Processing of personal data
1. Processing of personal data
What does the processing of personal data mean? It is any act or activity (collecting, using, modifying, disclosing, storing, saving, deleting, querying, etc.) related to personal data.
The Rakvere City Government comes into contact with personal data in the course of performing the tasks assigned to the local government. Rakvere City Government, as the processor of personal data, ensures the privacy of individuals and the processing of personal data in accordance with the General Regulation (EU) 2016/679 of the European Parliament and the Council on the protection of personal data (hereinafter the General Regulation on Personal Data Protection) and other legislation regulating personal data protection.
2. Legal basis for the processing of personal data
The city government processes personal data only on a legal basis. This means that the operations performed with personal data in the city government are based on law, regulation, or other legislation. Several laws impose tasks on the local government, the performance of which is mandatory, and in the course of performing the task, it is necessary to process personal data.
Here is a sample list of laws we follow to process personal data: Pre-school Child Care Institutions Act, Basic Schools, and Upper Secondary Schools Act, Hobby Schools Act, Social Welfare Act, Child Protection, Youth Work Act, Sports Act, Waste Act, Building Code, Planning Act, Law Enforcement Act, Public Transport Act, Traffic Act, Public Water Supply and Sewerage Act, Accounting Act, Employment Contracts Act, Civil Service Act, Cemetery Act, Response to Memoranda and Requests for Explanations Act, Public Information Act, Local Government Organization Act, etc.
The legal basis for the processing of personal data is also the legislation of Rakvere City Council and Government, which is issued on the basis of law for the purpose of complying with the law or deciding on local issues on one's own initiative. For example, the city of Rakvere provides various subsidies from the city budget, the conditions, and the procedures for granting, which are regulated by the regulations of the Rakvere City Council.
In some exceptional cases, we may need the person's own consent to process personal information. Consent is the express and written wish of a person to consent to the processing of his or her personal data for that specific purpose. Before giving consent, we will inform the person how they can withdraw their consent. There are very few such cases in the work of the city government. For example, we may need the consent of a person to make additional inquiries to resolve an application to the city government or to send a newsletter on our visitrakvere.com website.
How long do we keep personal information?
The term of storage of personal data is related to the term of storage of the respective type of document (letter, request, application, contract, etc.). These are specified in the Rakvere City Government document classification scheme, which is approved by a directive of the mayor. After the expiry of the preservation period, the documents (incl. personal data) shall be destroyed, or the documents of archival value shall be handed over to the State Archives. If the processing of personal data takes place in a database, the term for the storage of the data may be specified in the statutes of the respective database: for example, the data entered in the information system for applying for and processing grants from the budget of the city of Rakvere will be destroyed one year after the termination of the procedure in Spoku.
3. How do personal data get to the City Government
Personal data mainly reaches the city government in the following cases:
1) in connection with the submission of a request, application (for example, application for support, application for a place for a child in kindergarten, etc.), a request for information, a memorandum or request for clarification, a challenge or similar related to filing a document and the processing thereof;
2) upon the conduct of misdemeanor proceedings;
3) we also receive personal data from third parties who perform it in order to perform their duties - the police, health care institutions, and other agencies in the performance of their duties arising from law. For example, pursuant to § 13 of the Social Welfare Act, the police, the prosecutor, an employee of welfare, health, and education institution, and also other persons must notify the city government of a person in need of assistance. § 27 of the Child Protection Act obliges all persons to notify of a child in need of assistance. We also receive personal data if the city government is notified of a problem (breach of public order, etc.) or we are contacted about another matter;
3) when applying for a vacant position or job;
4) When visiting the website of the city of Rakvere.
5) you visit the Rakvere City Government building at Lai tn 20.
When resolving matters and delivering documents, we use contact information that you have disclosed to us (e-mail, residential address, telephone number) or that is available in the population or commercial register.
3.1. Processing of personal data upon submission of an application, request, and another document
The city government processes your personal data to the extent necessary to resolve the document submitted by the person or permitted by law.
Upon receipt of the document, we check the existence of personal data in the document. If this personal data is restricted, we will indicate the access restriction in the register of documents and on the document itself (if it is on paper). In this case, only the registration number of the document, the date of registration, the type of document (letter, request, etc.), the basis, and the term of the access restriction are publicly visible through the electronic document register.
We also set an access restriction on the response we send, an order of the city government, or another administrative act, if the personal data in it is restricted. The order shall be marked accordingly and shall not be disclosed. The title of the order, the number and date of the order, and the basis and term of the access restriction are disclosed through the electronic document register.
Personal data with restricted access is used only within the city government and by employees who need it for the performance of their duties.
In the case prescribed by legislation, the city government verifies the personal data necessary for resolving the document in the population register, commercial register, land register, and other state or local government databases.
