Arista Privacy Policy

ARISTA Executive Search (hereinafter Arista or we) values its clients’ (hereinafter you) privacy. In this privacy notice, we explain how we collect and use your personal data as well as what we do to protect your data. This privacy notice helps you to understand why and how we process your data as well as what are your rights in relation to your personal data.

This privacy notice is applicable to you if you use our services as a candidate or a company for recruitment purposes if you submit an information request in our web environment and if you visit our website:

1. Terms & Definitions.

Personal data – means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Processing of personal data – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Controller –  means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Processor – means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;

Third-party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

Personal data breach – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed;

Data subject – a person whose personal data is processed (e.g. client who is a natural person, website user, or a contact person of a legal entity client).

Client – a company that is looking to hire a person, or a company looking to evaluate employee´s aptitudes, for employee´s related advisory such as work-related performance, career development, etc.

Client employee – is an employee of Arista client company.

Candidate – is a person looking for employment or whom Arista asks to run for an open role or participate in a confidential search process. A candidate is also a person who is looking for self-development and career assessment and advice.

2. The Controller.

Arista can be a controller or a processor in various data processing operations. To ensure your privacy rights are protected we abide by confidentiality principles and strictly limit the disclosure of personal data.

For all the Candidate personal data and Client employee data saved at Arista systems the controller is:

ARISTA Executive Search
Tartu mnt 82, Tallinn 10112


The controller of personal data, including candidate data, is processed for or forwarded to a Client, the Client is the controller. The Client effectively is a joint controller and will be responsible for any misuse of the personal data they received from Arista.

3. What type of personal data do we process?

Identification data – first and last name, personal ID code, date of birth, photo.

Contact data – phone number, e-mail address, residential address.

Third-person contact data – contact data of your reference provided by you; we will only ask for a reference with your consent.

Personal data – personal information such as your CV given when joining the Arista database.

Personal profile data – your current and previous work experience and education, your skills, and competencies. Part of your personal profile data is also background information/references received from previous employers/colleagues/subordinates.

Client employee data – Client and Arista consultant assessments of Client employees and psychometric testing results.

Psychometric data – personality and aptitude test results, consultant assessments of Candidates and Client employees.

Client data – representatives of a client company such as management or board members.

4. Why and how we are processing your personal data?

Arista processes personal data to ensure the performance of a contract, to comply with legal obligations, out of legitimate interest, or with the data subject’s consent.

4.1. Data processing required for the performance of a contract.

Data processing is necessary for the performance of a contract concluded with you or for taking measures required prior to the signing of the contract.  

Purpose of processingPersonal data categories
PaymentsClient data

4.2. Processing to fulfill legal obligations of Arista.

Legal obligations of processing include all personal data processing under relevant laws and regulations for example Employment Contracts Law or the Accounting Act. These laws also mandate the type of data collected and data retention periods.

Purposes of processingPersonal data categories
Invoices and billsClient data
Responding to public authorities and state institutionsPersonal data, Contact Data, Client data

4.3. Data processing based on Arista’s legitimate interest.

A legitimate interest means that data processing is necessary for our business purposes. For data processing based on our legitimate interest, we have conducted a balance test to measure the impact of the processing on your privacy and data protection rights. You have a right to see these balance tests as well as object to processing based on legitimate interest if you consider that processing of your data for the following purposes breaches your privacy and data protection rights.

Purpose of processingPersonal data categories
Arista intra-group data exchangePersonal profile data, Contact data, Client data
Marketing activitiesClient data
Maintaining and developing client relationshipContact data, Client data

4.4 Data processing based on your consent.

We process your personal data based on consent only for the specific purposes stated below. Consent is voluntary and can be withdrawn at any given time, but the withdrawal of consent means that we cannot deliver some of the services you have signed up for at Arista.

We collect data for your personal profile based on your consent.

We will also ask for your consent before forwarding your personal data to a matching vacancy.

Arista also collects references from your employers, colleagues, or subordinates with your explicit consent. We will not contact anyone for reference that you have not consented to.

We check business information databases for personal credit and business activities, such as board member or shareholder, profiles for a background check. In addition, we also check public court records and conduct an internet search.

Arista conducts psychometric testing and consultant assessment with your consent.

