Virtual Operative Services OÜ Information Security and Privacy Policy

1.0 Purpose

The purpose of this policy is to direct the design, implementation and management of an effective Information Security Program, which ensures that Virtual Operative Services OÜ’s information assets are appropriately identified, recorded, and afforded suitable protection at all times.

This document sets forth certain principles regarding the responsible use of information by Virtual Operative Services OÜ and outlines the roles and responsibilities of personnel to protect the confidentiality, integrity, and availability of Virtual Operative Services OÜ’s resources and data.

2.0 Scope

This policy covers Virtual Operative Services OÜ’s information and information systems, including information and information systems used, managed, or operated by a contractor or other vendors and applicable to all Virtual Operative Services OÜ employees, contractors, and other users of Virtual Operative Services OÜ’s information and information systems.

3.0 Policy Statements

  • Implement and maintain the Information Security Program at Virtual Operative Services OÜ.
  • Continuously improve and align information security practices to global best practices and standards.
  • Information security policies shall be reviewed regularly. Virtual Operative Services OÜ, employees shall acknowledge their adherence to these information security policies and practices annually.
  • Security awareness training shall be provided regularly.
  • Internal assessments or audits of Virtual Operative Services OÜ’s Information Security Program shall be performed periodically, and any gaps or findings shall be remediated promptly.
  • A risk assessment process for Virtual Operative Services OÜ’s information assets shall be defined and followed. Risk reduction shall be carried out through the process of continuous improvement.
  • Virtual Operative Services OÜ’s information asset inventories shall be reviewed and updated when a new asset is added and/or an existing asset is upgraded.
  • Business continuity plans (BCPs) and backup plans shall be reviewed and tested at least annually.
  • Roles and responsibilities shall be clearly defined and communicated to relevant individuals.
  • Information should be classified and handled according to its criticality and sensitivity as mandated by relevant legislative, regulatory and contractual requirements.
  • Appropriate contacts shall be maintained with relevant authorities, special interest groups or other specialist security forums.
  • As needed, the security incidents would be reported outside of Virtual Operative Services OÜ by a designated person nominated by executive management.
  • Requirements for confidentiality or non-disclosure agreements reflecting the organization’s needs for the protection of information shall be identified, regularly reviewed and documented.
  • Prevention, detection, and recovery controls to protect against malware shall be implemented by Virtual Operative Services OÜ, and these will be combined with appropriate user awareness.
  • An incident management process shall be established to correctly identify, contain, investigate, and remediate incidents that threaten the security or confidentiality of Virtual Operative Services OÜ’s information assets.
  • Virtual Operative Services OÜ shall develop and maintain a vendor management process for third-party vendor engagement and assessment.
  • Change and vulnerability management controls shall be established and implemented.

4.0 Roles and Responsibilities

4.1 Virtual Operative Services OÜ Board of Directors

The Board of Directors shall be independent of management and provide oversight and direction for Virtual Operative Services OÜ’s Information Security Program. Their responsibilities will include but are not limited to:

  • Ascertaining that there is transparency regarding the significant risks facing Virtual Operative Services OÜ.
  • Obtaining assurance that management has established responsibilities, processes and technology for an effective Information Security Program.
  • Using the output of any Information Management Program assessment to assist in risk management decisions to secure Virtual Operative Services OÜ’s information assets.

4.2 Virtual Operative Services OÜ Executive Management

Executive Management shall provide directions and management support to employees with information security responsibilities at Virtual Operative Services OÜ. The Executive Management team shall report the overall information security and business continuity program to the Virtual Operative Services OÜ’s Board.