3.2. In conducting misdemeanor proceedings
If you are a party to misdemeanor proceedings, we process your personal data for the purpose of conducting misdemeanor proceedings. Misdemeanor proceedings are regulated by the Code of Misdemeanor Procedure and the Penal Code. When conducting misdemeanor proceedings and organizing traffic supervision, we use, if necessary, a video recording of the cameras used by the Police and Border Guard Board, to which we can access only on the bases provided by law.
To conduct misdemeanor proceedings, we use the e-file information system, which can be accessed by logging in with an ID card.
3.3. Applying for a vacant position or internship in the city government
The city government uses the data you provide and data from other public sources (internet search, social media). We may also contact the referrer listed in your application document. The information submitted during the application will not be disclosed to other persons and will be restricted; the personnel specialist and other employees involved in the competition will have access to the application documents. The candidate has the right to examine the data collected about him or her by the city government. The data of the unsuccessful candidate shall be destroyed upon the expiry of the retention period.
When processing an application for an internship application, we treat the data similarly to the data of applying for a vacant position.
3.4 Visiting the website of the city of Rakvere
3.5. Visit to Rakvere City Government building at Lai tn 20
Security cameras have been installed in the building to ensure the safety of the persons in the building and the preservation of city property. The city government employees with the corresponding right see the image of the cameras in real-time. The image is also saved, and the recording is also accessible only to authorized city government employees. Recordings are viewed only on a case-by-case basis (for example, an attack on a property or person, etc.). The recording is erased during recording on top of it.
4. Transfer of personal data to other persons
We only release personal data with restricted access to other persons only in cases prescribed by law, such as courts, investigative bodies, and other bodies specified by law.
A copy (or an extract) of an administrative act is sent to other institutions and companies only if it is necessary for the execution of the order (for example, an order for a child care institution granting child support for meals, a nursing home allowance order is sent to a care home service provider).
Upon request for information, we will issue a document with restricted access in an unaltered form, if possible. In other cases, we issue a restricted document in a processed form, i.e., the restricted information is covered or processed in such a way that the information is not available to third parties.
5. Rights of a person with regard to his or her personal data
Right of access to your data
A person has the right to examine personal data concerning him or her, which is processed by the city government and to receive such data. A reasoned request must be made for this purpose. To be sure of the identity of the person requesting the data, please identify yourself. It is suitable for identification if you submit the application digitally signed. The application may also be submitted on paper and orally. However, when we release the data, we still need to identify you. In order to receive the data, you must arrive and present an identity document or confirm the request for access to the data digitally signed.
If possible, we will release the data in the manner desired by the person. The release of data is generally free of charge.
The city government has the right to charge a fee for the release of personal data or to refuse to release the data if the request is manifestly unfounded or excessive (for example, you repeatedly request the release of the same data).
Right to request correction and deletion of personal data
When we receive data, we try to ensure that the data we collect is accurate and sufficient to provide you with the service. Sometimes, however, you have made a mistake in submitting the data yourself, or the data has changed, or the city government has made a mistake in entering the data. In this case, any person has the right to request the correction of data concerning him or her if they are incomplete or incorrect (for example, incorrect spelling, incorrect or changed telephone number, etc.).
You have the right to request the deletion of personal data if there is no longer a legal basis for processing.
We will respond to your request within one month at the latest. If the request is complex or voluminous, we may extend the deadline for replying by two months.
Right to request restrictions on the processing of personal data
Restricting the processing of personal data means that the city government retains the data, but no other processing takes place. The right to request a restriction on the processing of personal data exists if:
- you have challenged the accuracy of the personal data or the lawfulness of the processing;
- the city government no longer needs your data, but this data is necessary for you for the preparation or protection of legal claims, etc;
- you have challenged the processing of personal data by the city government in the exercise of public authority or in the performance of a task
6. Challenging the processing of personal data
Everyone has the right to object to the processing of personal data by the city government if you find that the processing of your personal data has violated data protection requirements. The city government examines the objection and takes it into account if the objection is substantiated. During the dispute, you have the right to request a restriction on the processing of personal data
If we disagree, you have the right to file a complaint with the Data Protection Inspectorate. If the Data Protection Inspectorate does not satisfy the complaint or rejects it, you have the right to apply to an administrative court within the term and pursuant to the procedure provided for in the Code of Administrative Court Procedure.
Every person also has the right to claim compensation for damage caused by a violation of the requirements for the processing of personal data.
7. Data Protection Officer
The Rakvere City Government (City Government) has appointed a data protection officer, one of whose tasks is to ensure that the city government complies with the data protection norms of the European Union and Estonia and the principles of personal data protection. The Data Protection Officer can be contacted at the e-mail address firstname.lastname@example.org.