Terms of Service

This website is operated by Capture Capital OÜ (hereinafter: Service Provider), registry code 16075394, located at Parda tn 8, 10151 Tallinn, Estonia. Email: info@capture.ee.

1. Services

1.1. The Service Provider offers business address and contact person services (hereinafter “Service” or “Services”). Service descriptions are available on the website capture.ee (hereinafter the “Website”).

1.2. To obtain an account, the user must be a legal entity registered or in the process of being registered in the Estonian Business Register.

1.3. By ordering Services from the Website, you agree to these Terms of Service (hereinafter “Terms”).

2. Ordering Services

2.1. Only individuals with legal capacity and an Estonian personal identification code or e-Residency ID may order Services from the Website.

2.2. Orders are placed by completing the online order process, confirming the Service order, and making the required payment. All mandatory fields must be filled.

2.3. Before confirming the order, the Client is shown the applicable service fees and directed to the selected payment method.

2.4. Payment can be made by accepted debit or credit cards and other payment methods provided by third-party service providers. Payments are accepted only in euros.

2.5. The Service Provider transmits necessary personal data to authorized processors (AS Maksekeskus or Stripe Payments Europe, Ltd) and their subprocessors for payment processing.

2.6. A service agreement (“Agreement”) is considered concluded once payment for the Service is made.

2.7. The Service Provider confirms the Agreement by sending an order confirmation to the Client’s email within 24 hours of payment. The Agreement is valid as described on the Website, including Services, fees, and these Terms. In the event of a discrepancy, the Website content prevails.

2.8. If the Agreement is signed for a private limited company not yet registered in the Estonian Business Register, the company becomes a party to the Agreement upon registration. Until then, the individual who signed the Agreement is personally liable. Responsibilities transfer to the company upon registration.

2.9. Due to anti-money laundering (AML) and terrorism financing regulations, and the Service Provider’s risk policy, the Service is not offered to companies whose beneficial owners, board members, shareholders, or legal representatives (“Associated Persons”) are:

  • Politically exposed persons (PEPs), their family members or close associates
  • Listed on international sanctions lists (sanctionsmap.eu)
  • Residents or citizens of FATF high-risk third countries
  • Residents or citizens of countries under FATF monitoring
  • Legal entities registered outside Estonia

2.10. The Service Provider may also refuse Services to others based on internal risk assessment.

2.11. By ordering Services, you confirm you are not subject to the restrictions listed in section 2.9.

3. Business Address Service

3.1. The Service is conditional upon successful completion of the Service Provider’s Know Your Customer (KYC) procedures and submission of requested client data in accordance with AML regulations and these Terms.

3.2. Upon termination of the Agreement, the Client’s right to use the Service, including access to the client portal, will be revoked.

3.3. The Client must update their legal address and contact person in the Estonian Business Register and notify partners of the change no later than the termination date. If not updated within 14 days of termination, the Service Provider may notify the Business Register and impose a contractual penalty equal to the annual service fee.

3.4. After termination, the Service Provider is no longer obligated to receive or process the Client’s mail.

3.5. The Service Provider may destroy received mail after sending a scanned copy to the Client.

3.6. The Service Provider’s total liability for damages is limited to the annual service fee paid by the Client.

3.7. The Service Provider does not receive or forward parcels or envelopes that do not fit in a mailbox or exceed 250 grams, unless separately agreed.

3.8. Only mail addressed to the Client’s legal entity will be accepted. Mail addressed to private individuals will not be accepted.

3.9. The Service Provider may request accounting reports or bank statements to comply with due diligence obligations.

3.10. The Service may be terminated if the Client fails to provide required data or make timely payments.

3.11. The Service Provider may change the legal address provided to Clients with at least 14 days’ notice.

4. Client Rights and Obligations

4.1. The Client has the right to use the Services as described on the Website and in these Terms.

4.2. The Client must:

  • Not use the Services for illegal or unethical purposes, including fraud or storing/sending illegal content
  • Not interfere with or disrupt the Website, software, or Services

4.3. The Client may not transfer the Agreement or resell the Services to third parties.

4.4. The Client must notify the Service Provider within 7 days of changes to legal or contact information, including changes to Associated Persons.

