Privacy Policy: storage of personal data in the National Audit Office of Estonia

Toomas Mattson | 6/22/2018 | 12:00 AM

Text size: [-A] [+A]

Language: EST | RUS | ENG

Print | Send to friends

The General Data Protection Regulation serves as the basis for the records management, administration of staff, etc. of the National Audit Office while the Personal Data Protection Act is applied in the course of audit work. The following provides a description of what kind of personal data the National Audit Office processes and how.

1. The National Audit Office carries out audits on the basis of legislation and proceeding from its working plan. In certain instances during these audits, the National Audit Office requires and processes personal data (including data of different types)

The National Audit Office uses personal data for performing the functions arising from the National Audit Office Act. The data is generally communicated to the National Audit Office by the auditee in an electronic encrypted envelope, or on paper in a sealed envelope. The National Audit Office also has access to a number of national registers for making inquiries, if required. A procedure for regular inspection of log files has been established in the National Audit Office with regard to inquiries to national registers. The data is only processed by the official or employee carrying out the audit. Other persons who are not related to the audit are unable to access the data.

The National Audit Office does not disclose personal data in its reports or communicate it when carrying out audits (except if the data is related to a representative of the auditee, audit observations, assessments or recommendations), and neither does it store personal data for a longer period than required for the audit. After the necessity has expired, personal data is deleted in a secure manner.

2. Processing of personal data when responding to requests for explanation, memoranda and requests for information

The National Audit Office uses the personal data of the person submitting the inquiry when responding to an inquiry. If the National Audit Office needs to make inquiries to another institution or database in order to respond to inquiries, the received personal data will only be disclosed in the minimal and essential volume. Generally, in the case of an electronic inquiry, the name and e-mail address of the person submitting the inquiry will be communicated. If the response is requested on paper, the postal address is also communicated. In the case of responses to requests for explanation, memoranda and requests for information whose respective competition lies with another institution, the National Audit Office will forward it to the correct addressee and notify the sender thereof.

Pursuant to legislation, data concerning correspondence can be viewed in the web-based document register of the National Audit Office where the title of the letter, date and registration number are displayed as the result of a search. Neither the content nor any other data are displayed. It is not possible to search for the name of a natural person, even via the search field “From”. For the sake of protection of private life, the title is generalised rather than detailed (e.g. request for information, response to inquiry, application). Those who wish to receive detailed information concerning their inquiry are able to do so by expressing their wish and e-mailing riigikontroll@riigikontroll.ee.

A restriction on access is established on the correspondence held with natural persons. Upon the wish to examine the correspondence (e.g. on the basis of a request for information), the National Audit Office will first determine the right of the person submitting the respective wish to examine the data as well as whether the requested document can be partially or fully disclosed. Personal data (e.g. contact details such as [e-mail] address or telephone number) is left blank and restricting access in terms of the rest of the document depends on the content of the document. The possible grounds for restriction on access are provided in § 35 of the Public Information Act.

Regardless of the restriction on access, the National Audit Office will issue a document to an institution or person who has the direct right arising from legislation to request the document (e.g. a body conducting extrajudicial proceedings or a court).

If the inquiry is made on behalf of a legal person, state authority or a local government, only professional contact details may be used. These contact details are available in the document register of the National Audit Office that can be accessed via the website.

Inquiries, memoranda, applications, requests for information and requests for explanation received by the National Audit Office are stored permanently depending on the assessment decisions of the National Archives of Estonia.

3. Processing of personal data of the officials and employees of the National Audit Office or persons on a traineeship in the National Audit Office

Hiring and traineeships in the National Audit Office are organised by the HR Manager.

The documents related to applying for a traineeship or work in the National Audit Office and formalisation of a traineeship or employment (e.g. application, CV, correspondence with the candidate, information on the candidate gathered from public sources and other documents) contain personal data (e.g. name, personal identification code, contact details). When hiring, the National Audit Office only collects data whose obligation or right of collection arises from legislation. Persons participating in the hiring process and human resources staff have access to the application documents.

Officials, employees and trainees have the right to know what data is gathered about them, to examine such data, and to provide explanations regarding them or submit objections. The documents and data submitted in the hiring process or during the service or employment relationship constitute information with a restriction on access that is not disclosed to third parties except in the instances provided in legislation.

The National Audit Office processes the personal data of officials, employees and trainees as little as possible and does not store them for any longer than required for processing. The National Audit Office stores the collected documents for the following purposes and terms:

  • resolving any legal disputes that may arise during the hiring process until the end of the limitation period of the claim (1 year);
  • making a proposal to the next candidate in the ranked list for commencing work in the position (150 days as of making a proposal to the person who won the contest for commencing work in the position);
  • making proposals for participating in future hiring contests upon the consent of the applicant;
  • personal data of the official, employee or trainee for entering into and performing the contract (up to 10 years).

4. Visiting the website of the National Audit Office, and responding to questionnaires and inquiries via the website

The National Audit Office generally processes the data of the visitors of the website in a non-personal manner, unless the visitor of the website has provided their data by themselves.

The National Audit Office automatically collects certain information in its public web environments that is stored in log files. Such information may contain the IP address, general location where the computer or device of the visitor is connected to the internet, date and time, type of browser used, operation system and other information related to use, such as history of visited pages. The National Audit Office uses this information in order to better administer its website. It may also be necessary to use the IP address of the visitor to clarify any issues in the server of the National Audit Office, administer the website, analyse various trends and gain an overview of the activities of the visitors of the website.

