Privacy Notice/ Policy
Like most businesses, Christie’s International Real Estate Signature Estate Collection (CIRESEC) holds and processes a range of personal information about its clients and other individuals who may be interested in our services.
This Privacy Notice applies to all CIRESEC operations in Estonia and other global locations. It explains the types of personal data that we collect, why we process it, and how this processing may affect you.
We may update this Privacy Notice from time to time to reflect changes in legislation, regulatory guidance, or our business practices. Updated versions will be published on this webpage. Where appropriate, we may notify you by email or a notice on our website. We encourage you to review this page regularly.
Who we are
We are Estate Collection Ltd., registered in Estonia under company number 16417676, with its registered office at Maakri 36-140, Tallinn, 10415, Estonia.
Estate Collection Ltd. is the exclusive affiliate for Christie’s International Real Estate in Estonia and acts as the primary Data Controller for the purposes of EU and EEA Data Protection Law, including the General Data Protection Regulation (GDPR) and national legislation implementing the GDPR and the ePrivacy Directive.
If you have questions about this notice or our data practices, you can reach us at info@signature.ee.
How and when do we collect your personal data?
Collection directly from you
Most of the personal data we process is provided directly by you (in person, by phone, via email, or online). For example:
- When you agree to market or sell your property through CIRESEC or ask for a valuation.
- When you express interest in buying or selling property.
- When you subscribe to our newsletter.
- When you complete a form on signature.ee.
- When you attend a CIRESEC event.
Automatic collection
- Premises: If you visit our offices or events, your image may be captured on CCTV for security purposes.
- Website: We collect technical data (IP address, browser type, operating system, device identifiers, usage data) to administer and improve our services.
- Cookies and similar technologies: We use cookies and comparable tools for analytics, performance, and personalization. For details, please refer to our Cookies Policy.
Collection from other sources
We may also collect information about you from:
- Referrals or introductions by third parties.
- Publicly available sources such as property registers, press, auction records, or exhibition catalogues.
- Professional contacts providing references or feedback in connection with property or related services.
What personal data do we process and why?
We only process personal data where we have a lawful basis under GDPR. Below is an overview:
| Purpose | Examples of personal data | Legal basis |
| To provide requested services (property marketing, valuations, events) | Name, title, contact details, property details, payment info, contractual terms | Performance of a contract |
| To comply with legal requirements (AML/KYC, tax, customs, sanctions screening, anti-discrimination) | Date of birth, ID documents, past transactions, tax info, permits, accessibility needs | Compliance with a legal obligation |
| To protect staff, visitors, and premises | CCTV recordings | Legitimate Interests |
| To provide property updates, newsletters, and marketing | Name, email, preferences, communication history | Legitimate Interests (existing clients) / Consent (prospective clients, newsletter signups) |
| To improve website and digital services | IP address, cookies, device data, usage logs | Legitimate Interests |
| To improve client experience, train staff, handle complaints | Feedback, survey responses, recorded calls (if applicable) | Legitimate Interests |
Who may access your personal data?
- Within CIRESEC: Your data may be shared between group companies where necessary for service delivery.
- Service providers: We share data with trusted partners (banks, insurers, IT providers, logistics, event venues, property experts) under confidentiality and data processing agreements.
- Network partners: Where you request property services abroad, we may transfer your data to Christie’s International Real Estate affiliates and local partner agents.
- Authorities: We disclose personal data only where legally required (e.g. court order, regulator request, AML obligations).
We do not sell your personal data to third parties for independent marketing.
International transfers
As part of the Christie’s International Real Estate network, your data may be transferred outside the European Economic Area (EEA).
Where we do so, transfers are protected by adequate safeguards such as:
- European Commission adequacy decisions (where applicable), or
- Standard Contractual Clauses (SCCs) approved by the European Commission.
You can request more details about these safeguards at info@signature.ee.
How long do we keep your personal data?
We retain your data only for as long as necessary:
- To provide services and maintain business records.
- To comply with tax, legal, and regulatory obligations.
- To protect against potential legal claims.
Retention periods are determined in line with legal requirements and internal policies.
How do we protect your personal data?
We use technical and organisational measures such as:
- Encryption, secure servers, firewalls, and access controls.
- Internal policies and staff training.
- Third-party due diligence before data sharing.
While we take all reasonable steps, no system is 100% secure. Transmission of data online is at your own risk.
Third-party websites
Our website may contain links to external sites. We are not responsible for their privacy practices, and you should review their privacy notices separately.
Your rights (for EU/EEA residents)
You have the following rights under GDPR:
- Access: Obtain confirmation and a copy of your data.
- Rectification: Correct inaccurate or incomplete data.
- Erasure (“Right to be forgotten”): Request deletion, subject to legal limits.
- Restriction: Request limited processing in certain cases.
- Portability: Receive your data in a machine-readable format for transfer to another controller (where lawful).
- Objection: Object to processing based on legitimate interests or direct marketing.
- Withdraw consent: If processing is based on consent, you may withdraw it at any time.
To exercise your rights, contact us at info@signature.ee.
If you are dissatisfied, you may also lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or your local supervisory authority.
Glossary (key GDPR terms)
- Data Controller: Entity determining purposes and means of processing.
- Personal Data: Information relating to an identifiable individual.
- Processing: Any operation on personal data (collection, use, transfer, deletion).
- Legitimate Interests: Business interests balanced against individuals’ rights and freedoms.
- Consent: Freely given, informed, unambiguous agreement.
- EEA: European Economic Area (EU + Norway, Iceland, Liechtenstein).
- Standard Contractual Clauses (SCCs): EU-approved contractual safeguards for international data transfers.