Tartu City as a local authority processes personal data in accordance with the law and the legislation issued on the basis thereof for the performance and execution of the functions assigned to local authorities and their agencies. We process personal data in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, the Personal Data Protection Act, other legislation that regulates data protection and the Guidelines of the Data Protection Inspectorate.
In which cases do we process your personal data?
1. You send us a request for an application, a memo or a request for information.
- Personal data are generally processed based on your own initiative when you submit us an application or send us a request for an explanation, a memo or a request for information. In this case, we use your personal data to process your application or respond to you.
- If we have to make additional queries to process your application, we will disclose your personal data only to the extent that is absolutely necessary.
- If another agency has the competency to respond to a request for an explanation/a memo/a request for information sent to us, we will send it to said agency and inform you of this.
- Pursuant to law, the data of correspondence must be visible in the public view of the city’s document register, which is why we register all letters sent by private persons in the said register. We do not disclose the name of the sender or recipient of the letter if they are private persons and only the initials of the sender or recipient are visible in the public view. If you write to us on behalf of a legal entity or agency, please use your work-related contact details instead of private ones. Such contact details are public in the document register.
- If the letter sent by you includes data not subject to disclosure, it is marked as “internal use only” when entered in the register. Restriction of access depends on the content of the document and the grounds of possible access restrictions are specified in § 35 of the Public Information Act.
- We retain correspondence with private persons for five years, after which the documents are subject to destruction.
2. You file a complaint/challenge to us or a complaint is filed about you.
- If you file a complaint/challenge to us or a complaint is filed about you, we will use your personal data to solve the case. We disclose the personal data of the person who filed the complaint/challenge only to the extent absolutely necessary for solving the case.
- If another agency has the competency to review the complaint/challenge sent to us, we will send it to said agency and inform you of this.
- Procedural documents are delivered to the parties:
- by e-mail (as a rule, we don’t encrypt e-mail messages);
- by post as an ordinary or registered letter (the postal risk is borne by the postal service provider and recipient of the letter);
- by fax (in exceptional cases on the person’s request).
- We use the address you gave us or the address that can be obtained from the Population Register or the Commercial Register for processing the case and delivering documents to you. We also use the person’s official e-mail address (firstname.lastname@example.org, email@example.com).
- Pursuant to law, the data of complaints/challenges is visible in the public view of the document register, where we do not disclose the data of private persons. Only the initials of private persons are visible in the public view.
- We retain complaints/challenges for five years. Documents that have exceeded this deadline are subject to destruction.
3. You are a party to misdemeanour proceedings.
- If you are a party to misdemeanour proceedings, we will process your personal data to carry out these proceedings. Misdemeanour proceedings are regulated in detail by the Code of Misdemeanour Procedure and the Code of Criminal Procedure.
- We disclose the data of the person who reported the misdemeanour to the other parties to the proceedings to the extent prescribed in the codes of procedure and necessary for solving the case. The anonymity of witnesses is not guaranteed in misdemeanour proceedings.
- The parties to the proceedings are the person subject to proceedings and their defender. The parties to the proceedings can review the materials pursuant to the procedure provided for by the codes of procedure.
- The person who filed the complaint/reported the misdemeanour is not deemed to be a party to the proceedings pursuant to the Code of Misdemeanour Procedure. In order to review the materials, the person who reported the misdemeanour must submit a request for information considering the established access restrictions.
- We’ve joined the e-file system, which we use for the purpose of carrying out misdemeanour proceedings, incl. for data exchange with other agencies (e.g. for sending criminal records to the Criminal Records Database). The e-file information system is closed pursuant to the Statutes. It’s possible to access it only by logging in with an ID card. Only competent officials have access rights. A party to proceedings can also view their procedural data and submit and receive procedural documents.
- Enforced misdemeanour decisions are registered in the Criminal Records Database. It’s possible to request all registry data about oneself free of charge. Information about another person’s punishment for a misdemeanour is given to the person who requests such information if the amount of the fine was at least 50 fine units or the misdemeanour has been committed repeatedly. A fee must be paid for an electronic query and a state fee must be paid for a paper document when the punishment data of another person are requested. Certain personal data (address, citizenship, etc.) and the punishment data of minors are not issued. The exact requirements for access to punishment data are specified in Chapter 3 of the Criminal Records Database Act.
- The Act permits us to disclose the circumstances of misdemeanour proceedings only in exceptional cases (§ 62 of the Code of Misdemeanour Procedure). We intend to use this right only if absolutely necessary and try to avoid excessive infringement of the privacy of the persons concerned. We also retain the right to give explanations of our activities to the general public if the person themselves makes the procedural information public. We don’t disclose information to a larger extent than previously disclosed by the person themselves.
- We use cameras to conduct misdemeanour proceedings and exercise traffic and parking supervision. The cameras are installed in the vehicles or on the vehicles of the Supervision Department or attached as wearables to the clothes of the department’s staff members (body cameras).