The web environment of the National Audit Office also uses cookies that are required for making certain decisions, e.g. whether to display the design of the website to the user in dark or light shades. Cookies also help determine whether the user prefers to read the website in Estonian, Russian or English, and whether to display the mobile version of the extranet to the user or not.

The National Audit Office uses the search engine of Google, an external service provider, on its website. The search word entered by the user is directed to the Google search engine, but no data concerning the user is communicated in relation to the search.

The National Audit Office uses the web analysis service Google Analytics provided by the company Google Inc., which helps collect information as to how the visitors use the website of the National Audit Office. The National Audit Office only uses this information for the purpose of making the structure of the website as user friendly as possible and to offer better information that can be found more easily.

The cookies of Google Analytics inter alia collect the following data: the IP address; the number of visitors to the website; the source (country) of the visit; the pages that visitors view; and the time someone has spent on a specific web page. The information on using the website of the National Audit Office is communicated to Google’s server and stored therein. The Privacy Policy of Google can be examined at the address https://policies.google.com/privacy.

If a visitor of the website of the National Audit Office does not wish for the aforesaid data concerning them to be communicated to Google Analytics, it is possible to prohibit it. For this purpose, the respective browser add-on must be downloaded and installed. The add-on is available at the address https://tools.google.com/dlpage/gaoptout?hl=en.

5. Facebook and Twitter social media channels and links on the website of the National Audit Office

The National Audit Office also uses social media channels for communicating information (Facebook Description: micro_03 and Twitter Description: micro_06) in accordance with the privacy settings of the respective service providers. These service providers collect, use and store the personal data of users and computer configurations proceeding from their privacy settings.

The National Audit Office uses links to the Facebook and Twitter social media networks on its website. A connection to Facebook or Twitter is established when you click the respective link when visiting the website of the National Audit Office. If you are logged into Facebook or Twitter at the time of clicking the link, the respective service provider will be able to connect the visit to the account of the person clicking the link. Likewise, in this instance, you are granting consent to Facebook or Twitter, respectively, to communicate your data, which will be stored. In order to avoid such collection of data, you should log out of the respective social media channel before clicking the Facebook or Twitter link on the website of the National Audit Office or avoid clicking the link.

6. The right to access data

The data subject has the right to examine the data collected about them in the National Audit Office by submitting an inquiry that will receive a response at the earliest opportunity. The data will be submitted either on paper or electronically depending on the request of the addressee.

In the course of records management, administration of staff and other administrative activities, the person inter alia has:

  • the right to receive information concerning the processing of personal data in the instances and volume provided in relevant legislation as well as access to the respective data (including the possibility to examine it);
  • the right to request in the instances and volume provided in relevant legislation that any incorrect personal data be corrected if the data is insufficient, incomplete or inaccurate;
  • the right to receive the personal data that the person has submitted themselves and that is being processed on the basis of a consent or for performing a contract in writing or in a commonly used electronic format;
  • the right to submit objections concerning the processing of their personal data, as well as the right to apply for the deletion of personal data in the instances provided in relevant legislation. The person does not have this right if the personal data they are requesting to be deleted is also processed on the basis of other legal grounds;
  • the right to restrict the processing of their personal data on the basis of applicable legislation;
  • the right to address the Estonian Data Protection Inspectorate (www.aki.ee) or have recourse to the courts if, in the opinion of the person, the processing of their personal data violates their rights and interests and is not in compliance with relevant legislation.

The National Audit Office may refuse to comply with the request to examine data in the instances provided in relevant legislation, and also if:

  • it hinders or may hinder the prevention of a criminal offence or apprehension of a criminal offender;
  • it damages or may damage the rights and freedoms of other persons;
  • it impairs or may impair ascertaining the truth in criminal proceedings;
  • the data has been deleted.

7. Communication and protection of personal data

The National Audit Office communicates personal data to:

  • its cooperation partners and/or subcontractors (e.g. experts or IT service providers) who have been involved on the basis of a civil law contract to carry out audits or develop IT solutions;
  • persons to whom the communication of data is required on the basis of legislation (e.g. supervisory authorities).

The National Audit Office implements relevant organisational, technical and physical measures for protecting personal data. When communicating data to experts or service providers, the confidentiality requirements are thoroughly set out in the contracts entered into with them, and it is also verified that the applicable technical security measures are sufficient.

In case of any questions related to personal data, the National Audit Office can be addressed via e-mail at riigikontroll@riigikontroll.ee or via telephone on +372 640 0700. The postal address of the National Audit Office is Kiriku 2/4, 15013 Tallinn. The office building of the National Audit Office is open for persons visiting in relation to personal data from Monday to Friday, from 9:00 a.m. to 5:00 p.m. The building of the National Audit Office is closed to visitors on Saturdays and Sundays and during public holidays.

  • Posted: 6/22/2018 12:00 AM
  • Last Update: 8/3/2018 11:51 AM
  • Last Review: 8/3/2018 11:51 AM

Additional Materials

Documents

Scripter

The website of the National Audit Office uses cookies. You can opt out of these cookies at any time by changing the settings of the browser on the device you are using and deleting the cookies stored.