-
Personal data and processing
1.1. Personal data is considered to be any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.2. Special categories of personal data are personal data that includes racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data used to uniquely identify natural persons, health data or data on sexual and sexual orientation of a natural person.
1.3. We process your personal information if:
- you visit our web site;
- you participate in our organized events;
- joint electronic monitoring system (JEMS) contains your personal data (first name, last name, username, password, email, title, etc.);
- you participate in surveys, studies;
- you are applying for grants.
1.4. Source of the personal data: data subject.
1.5. Purposes of processing: contact information, JEMS user profile, management, reporting.
1.6. Legal basis for processing: legitimate interest on data controller.
1.7. Period of processing: 4 years and 6 months after the end date of the project. For the projects with state aid – until 31.12.2030.
-
Principles for the processing of personal data
2.1. The processing of personal data is legal, just and transparent. Personal data are collected and processed in a targeted and minimal way. Personal data is correct and it is guaranteed to be corrected.
2.2. Personal data is only stored for a specified period and then deleted.
2.3. The processing of personal data involves the use of security measures to protect against unauthorized access and accidental loss.
2.4. Under no circumstances are the collected data sold or passed on to third parties for other reasons.
-
Rights of a natural person
3.1. Information about personal data
3.1.1. A natural person has the right to know whether or not personal data relating to him/her are processed. In order to get acquainted, we advise you to submit an application to which we will respond within a maximum of 1 month. If it is not possible to submit data within 1 month, we will inform you and extend the deadline for replying.
3.1.2. In the case of requests for information concerning unreasonable or excessive natural persons, we have the right to demand a reasonable fee or refusal to issue the data.
3.1.3. We refuse to comply, if its execution could harm the rights or freedoms of another person.
3.2. Rectification of personal data
A natural person has the right to request the correction and updating of data if they are faulty or incomplete.
3.3. Notification of correction, deletion or limitation of personal data processing of personal data
We will provide information on the restriction of the rectification, erasure or processing of personal data to anyone to whom personal data has been disclosed, unless it proves impossible or requires disproportionate effort.
3.4. Statement of objection
A natural person has the right to object at any time to the processing of personal data for the performance of a task in the public interest or for the controller to exercise public power or to exercise a legitimate interest.
3.5. Restricting the processing of personal data
A natural person has the right to request the restriction of the processing of personal data, for example, when we evaluate the application of the requirement to delete personal data.
3.6. Withdrawal of consent
A natural person has the right to withdraw at any time the consent for the processing of personal data.
3.7. Erasure of personal data
3.7.1. A natural person has the right to demand the deletion of his or her personal data.
3.7.2. We will erase your personal information if:
- the natural person withdraws the consent given for the processing of the data;
- personal data is no longer needed for this purpose;
- there is no legal basis for data processing;
- personal data has been processed illegally;
- there is a need to fulfill a legal obligation.
- If personal data is processed on a legal basis that does not allow data to be erased, data will not be deleted.
-
Information
We do not disclose personal data in JEMS and other data carriers
-
Violations of the processing of personal data
5.1. We will record any personal data breach, including the circumstances of the violation, the impact and the measures taken.
5.2. We notify the Data Protection Authority without undue delay and, if possible within 72 hours after it becomes known, except when the violation does not represent danger to the rights and freedoms of natural persons.
5.3. In the event of a high risk, the data subject is informed of the rights and freedoms of the data subject.
5.4. The Data Protection Authority may assess the need for notifying data subjects.
-
Contact information
For further information on the processing of personal data, please contact Data Protection Officer: [email protected].
-
Filing a complaint
7.1. If you are not satisfied with the information provided by the Data Protection Officer, please contact:
State Shared Service Centre Lõkke 4 10122 TALLINN
Phone: 663 8200
E-mail: [email protected]
WWW: https://www.rtk.ee
7.2. A natural person has the right to contact the Data Protection Authority, if he/she considers that the processing of personal data violates his/her rights:
Estonian Data Protection Inspectorate 39 Tatari St., 10134 Tallinn
Phone: +372 627 4135
E-mail: [email protected] WWW: www.aki.ee/en
-
Publication, updating and modification
Privacy policy is published, updates and changes are announced on the website https://www.estlat.eu.
Last updated: 01.11.2022