Executive Management’s responsibilities shall include:

  • Defining and aligning the scope of the Information Security Program with Virtual Operative Services OÜ’s business requirements and security best practices and standards.
  • Ensuring that information security responsibilities have been assigned and are sufficient to comply with the Information Security Program, including:
  • Overseeing the Information Security Program implementation and security improvement initiatives.
  • Preparing security awareness training material and conducting periodic information security training.
  • Planning and performing periodic Information Security Program assessments and communicating the results to Executive Management.
  • Performing analysis of security incidents and recommending, initiating or tracking corrective actions as applicable.
  • Identifying the subject matter expertise needed to improve information security defenses.
  • Reviewing any reports of the Information Security Program implementation status or assessments.
  • Reporting the overall information security and business continuity program to Virtual Operative Services OÜ’s Board.
  • Providing guidance and oversight for BCPs and Disaster Recovery Management for Virtual Operative Services OÜ and approving the Disaster Recovery Action Plans documented for implementation.
  • Playing an active role during Virtual Operative Services OÜ’s Risk Assessment exercises and defining risk mitigation strategies.
  • Approving Virtual Operative Services OÜ’s information security policies and any changes to the policies and ensuring that the overall information security posture is aligned to business requirements and risks.

4.3 Virtual Operative Services OÜ Chief Information Security Officer (CISO)

Virtual Operative Services OÜ has appointed a Chief Information Security Officer (CISO) from an executive team who is responsible for the organization’s information and data security.

CISO’s responsibilities include (but are not limited to):

  • Overall responsibility for implementing and ensuring information security in Virtual Operative Services OÜ and providing leadership to the enterprise’s information security organization.
  • Approving Virtual Operative Services OÜ’s information security policies, as well as changes or amendments to policies to ensure overall information security posture, is aligned to business requirements and risks.
  • Monitoring continuous security improvements; reviewing and recommending applicable changes in the security policies and processes.
  • Managing and improving Business Continuity Planning (BCP) and Disaster Recovery (DR) preparedness of the organization.
  • Convening with other members of executive management periodically and reporting on security risks and the organization’s security effectiveness.
  • Advising top management on the standards or best security practices to adopt at the organizational level.
  • Ensuring compliance with changing laws and applicable regulations.
  • Communicating the Information Security policies and security programs to the organization through ongoing security training and awareness.
  • Partnering with business stakeholders across the company to raise awareness of risk management concerns.

4.4 Virtual Operative Services OÜ Information Technology (IT) Security

Virtual Operative Services OÜ has appointed an IT Security Manager who is in charge of overseeing the organization’s security operations. The responsibilities of the IT Security Manager include (but are not limited to):

  • Managing the Security Operations team and developing policies and procedures for hiring new employees and developing new processes.
  • Monitoring compliance which includes internal, external, and regulatory compliance.
  • Ensuring internal and external cybersecurity risk management policies are understood and implemented by both vendors and employees. For law and regulation compliance, confirming that the organization complies with industry regulations such as ISO, GDPR, SOX, PCI DSS, COPPA, etc.
  • Collaborating with various departments within the organization to reduce risk by ensuring that technical controls and policies are implemented across the organization.

4.4.1 Security Operations Team

The Security Operations team (as a part of the IT Security team) at Virtual Operative Services OÜ is responsible for maintaining security monitoring tools and investigating suspicious activities. 

The Security Operations team’s responsibilities shall include (but are not limited to):

  • Maintaining all security tools and technology to secure and monitor systems effectively

and updating these tools regularly.

  • Monitoring all operations and infrastructure by reviewing alerts and logs to track the

organization’s digital security impact.

  • Evaluating new technologies and assisting in the implementation of controls that reduce the risk of its operation.
  • Conducting continuous reviews of policies and controls to determine what needs to be

improved or remediated.

  • Liaising with the Incident Management team to ensure that the incident response program

is tested throughout the organization and that employees understand their roles in the

event of an incident.

4.5 Information Technology (IT) Operations

Virtual Operative Services OÜ has appointed a Chief Technology Officer (CTO) who is responsible for supervising the development and delivery of technology for external customers, vendors, and other clients to improve and expand the business. The IT Operations team responsibilities shall include (but are not limited to):

  • Creating technical requirements for the organization’s strategy to ensure alignment with its business goals.
  • Discovering and implementing new technologies that provide a competitive advantage.
  • Assisting departments in making profitable use of technology.
  • Monitoring the system infrastructure to ensure its functionality and efficiency.
  • Utilizing stakeholder feedback to inform necessary technological improvements and


4.6 Human Resources (HR)

The Human Resources team ensures that employees follow security policies designed to protect Virtual Operative Services OÜ, its customers and employees. The HR team responsibilities shall include (but are not limited to):

  • Determining the skills and requirements for positions in information security.
  • Ensuring that employees and contractors are informed of their information security

responsibilities and carry them out.