Purpose of processingPersonal data categories
Creating Personal ProfilePersonal data, Contact data, Interview summaries, and Psychometric data
Vacancy MatchingPersonal data, Contact data, and Psychometric dada
ReferencesThird-person contact data
Psychometric profile and testsClient employee, Personal Profile, and Psychometric data

When you give consent, you have a right to withdraw your consent at any time by contacting us at: and we will delete the data we are processing based on your consent.

5. Who else processes Your data in addition to Arista?

In Arista, your personal data is accessible to employees who work with Candidates and Client employees. We will also occasionally forward your data, with your consent, to the other companies in the Arista group shown on the Arista homepage.

Outside Arista we will forward:

  • your data with your consent to Clients;
  • you have a link to log in and conduct any psychometric testing yourself. Our testing partners are based in Estonia and in the US. None of the partners retain a copy of your personal data;
  • your data may also be accessible to service providers such as (not a complete list and subject to change): IT maintenance service providers, e-mail server providers, website administrators, auditors, lawyers;
  • if legally obliged, your data to public authorities and institutions (e.g. police, courts, alarm center, Data Protection Inspectorate).

We have concluded a data protection agreement with our partners and recruiting companies to ensure the secure processing of personal data. These contracts oblige the other parties to:

  • take appropriate measures to ensure the confidentiality and security of the personal and
  • process personal data in compliance with legal requirements and the agreement.

6. How long do we retain Your personal data?

Your personal data is retained for as long as required until the purpose of processing, as described in this privacy policy, is fulfilled, or as required by law. Below are some examples of data retention periods:

Retention periodExamples
Until withdrawal of consent for processing
We delete the data that we process based on your consent immediately after you withdraw the consent.
7 years.All accounting base documents such as invoices and bills.

3 years (after expiry or termination of contract)
Profile data to protect us against potential claims or to file a claim for protecting ourselves and our own rights.

7. Security of your personal data

Arista employs necessary legal, organizational, physical, and technical security measures to protect your personal data. Some examples of the measures we use:

Physical measures – the offices are locked and paper-based documents containing personal data are stored in locked cabinets.

Technical measures – computers are password protected and encrypted as necessary; firewalls and antivirus programs are in use; backups are done regularly; all IT system users are assigned roles and profiles.

Organizational means – data protection, information security, and access management policy; regular employee training, confidentiality requirements for employees.

8. Your rights concerning your personal data

  • You have the right to receive information about what data we process about you. To receive a copy of what personal data we hold about you contact us at the e-mail below.

We have a legal obligation to make sure that a person requesting information about themselves is indeed the person who has the right to receive the data. For this reason, you may have to prove your identity or the right to request the data.

  • You have the right to request the deletion of your personal data. Please keep in mind that we cannot delete any data that we process to fulfill a contractual or legal obligation.
  • You have the right to object to or restrict the processing of your personal data.
  • You have the right to data portability which means that if technologically possible we can forward your data in a digital format to another similar service.

To exercise any of the abovementioned rights via e-mail to

9. Right to submit a complaint to a Data Protection Inspectorate.

In case you consider your privacy and data protection rights breached you have the right to lodge a complaint to the Estonian Data Protection Inspectorate.

10. Changes to the privacy policy.

Personal privacy is important to Arista and we update this privacy policy regularly. The version published on our website is always the latest version.

11. Cookies

A cookie is a small piece of data or message that is sent from an organization’s web server to your web browser and is then stored on your hard drive. Cookies cannot read data off your hard drive or cookie files created by other sites and do not damage your system.

However, you can reset your browser so as to refuse any cookie or to alert you to when a cookie is being sent. Web browsers allow you to control cookies stored on your hard drive through the web browser settings. To find out more about cookies, including what cookies have been set and how to manage and delete them, visit

At Arista, we only use cookies to monitor the performance of our website and to improve user experience.

If you choose not to accept our cookies, some of the features of our site may not work as well as we intend.

Google analytics_utma _utmb _utmc _utmz _gid _gat _ga  These cookies are used to monitor the performance of our site. We use the information to help us improve the site. The cookies collect information in an anonymous form, including the number of visits to our site, where visitors have come from to the site, and the pages they visited. To opt out of being tracked by Google Analytics across all websites visit
Google Tag ManagerGoogle Tag Manager (GTM) is a tool that allows us to manage and deploy tags (snippets of code or tracking pixels) on our website without having to modify our site code.