4.5. The Client must comply with KYC requirements and submit all requested data within the specified deadline.

4.6. All Client representatives must communicate with Service Provider personnel respectfully and professionally. Abuse or discriminatory conduct is prohibited.

5. Service Provider Rights and Obligations

5.1. The Service Provider has the right to:

  • Charge fees as outlined in these Terms and on the Website
  • Use third parties in fulfilling the Agreement
  • Temporarily suspend Services due to factors beyond its control

5.2. The Service Provider may unilaterally amend these Terms. Clients using recurring Services will be notified by email at least 30 days in advance. If the Client does not object within 7 days, changes are deemed accepted. Clients may terminate the Agreement with 30 days’ notice if they do not accept the changes.

5.3. The Service Provider shall perform obligations professionally and with due care.

6. Fees

6.1. Payment terms and methods are outlined on the Website.

6.2. Clients must pay for recurring Services according to the Service Provider’s schedule.

6.3. Recurring payments will be charged before the end of the current service period.

6.4. The Service Provider may change recurring fees with 30 days’ notice via email and the client portal. If the Client does not object within 7 days, changes are considered accepted. The Agreement may be terminated by either party with 30 days’ notice.

7. Agreement Term and Termination

7.1. The Agreement is valid for an indefinite period until terminated.

7.2. Either party may terminate the Agreement with 30 days’ notice via email.

7.3. The Service Provider may terminate the Agreement without notice in specific cases, including:

  • Unauthorized transfer or resale of the Service
  • Involvement of restricted persons per sections 2.9–2.10
  • Suspected illegal or unethical activity
  • Failure to pay or breach of Terms
  • Providing false information or failing to update information
  • Bankruptcy or insolvency proceedings
  • Failure to meet AML data submission deadlines
  • Reputational harm or abusive conduct toward the Service Provider or staff

7.4. Payments are non-refundable upon cancellation.

7.5. The right to withdraw within 14 days does not apply due to the customized nature of the Service.

8. Data Processing

8.1. The Service Provider collects and processes personal data such as name, ID code, email, phone number, residency, nationality, and copies of identification documents. For more information, see our Privacy Policy.

8.2. Personal data is processed only to fulfill legal and contractual obligations and will not be sold. Data may be shared with:

  • Authorities and legal entities as required by law
  • Third-party KYC providers
  • Subcontractors providing the Services

8.3. Personal data is retained after termination as required by law.

8.4. By ordering Services, you consent to personal data processing as described in these Terms.

8.5. Data processing roles and responsibilities are further detailed in the Data Processing Agreement (DPA).

9. Confidentiality

9.1. Both parties must keep business and confidential information private, unless required by law or shared with legal or financial advisors.

9.2. The Service Provider may disclose confidential data to authorities if legally obligated.

10. Liability

10.1. The Service Provider is liable for direct damages caused by intent or gross negligence.

10.2. The Service Provider is not liable for indirect or consequential damages unless covered by liability insurance.

10.3. Claims must be submitted within 6 calendar months of the damaging event.

10.4. Total liability is limited to the annual service fee.

10.5. Clients must indemnify the Service Provider for any third-party claims arising from their actions or breaches of these Terms.

11. Dispute Resolution

11.1. Disputes will be resolved through negotiation. If unsuccessful, they will be settled in Harju County Court (Harju Maakohus).

11.2. These Terms are governed by the laws of the Republic of Estonia.

Last updated: March 17, 2025

DATA PROCESSING ADDENDUM

This data processing agreement (hereinafter the “Data Processing Agreement” or “DPA”) governs the Service Provider’s (the “Processor”) processing of personal data on behalf of the Client (the “Controller”) in the course of providing services pursuant to the Terms of Service (“Terms”) agreed between the parties. This DPA is an integral part of the Agreement between the Service Provider and the Client.

