Privacy Policy

Scope of this Privacy Policy

This Privacy Policy applies to all services offered by NJ Production (hereinafter “NJ”). This Privacy Policy explains how NJ uses personal information about natural persons (hereinafter “You” or “data subject”). NJ is an Event & Communication agency company that provides meetings and events services to its corporate clients, sometimes including business travel services. This Privacy Policy does not apply to services offered by other companies or individuals.

NJ is committed to ensuring the protection of the personal data which is processes. When processing any personal data, NJ does this in compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter “GDPR”) and other applicable data protection related legal acts.

Data controller

Name of the controller: NJ Production OÜ

Company registration code: 11428250

Address: Valukoja 8/1, 11415 Tallinn

Contacts: [telephone: +372 5110083]; e-mail:

Recipients of personal data

If this is necessary for the provision of the services, NJ discloses personal data to its co-operation partners. In certain cases, NJ may be legally obliged to disclose certain personal data to public authorities upon their request. NJ assesses each such request carefully to verify the need for disclosure and check that a suitable legal basis exists.

NJ engages data processors in its business activities, as this is necessary for the functioning of NJ’s business activities. NJ has signed appropriate data processing agreements with each of its data processors. The data processing agreements comply with all requirements stipulated in Art 28(3) in the GDPR.

NJ’s employees, subcontractors and other members of the organization have access to Your personal data only if this access is necessary for them to perform their employment or service related tasks. NJ has implemented an appropriate access rights system to avoid unlawful disclosure of personal data.

What personal data do we collect?

When NJ is providing services, we collect the following personal data: (i) full name; (ii) email address; (iii) phone number; (iv) company information (office country and address; asked for conference fee or hotel invoicing); (v) airline information (when and which person arrives – name, arrival, departure); (vi) date of birth (if applicable, asked when organizing travel); (vii) name of roommate (if applicable); (viii) dietary restrictions, allergies.

When organizing a meeting or event for a corporate Client, NJ collects personal information to register the participants to the meeting or event through tools that may be selected by the Client or receives lists of participants from the Client or third-party suppliers appointed by the Client. NJ is using Event Management System to collect and process data, which is necessary for the purposes of the legitimate interests (GDPR art 6 (1)(f)). We collect information necessary to provide the event management services through the registration form or system, including personal data. We also collect engagements in interactive tools. Providing this personal information is not obligatory but may result in not being able to be registered to the events or limited event management service.

The purposes for the processing of personal data and the corresponding legal bases are the following:

  • NJ collects personal information from the participants attending the Clients meetings & events organized by NJ. The purpose of this information collection is for NJ to provide its services. The legal basis for the processing of personal data in this case is art 6(1)(f) in the GDPR – the legitimate interest of NJ to be able to offer its services to its clients.
  • Provide meetings and events services (this can include travel arrangements, hotel arrangements, event management, registration of participants, communication with suppliers and clients). The legal basis for the processing of personal data in this case is art 6(1)(f) in the GDPR – the legitimate interest of NJ to be able to offer its services to its clients.
  • The personal data is shared with relevant third parties such as travel agencies, hotels, transport companies and security companies (not an exhaustive list) on case-by-case need. The legal basis for the processing of personal data in this case is art 6(1)(f) in the GDPR – the legitimate interest of NJ to be able to offer its services to its clients.
  • NJ may take photos or videos about the events organised by the NJ, based on the person’s consent (GDPR Article 6(a)) asked for during the signing up process. When the client organizes the documentation of the event, they shall be solely responsible for attaining the consent of participants. Should the client wish to hand out certain goods at the event, which require personal measurements of the participants to be collected, NJ will process the applicable personal data on the basis of the participants’ consent (GDPR Article 6(a)) as well.

Personal data will be kept by NJ only as long as reasonably necessary taking into consideration its need to answer queries or resolve problems, to provide improved and new services and to comply with legal requirements under applicable laws or with inquiries from Clients on past events or travel activities. All personal information that you have given through the registration link or app, will be deleted 3 years after the corresponding event, if not otherwise required by the applicable law.

How do we secure the information?

The Personal Data Controller implements appropriate technical and organizational measures, in accordance with GDPR article 32, to ensure the security of personal data.

The security measures are maintained to prevent loss, misuse and unauthorized access to your personal data. We will transmit your personal data in a structured, commonly used and readable format and through safe and secure environments.

Data subject’s rights

As a data subject, you have the following rights, taking into account applicable restrictions stipulated in relevant legal acts:

  • Right of access by the data subject
    • You have the right to ask NJ for copies of Your personal data.
  • Right to rectification
    • You have the right to Request that NJ correct any information You believe is inaccurate. You also have the right to request NJ to complete information You believe is incomplete.
  • Right to erasure (“right to be forgotten”)
    • You have the right to request that NJ erase Your personal data.
  • Right to restriction of processing
    • You have the right to request that NJ restrict the processing of Your personal data.
  • Right to data portability
    • You have the right to request NJ transfer the collected data to another organization, or directly to You.
  • Right to object
    • You have the right to object to NJ’s processing of Your personal data.
  • Right to lodge a complaint with a supervisory authority.

You have the right to turn to a supervisory data protection authority with a complaint if You believe that the way how NJ is processing Your personal data is not compliant with data the law. The list of supervisory authorities in European Union member states is available at:

If You wish to exercise any of these rights, You can contact us at:

Transferring personal data internationally

The personal data is kept in the servers located in the servers owned by Microsoft Corporation and Dropbox Inc. Both of these companies adhere to the GDPR when transferring personal data outside of the European Economic Area (EEA). You can find more information about how Microsoft Corporation transfers personal data outside of the EEA here. You can find more information about how Dropbox Inc. transfers personal data outside of the EEA here.

Because we cooperate with companies from other EU member states and third countries outside of EU/EEA, it might be necessary for NJ to transfer data internationally to third countries, the location of which depends on each separate event. For example, NJ can transfer personal data to countries outside of the EEA if NJ is organizing an event and the venue of the event is in a third country.

In these cases, the NJ shall follow all requirements of the GDPR and apply appropriate safeguards (stated in Articles 45-49 of the GDPR). If necessary and applicable, NJ shall conclude relevant Data Transfer Agreements.

Any transferring of the personal data is done in accordance with the principles of GDPR and in secured ways.

Website privacy

This website uses cookies to improve your experience while you navigate through the website. Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive. We use cookies to analyse the traffic of our website and to improve your online experience. The purposes of processing of data collected by using cookies:

  • Operate, improve and optimize the performance and user experience of the website
  • Perform customer and user analysis to improve our understanding of users and provide you better services
  • Statistical information

The information gathered about users include statistics such ad browser type, server, language preference, country settings.

NJ uses the services of the service provider Cookie Hub for NJ’s cookie compliance on our website. You may read more about the cookies here:

Please read more about our use of the cookies in our cookie declaration here:

Changes to privacy policy

We may update the Privacy Policy to reflect changes in our practices. We regularly review, and where necessary, update our privacy information. In case of major changes in the policy, we will notify you 30 days prior to the changes becoming effective via e-mail or on the NJ Website.


For more information, please contact our Data Protection Officer Responsible:

Last Reviewed 2023-03-30