  • Providing information security management direction and support following business

requirements and applicable laws and regulations.

5.0 Information Security Policies

This document, along with the rest of Virtual Operative Services OÜ’s information security policies define the principles and terms of Virtual Operative Services OÜ’s Information Security Program as well as the responsibilities of the users and employees in carrying out and adhering to the respective program requirements.

Violations of Virtual Operative Services OÜ’s information security policies may result in corrective actions and the start of a disciplinary process.

6.0 Communication

Virtual Operative Services OÜ shall have dedicated communication channels to ensure incidents related to personnel security or breach of policies are reported, evaluated and addressed.

Examples of incidents include, but are not limited to:

  • Breach of security policies
  • Discrimination or harassment of employees
  • Occupational Health and Safety hazards
  • Issues with the quality of work or performance

1.0 Introduction

Virtual Operative Services OÜ is a technology company headquartered in Sepapaja, tn 6

15551 Tallinn EE, which focuses on providing services to Entrepreneurs and Businesses. For more information about our services, please refer to our website:

This Privacy Policy is applicable to Virtual Operative Services OÜ (“we,” “our,” or “us”)  as related to our services, which collectively include:

  • the use of (“website”)
  • the use of the application (“application”)
  • social media messages and marketing campaigns and
  • the use of our products and services.

This Privacy Policy sets out the essential details relating to your personal data relationships with Virtual Operative Services OÜ as:

  • A website visitor
  • An end user of the application (“end user”)
  • A prospective client
  • A job applicant and
  • Partners

Clients contract the use of our application and give access to their employees and other third parties, as solely decided by them, by creating users who access the application with their email address and credentials. The clients’ administrators grant end users roles, which result in different permissions and access rights to the information held in the Client account.

2.0 Personal Information We Collect

2.1 Information You Choose to Provide to Us


We may ask you to provide personal information when:

  • You use the website to download articles, data sheets or eBooks.
  • You request a free trial or demo.
  • You refer a friend to us.
  • You connect with us directly via phone calls or video conferencing platforms.
  • We or Client Account Administrators grant you access to the application.
  • You or Client Account Administrators upload or enter personal information into the


  • You participate in a marketing/sales promotion.
  • You attend trade events and other industry networking events.
  • You register or attend a webinar or other event.
  • You participate in programs we may offer from time to time.
  • You participate in chats.
  • You pay for our services.

If you choose to provide us with a third-party’s personal information (the person’s name, email and company) when taking part in our referral program, you represent that you have the third party’s permission to do so.


We collect personal information that may include first and last name, business email address, phone number and/or company name. As an end user of the application, we collect your name, business email address and any comments you make in the application. In addition, we may collect data uploaded by you, your employer or other users of the application that may be required to use Virtual Operative Services OÜ services. We expect all users to follow their organization’s privacy policy and any applicable regulatory requirements when uploading, accessing and using personal information into our application. 

The data uploaded may include personal information like:

  • Employee names, email addresses and contractual agreements
  • Vendor names, email addresses, contractual agreements or other personal data necessary for Virtual Operative Services OÜ services
  • Customer names and email addresses used to provide services within Virtual Operative Services OÜ’s platform

As a job applicant, we may also collect your resume and cover letter

2.2 Information We Collect Automatically


We collect information about your visits to the website and the application when you land on any of our web pages through cookies and similar tracking technology.

For further information about the types of cookies we use, you can access our Cookie Policy at this link


The information collected includes:

  • access times
  • the pages you view
  • the links you click on
  • the search terms you enter
  • actions you take in connection with any of the visited pages
  • your device information such as IP address, location, browser type and language
  • the Uniform Resource Locator (URL) of the website that referred you to our website and
  • the URL you browse away from our pages if you click on an external link

We may also collect information when you open email messages from us or click on links within those email messages.

2.3 Information We May Collect From Third Parties


We may combine the information we collect from your direct interactions with us with

information obtained through other third-party sources. We also obtain and/or purchase lists from third parties about individuals and companies interested in our products.


