SA Tartu 2024, as a foundation created by the city of Tartu, processes personal data in accordance with and for performing tasks assigned by the law and legislation issued on the basis thereof, for the performance of contracts or based on consent. When processing personal data, we adhere to Regulation (EU) 2016/679 of the European Parliament and of the Council, the Personal Data Protection Act, other legislation regulating data protection and the instructions of the Data Protection Inspectorate.
IN WHICH CASES DO WE PROCESS YOUR PERSONAL DATA?
1. When you visit our web pages, participate in surveys, register for an event, subscribe to newsletters or call the information line.
- ·We only process website visitation data in a non-personalised form to compile visitation statistics in order to develop the pages based on this and make them more convenient for visitors.
- When ordering personal newsletters, we only process your personal data to send the ordered newsletters. You have the option to unsubscribe from the newsletter at any time.
- When participating in a survey, the data is published only in a non-personalised form for statistical purposes. In the case of surveys based on which prizes are drawn among the respondents, we process your personal data to contact you.
- When registering for events, we process your personal data to compile a list of event participants and to contact you if necessary.
- When you call the information line, we process your personal data only to the extent disclosed by you for the purpose of providing you with information. When calling the information line, we only summarize the content of the call in a non-personalised form. We do not record phone calls.
2. When you apply for a job with us
- When applying for a job, we process the personal data you have disclosed in order to assess your suitability for the respective job.
- To assess suitability, we collect additional information about you from public sources. You have the right to access the received information and submit your own explanations and objections.
- We assume that the applicant has given consent to the referees provided in the application documents to answer questions about themselves, and that the referees have also agreed to us contacting them for information.
- We retain documents received
as part of the recruitment process for the following purposes:
- to resolve possible legal disputes arising in the recruitment process - until the claim expires (1 year);
- to propose the position to the next best candidate in the ranking (150 days after making the proposal to the person who won the competition to take the position);
- with the candidate's consent, to propose participation in a competition organised in the future.
- Candidate data is access-restricted information which third parties can only access in cases provided by law.
3. When you send us a request for explanation, a memorandum or a request for information.
- The processing of personal data is generally based on your own initiative when you send us a request for explanation, a memorandum or a request for information. In this case, we will use your personal data for the purpose of responding to you.
- If we have to make additional follow-up inquiries to respond to you, we will disclose your personal data only to the minimum extent necessary to fulfill this purpose.
- If the response to the request for explanation / memorandum / request for information sent to us is within the competence of another institution, we will forward it to the institution and inform you of the corresponding transfer.
- According to the law, correspondence data does not have to be visible in the public view of the document register of SA Tartu 2024 and the city of Tartu.
- If a letter sent by you contains information that is not subject to public disclosure, it will be marked for internal use when it is entered in the document register. Restricting access depends on the content of the document, and the grounds for possible access restrictions are given in § 35 of the Public Information Act.
- We retain correspondence with private individuals for 5 years, after which documents that have exceeded this period are subject to be destroyed.
WHEN DO WE TRANSFER YOUR PERSONAL DATA?
- In the work of SA Tartu 2024, we only disclose personal data for conducting proceedings on a matter and to the persons involved in the proceedings to the minimum extent, i.e. to the extent necessary to resolve the case.
- If someone wants as a request for information to see a document that is access-restricted, we check whether the requested document can be issued unaltered or if it must be processed in such a way that the access-restricted information does not fall into the possession of third parties. Restricting access depends on the content of the document.
- Despite the access restriction, we will issue the document to an institution or a person who has a direct legal basis to request it (e.g. investigative body, body conducting extra-judicial proceedings or court).
HOW DO WE STORE YOUR PERSONAL DATA?
- We adhere to the principle that your personal data will be processed as long as it is necessary to fulfill a specific purpose.
- We store your personal data in accordance with the retention periods established in the list of documents established by the Tartu City Government, the founder of SA Tartu 2024.
- Documents are retained until the end of the retention period assigned to the series or until they are handed over to the public archive. Documents that have exceeded the retention period will be destroyed.
HOW DO WE RESPOND TO PERSONAL DATA BREACHES?
- Upon the occurrence of a personal data breach that is a potential threat to human rights and freedoms, we will notify the Data Protection Inspectorate of such a data breach. We will apply measures to rectify the breach immediately.
- If as a result of the breach, your rights and freedoms are likely to be under significant threat, we will also notify you of this. The purpose of the notification is to enable you to take the necessary precautions to alleviate the situation.
WHAT ARE YOUR RIGHTS?
- You have the right to access your personal data that we have collected about you. We will respond to your corresponding request within one month at the latest. We issue your data either on hard copy or electronically according to your request. In order to provide access to personal data, we must be convinced that the request was submitted by a person who has the right to receive such data. For this purpose, we have the right to request the submission of additional information necessary for your identification.
- We will only refuse to
fulfill your request for access if it might:
- harm the rights and freedoms of another person;
- harm national security;
- hinder or impair the prevention, detection, or prosecution of, or execution of punishment for an offence.
- If the processing of your personal data is based on your prior consent, you have the right to withdraw your consent at any time.
- You have the right to request the rectification of the personal data concerning you, if such data has been changed or is insufficient, incomplete or incorrect for any other reason. In addition, you have the right to request the completion of incomplete personal information arising from the specific purpose of the processing.
- In certain cases, you have the right to request the restriction of the processing or the deletion of your personal data. In particular, if we no longer have a legal basis for processing your personal data.
- Your rights as a data subject are specified in more detail in Articles 15 to 22 of EU Regulation 2016/679, which you can read here.
- You have the right at any time to object to our decisions and actions in the form of a challenge or file an appeal with the administrative court. You also have the right to file a complaint to the Data Protection Inspectorate.
These explanations do not concern the storage of data by legal persons and other institutions. They also do not include the processing of personal data on third-party websites that are referred to on our website (external links).
If you have any questions regarding the processing of personal data, you can contact the data protection officer at firstname.lastname@example.org