Data that is processed.

2.1 Figure processes personal data that the data subject has entered into the Figure Talentbank or that contracted partners have inserted into the Salary Survey Portal, and data received from contracted partners and collected by Figure , including analysis of data on web traffic and campaigns (Facebook Business Manager, LinkedIn, Figure homepage, Google Analytics).

2.2 Figure processes the following personal data:
First name, family name, ID, email, phone number, address, Skype address, user account of the data subject on websites (such as LinkedIn, Facebook etc.), language skills, other data listed in the CV (such as interests, hobbies, software skills etc.), business activities and volunteering, membership in non-governmental organizations, expectations at work (such as salary expectations, expectations of the employer etc.), description of suitable jobs, references, work experience, salary details, education, training, participation in courses run by Figure (including participation in/absences from training days, payment of participation fees, satisfaction/feedback), overview of Figure services used by the data subject (such as career counseling, coaching etc.), professional profile (strengths, development needs, values, competences etc.), test results of the data subject, competition results (participation in job competitions, advancement, non-advancement, withdrawal), summaries of interviews. When the user signs into Figure web environment, the username and password will be saved. When the data subject is active in Figure web environment, the system logs data about his/her actions and inquiries (IP, session, inquiries). In addition, a security log is created that includes information about logging in and out by persons.


3. Location and forwarding of data.

3.1 Figure does not publish, enable access to or forward any personal data to third persons. Only Figure and persons authorized by Figure (such as software developers, IT service providers) have access to the Figure web environment and the data it contains.

3.2 As part of the service, Figure may forward personal data to third persons, primarily to employers, who ensure the relevant data protection and with whom a confidentiality agreement is concluded.

3.3 Cooperation partners of Figure may be companies from Estonia, the EU, the EEA or in third countries that are listed by the European Commission as countries with an adequate level of data protection.


4. Purpose of data processing and legal grounds.

4.1 Processing of personal data is needed in order to provide services of Figure, to ensure the functioning of the web environment and to comply with legal obligations.

4.2 Legal basis:

  • 4.2.1 Figure processes personal data with the consent of the data subject. Such consent has been given by the data subject voluntarily for one or multiple purposes. The data subject has the right to withdraw his/her consent at any time.
  • 4.2.2 Figure processes personal data for the performance of the concluded agreements or to take measures preceding the conclusion of the agreement according to the request by the data subject/the client.
  • 4.2.3 Figure processes personal data to fulfill its legal obligations. Figure as a training institution fulfills the requirements set by law for training institutions. In addition, Figure processes personal data for fulfilling obligations set by other laws (such as the Accounting Act and the Employment Contract Act).
  • 4.2.4 Figure processes personal data in case of legitimate interest, except in cases when such interest is outweighed by the interest or basic rights of the data subject requiring protection of the personal data. Figure’s legitimate interest may arise from direct marketing purposes, from improvement of the services, from securing safety of the network and information system, or from fraud prevention. Figure evaluates the existence of the legitimate interest carefully, while taking into account the principles of personal data processing.

4.3 Figure uses automated data processing:

  • 4.3.1 if the user, registered in Figure Talentbank, has expressed a desire to receive suitable job and training offers;
  • 4.3.2 in case of targeted searches in Figure Talentbank, filtering users by the search criteria (such as position, employment length, field of activities etc.) in order to find users to whom the targeted offer may be addressed this action is based on the user’s consent, which he/she may withdraw at any time).
  • 4.3.3 The logic of automated decisions is based on information the user has inserted into the Talentbank him/herself.


5. Rights of the Data Subject.

5.1 The Rights of the Data Subject are described in Articles 15 to 22 of the GDPR, according to which every individual has the right:

  • to view the personal data about him/her;
  • to request the correction of the data;
  • to request the deletion of the data (the right “to be forgotten”);
  • to restrict the processing of the personal data;
  • to object the processing of the personal data;
  • to demand the transfer of the personal data;
  • to oppose automated decision making (including profiling);
  • to withdraw his/her consent;
  • to file a complaint with the data protection supervisory authority.


6. Cookies.

6.1 Cookies are small data blocks that are installed by the websites the user visits on his/her computer.

6.2 Figure uses cookies in order to secure the functioning of the web environment, to make it smoother and to enable analytics.

6.3 To manage the session, cookies are used that monitor the actions and moving of the user in the web environment with the purpose of securing the functioning of the system and solving problems, if such appear. In addition, there are cookies that remember the user, meaning that the user does not need to log in again. There are also cookies, that remember the language choice.

6.4 Figure also uses Google Analytics functions to analyze the use on the web environment.

6.5 Users have an option to disable cookies in their browsers, but this may cause problems in the functioning of the web environment and prevent its use.


7. Inquiries and a right for complaint.

7.1 In order to realize the data subject’s rights, the data subject must contact Figure Data Protection Officer, Ms. Kristina Udras, sending his/her request or objection by email to

7.2 The data subject has a right to file a complaint with the Data Protection Inspectorate at any time.