The personal information collected includes your name, email address, business address, job

title, company name, and telephone number.

3.0 How We Use Personal Information

We use your personal information to:

  • Deliver the contracted services and allow full use of the application functionality as

purchased by the clients.

  • Deliver training and support to our application end users and/or carry out the transactions you have requested.
  • To communicate with you directly through emails, calls, chats, video conferencing.
  • Process payments for application subscriptions.
  • Send communications to you about:
  •  New application features and upgrades.
  • Our services and offerings.
  • Event announcements.
  • Product notices and changes to our terms and policies.
  • Particular programs in which you have chosen to participate.
  • Promotional offers and surveys.
  • Scheduling demos and managing free trials.
  • Advertise and market our products and services, including delivering interest-based

advertisements on this website and other sites or content syndication platforms and


  • Carry out market research to understand how to improve our services and their delivery.
  • Create and manage marketing campaigns.
  • Generate sales leads and increase our market share.
  • Analyze user clicks and usage of the application and website to improve user experience and maximize usage of our services.
  • Manage our website and application to maintain and deliver the contracted functionality and services .
  • Enforce our website and application terms and/or separate contracts (if applicable) with you
  • Prevent fraud and other prohibited or illegal activities.
  • Protect the security or integrity of the website, application, our business or services.
  • Or otherwise, as disclosed to you at the point of collection or as required or permitted by law.

Please note that sometimes we may record the video conferencing call in which you participate to analyze and improve our staff’s communication skills. If we do so, we will be announcing it at the beginning of the conference call and in the meeting invite, and we will be providing a link to our Privacy Policy in the meeting invites and on the registration page.

We do not sell your information to any third party.

4.0 How We Share Personal Information

Our Application and Services

If you are an end user of our application, your personal information can not, and is not (be) viewable by other users with access to the application.

Service Providers

Third parties make use of the minite application, in order to provide services. These third party service providers do not have access to your personal information, and can only view your general business information as collected by the application, as is reasonably necessary, to perform the contracted tasks according to user needs. We have concluded agreements with such parties, where we require that they, inter alia, protect any shared information; to only use such information for its intended purpose, that is, to deliver the contracted services to the end user; and prohibit them from selling, and/or disclosing such data without our knowledge and consent.

It is possible that we may need to disclose personal information when and as required by law, subpoena or other legal processes as identified in the applicable legislation.

We attempt to notify our clients about legal demands for their personal data when appropriate, in our judgment, unless prohibited by law or court order or when the request is an emergency.

Change in Control

We can also share your personal data as part of a sale, merger, change in control or in

preparation for any of these events.

Any other entity which buys us or part of our business will have the right to continue to use your data, but only in the manner set out in this Privacy Policy unless you agree otherwise.

5.0 How We Secure Personal Information

We are committed to protecting the security of all of the personal information we collect and use. We use a variety of physical, administrative and technical safeguards designed to help protect it from unauthorized access, use and disclosure. We have implemented best-practice standards and controls in compliance with internationally recognized security frameworks. We use encryption technologies to protect data at rest and in transit.

6.0 Your Rights

We provide the same suite of services to all of our clients and end users worldwide.

We offer the following rights to all individuals, regardless of their location or applicable privacy regulations.

For personal information we have about you, you can:

  • Access your personal information or request a copy.

You have the right to obtain information about what personal information we process about you or to obtain a copy of your personal information. If you have provided personal information to us, you may contact us to obtain an outline of what information we have about you or a copy of the information. If you are an end user of the application, you can log in to see the personal information in the account or approach your employer for more information.

  • You have the right to be notified of what personal information we collect about you

and how we use it, disclose it and protect it. This Privacy Policy describes what personal information we collect and our privacy practices. We may also have additional privacy notices and statements available to you at the point of providing information to us directly.

  • Change or correct your personal information.

You have the right to update/correct your personal information or ask us to do it on your behalf. You can edit your information through the user account in the application or ask us to change or correct it by contacting us at

  • Delete or erase your personal information.