1. Legislation

The Data Protection Authority sets out the obligations of the Processor and the Controller under applicable data protection and privacy legislation in the EU and Estonia, including Regulation (EU) 2016/679 (GDPR).

2. Purpose of Processing

2.1. The purpose of processing is the provision of Services by the Processor in accordance with the Agreement.

2.2. The Processor shall only perform processing operations necessary and appropriate for fulfilling the Agreement.

2.3. The types of personal data processed depend on the specific services ordered and the Controller’s activities during service use. A non-exhaustive list includes:

  • Personal data of the Controller’s individual clients and their representatives
  • Contact details and employment-related data of the Controller’s employees, including communications made available to the Processor

3. Instructions

3.1. The Processor may only act and process Personal Data according to documented instructions from the Controller, unless otherwise required by law.

3.2. The current instruction upon signing this DPA is that the Processor may process personal data solely for providing the Services as set out in the Agreement. Additional written instructions consistent with this DPA may be agreed by both parties.

3.3. Instructions must comply with applicable law. The Controller remains solely responsible for the accuracy, quality, and legality of the data and the means by which it was obtained.

3.4. The Processor shall notify the Controller if any instruction appears to violate applicable law and suspend execution until confirmed or amended.

4. Use of Subprocessors

4.1. The Controller grants a general authorization for the Processor to engage subprocessors without separate written authorization, provided that processing is transferred to a listed category of subprocessors under this DPA. The categories may be updated from time to time with notice to the Controller.

4.2. Subprocessor categories used include:

  • Accounting and legal subcontractors
  • Web hosting providers
  • eID trust service providers
  • IT support providers
  • Payment processors
  • CRM software providers
  • Marketing software tools
  • Accounting software tools
  • KYC software providers
  • Social media, advertising, and analytics partners

4.3. If the Controller objects to a new subprocessor category, they must notify the Processor in writing within 10 business days. Lack of objection is deemed consent.

4.4. If the Controller objects and no resolution is reached, the Controller may terminate the Agreement with 30 days’ written notice.

5. Obligations of the Processor

5.1. The Processor ensures that its employees and subprocessors treat Personal Data as strictly confidential.

5.2. Data is processed strictly according to the Controller’s lawful instructions.

5.3. The Processor implements appropriate technical and organizational measures as required by applicable law, including GDPR Article 32.

5.4. The Processor assists the Controller, where possible, in fulfilling legal obligations using appropriate measures.

5.5. The Processor must notify the Controller of any breach that may lead to accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data processed on behalf of the Controller (“data breach”). Notification must be made without undue delay, and ideally within 48 hours of becoming aware of the breach.

5.6. The Processor will provide information reasonably necessary to demonstrate compliance with this DPA and allow independent audits by a qualified auditor no more than once per year. The audit schedule must be mutually agreed, and costs are borne by the Controller. All information obtained during audits shall be kept confidential.

6. Obligations of the Controller

6.1. The Controller is responsible for obtaining lawful consent or legal basis for processing personal data in compliance with applicable law.

6.2. The Controller must ensure that data subjects are informed about processing under this DPA.

7. Rights of Data Subjects

7.1. If the Controller receives a request from a data subject to exercise their rights and the Processor’s assistance is required to respond, the Processor shall provide necessary assistance within a reasonable time.

7.2. If the Processor receives a data subject request related to data controlled by the Controller, the Processor must forward the request immediately and refrain from responding directly.

8. Liability

The liability of Controllers and Processors is governed by Article 82 of the GDPR. Additional liability provisions are described in Article 10 of the Terms.

9. Duration

9.1. This DPA is effective from the Client’s acceptance of the Terms and remains in force for the same duration as the Agreement.

9.2. Upon termination of the Agreement, the Processor shall delete all personal data unless required by law to retain some or all data. Retained data will be archived and protected from further processing. This DPA will continue to apply to retained data.

Last updated: March 17, 2025