You have the right to request the deletion of your personal information at any time. We will communicate back to you within reasonable timelines the result of your request. If, for any reason we are not able to delete or erase your personal information, we must inform you of those reasons and further or alternative actions available to you.

  • Object to the processing of your personal information.

You have the right to object to our processing of your personal information for direct marketing purposes. This means that we will stop using your personal information for these purposes.

  • Ask us to restrict the processing of your personal information.

You may have the right to ask us to limit the way that we use your personal information.

  • Export your personal data.

You have the right to request that we export to you in a machine-readable format all of the personal information we have about you.

We do not process personal information through the use of automated means.

If you would like to exercise any of the rights described above, please contact us at

You also have the right to lodge a complaint with the local organizations in charge of enforcing the privacy legislation applicable in your territory.

7.0 How Long We Keep Your Personal Information

We retain information as long as it is necessary to provide the services to you and our clients, subject to any legal obligations to further retain such information.

 We may also retain information to comply with the law, prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations, enforce our Terms of Service and take other actions permitted by law.

The information we retain will be handled following this Privacy Policy.

Information connected to you that is no longer necessary and relevant to provide our services may be de-identified or aggregated with other non-personal data. This information may provide insights that are commercially valuable to Virtual Operative Services OÜ, such as statistics of the use of the services.

8.0 Other Important Information

We process data in US-Central1, Europe-west3 and rely on legally-provided

mechanisms to lawfully transfer data across borders, such as contracts incorporating data protection and sharing obligations.

We will only collect and process your personal data where we have a lawful reason for its collection.

When you visit our website and provide us with your personal information, we collect and use it with your consent.

As an application end user, you consent to our collection of your personal information when you log in for the first time. However, your employer has control of the account and may upload and share additional personal information. Your employer’s responsibility is to ensure that collecting, using and sharing the personal information uploaded to the application complies with all applicable legislation.

You can review the terms and conditions of use here:

Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact us at

How to select your communications preferences

You may choose to receive or not receive marketing communications from us. Please click the “Unsubscribe” link in the email we sent you to stop receiving marketing communications.

You may choose which information we collect automatically from your device by controlling cookie settings on your browser or by selecting your preferences through our Cookie Policy.

Even if you opt-out of receiving marketing communications, we may still communicate with you regarding security and privacy issues, servicing your account, fulfilling your requests, or administering any promotion or any program in which you may have elected to participate.

9.0 Contact Information

You may contact us to exercise any of your rights or ask for more information about your

personal information and our privacy practices by contacting us at


A.1 For Individuals Based in the European Union (EU),

European Economic Area (EEA) and Switzerland

If you are based in one of these jurisdictions, Virtual Operative Services OÜ is the controller of your personal data collected in the following instances:

  • When you visit our website on
  • When we process your personal data for sales and marketing purposes

Virtual Operative Services OÜ is a processor of all personal data processed on the application, on behalf of our clients. We only process the personal data under their direction. Please contact your employer or the organization that granted you access to the application for details on their privacy practices.

We only process personal data if we have a lawful basis for doing so. The lawful bases

applicable to our processing as controller are:

  • Consent: We will ask for your express and informed consent every time we collect your personal data on this legal basis.
  • Contractual basis: We process the personal data as necessary to fulfill our contractual

terms with you or our clients.

  • Legitimate interest: We process the names, contact details, job titles, companies of our

existing and prospective clients for our marketing purposes, including market research

and sales leads generation.

You have the following rights under the GDPR:

  • Be informed about the collection and use of your personal data
  • Access your personal data
  • Correct errors in your personal data
  • Erase your personal data
  • Object to the processing of your personal data.
  • This right is also available to individuals whose personal data is processed by us for direct marketing purposes. If you object to the processing of your personal data for direct marketing purposes, we shall stop processing within 30 days of receipt of your request.
  • Export your personal data
  • Restrict our processing of your personal data for specific reasons, including any of the

purposes supported by the legitimate interest legal bases (see the section above).

We process personal data in Germany, we do not share it with our service providers. We use standard contractual clauses as the data transfer mechanism of transferring EU data to countries subject to data transfer requirements. See the table of our service providers here. 

You may contact us at or you may contact our EU

Data Representative at:

You may also lodge a complaint with your local supervisory authority, EU Data Protection Authorities (DPAs) or Swiss Federal Data Protection and Information Commissioner (FDPIC).

See their contact details here National Data Protection Authorities.

A.2 For Individuals Based in California

This section provides additional specific information for consumers based in California as required by the California Consumer Privacy Act of 2018 (“CCPA”).

A.2.1 Collection and Use of Personal Information

In the last 12 months, we have collected the following categories of personal information:

  • Identifiers, such as your name, mailing address, email address, zip code, telephone

number or other similar identifiers

  • California Customer Records (Cal. Civ. Code § 1798.80(e)), such as username and

password, company name, job title, business email address and department

  • Internet/network information, such as your browsing history, log and analytics data,

information about the device(s) used to access the services and information regarding

your interaction with our websites or services and other usage data

  • Geolocation data, such as information about your location (at country and city level)

collected from your IP address

  • Sensory Information, the content, audio and video recordings of conference calls between you and us that we record where permitted by you and/or the law
  • Profession/employment information that you send to us when applying for a position

included in your CV and cover letter

  • Other personal information, such as personal information you provide to us in relation to a survey, comment, question, request, article download or inquiry and any other

information you upload to our application

We collect personal information directly from you, from your browser or device when you visit our websites, from third parties that you permit to share your information or from third parties that share public information about you, as stated above.

See the section above, “How We Use Personal Information,” to understand how we use the personal information collected from California consumers.

A.2.2 Recipients of Personal Information

We do not share personal information with third parties for business purposes. The categories of third parties to whom we disclose your business information may include: 

(i) our service providers and advisors, 

(ii) marketing and strategic partners; 

(iii) analytics providers; and 

(iv) social networks 

Please see the “How We Share Information” section of the Privacy Policy above for more information.

A.2.3 California Privacy Rights

As a California resident, you may be able to exercise the following rights in relation to the personal information about you that we have collected (subject to certain limitations at law):

  • The right to know any or all of the following information relating to your personal

information that we have collected and disclosed in the last 12 months (upon verification

of your identity):

  • The specific pieces of personal information we have collected about you
  •  The categories of personal information we have collected about you
  • The categories of sources of the personal information
  • The categories of personal information that we have disclosed to third parties for a business purpose, and the categories of recipients to whom this information was disclosed
  • The categories of personal information we have sold and the categories of third parties to whom the information was sold, and
  • The business or commercial purposes for collecting or selling the personal information.
  • The right to request deletion of personal information we have collected from you, subject to certain exceptions.
  • The right to opt-out of personal information sales to third parties now or in the future.

However, we do not sell your personal information.

You also have the right to be free of discrimination for exercising these rights.

Please note that if exercising these rights limits our ability to process personal information (such as a deletion request), we may no longer be able to provide you with our products and services or engage with you in the same manner.

A.2.4 How to Exercise Your California Consumer Rights

To exercise your right to know and/or your right to deletion, please submit a request by

contacting us at

We will need to verify your identity before processing your request.

In order to verify your identity, we will generally require sufficient information from you so that we can match it to the information we maintain about you in our systems. 

Sometimes we may need additional personal information from you to be able to identify you. We will notify you.

We may decline a request to exercise the right to know and/or right to deletion, particularly where we cannot verify your identity or locate your information in our systems or as permitted by law.

You may choose to designate an authorized agent to make a request under the CCPA on your behalf. No information will be disclosed until the authorized agent’s authority has been reviewed and verified. Once an authorized agent has submitted a request, we may require additional information (i.e., written authorization from you) to confirm the authorized agent’s authority.

If you are an employee/former employee of a Virtual Operative Services OÜ client that uses our application and services, please direct your requests and/or questions directly to your employer/former employer.

If you are a third party (auditor, business associate, etc.), who was given access to the

minite application by a Virtual Operative Services OÜ client, please direct your requests and/or questions directly to the Virtual Operative Services OÜ client that gave you access.

Minors Under Age 16

Our application and services are intended for business use, and we do not expect them to be of any interest to minors. We do not intentionally collect any personal information of consumers below the age of 16. We do not sell the personal information of California consumers.