- A body camera is only switched on during supervision or the conduct misdemeanour proceedings and the public servant will inform you of the use of the camera verbally.
- When using the camera, we only collect personal data for misdemeanour proceedings or supervision purposes and do not use the recordings for other purposes.
- The head of the Supervision Department has access to recordings.
- The recordings made in the course of misdemeanour proceedings are added to the misdemeanour file (CD) as independent evidence in the format of an annex and retained as a part of misdemeanour file.
- In other cases, recordings are retained for at least one month after the date of recording, but for no longer than one year, unless otherwise provided by law. The recording is then automatically deleted.
4. You visit our websites, participate in surveys, register for events, order notifications or call the helpline
- We process the data of visits to our websites only in a non-personalised format for statistical purposes that help us develop the websites and make them more convenient for visitors.
- When you log into the Tartu Kultuuriaken (Window of Culture) website, we process your personal data to allow you to add a new event or hobby activity.
- When you request personal notifications, we only process your personal data for sending the requested notifications.
- If you participate in a survey, the data will be disclosed for statistical purposes only in a non-personalised format. In the case of surveys where respondents can win prizes, we process your data in order to contact you.
- Upon registration for an event, we process your personal data to prepare the list of participants in the event and to contact you if necessary.
- If you call our helpline, we only process your personal data to the extent disclosed by you in order to give you information. We make summaries of the content of the calls to the helpline without using any personal information.
- We record calls to the helpline for 60 calendar days in the call recording system of the company that provides the communications service. Call recordings can be accessed by the coordinator of the information centre for the purpose of assessing and analysing the quality of the service provided. Call centre staff only have access to their own call recordings in order to clarify the information provided and to solve problems.
- Depending on the nature of the service, we may also record calls made to other numbers. In this case, we will notify you at the beginning of the call that the call is being recorded and the purpose for which it is recorded.
5. You visit the Town Hall Information Centre and other administrative buildings of the city government
- We have installed CCTV at the Town Hall Information Centre. The purpose of this is to ensure public order at the Information Centre, especially the security of people and the preservation of the city’s property.
- The CCTV camera transmits the image in real time to the company providing security services and to the persons ensuring the security of the Information Centre.
- The image transmitted by the CCTV camera is also recorded. The company providing security services has access to the recordings.
- CCTV may be installed for the same purposes in the surroundings of the administrative buildings of the city government and in public premises. In this case, we will place an information sign in a prominent place in the area covered by CCTV.
- We only use the recordings to identify offenders and analyse situations in the event of disorderly conduct or security incidents.
- We retain the recordings for at least one month after the date of recording, but for no longer than one year, unless otherwise provided by law. If a recording needs to be used in misdemeanour or criminal proceedings, we will retain the recording until the end of the proceedings.
- The entrances to the administrative buildings of the city government may be equipped with audio and video intercoms. They are only used to grant access to visitors and the visitor’s call and image are not recorded.
6. You apply for a job with us
- If you apply for a job with us, we will process the personal data disclosed by you in order to assess your suitability for the relevant position.
- We will collect additional data about you from public sources in order to assess your suitability. You have the right to view the received information and submit your explanations and objections.
- We presume that the applicant has given their consent to the persons listed under references in the application documents to answer questions about the applicant and the persons listed under references have agreed to be contacted by us for information.
- We retain the documents received in the course of recruitment for the following purposes:
- for the resolution of legal disputes that may arise in the recruitment process – until the expiry of the claim (one year);
- in order to make a job offer to the applicant next in the rankings (within 150 days of making a job offer to the person who won the competition);
- for making proposals for participation in future competitions with the consent of the applicant.
- The data of applicants are restricted information, which third parties may access only in the cases stipulated by law.
When do we forward your personal data?
- We disclose personal data in the official agencies and the work of local government bodies only for the purpose of processing cases and to the persons involved in the proceedings to the extent absolutely necessary for solving the case.
- If anyone wants to view a document subject to access restrictions by way of a request for information, we check whether the requested document can be issued in an unchanged format or whether it has to be processed in such a manner that information subject to access restriction does not become accessible to third parties. Restriction of access depends on the content of the document.
- Irrespective of access restrictions, we issue the document to the agency or person who is entitled to request this pursuant to law (e.g. an investigation agency, a person who conducts pre-trial proceedings or a court).
How do we retain your personal data?
- We proceed from the principle according to which your personal data are processed for as long as necessary for the specific purpose.
- The deadlines for the retention of documents are established in detail in the list of documents managed by the agencies of Tartu City and other agencies. Documents are retained until the expiry of the established deadlines or until they are handed over to the public archive. Documents whose retention deadlines have expired are destroyed. Examples of the general retention deadlines of some documents that contain or may contain personal data:
- notices of residence are retained for 10 years;
- applications and source documents for obtaining a personal identification code are retained for 10 years;
- documents for payment of social benefits are retained for five years.
How do we respond to breaches concerning personal data?
- If a breach concerning personal data occurs and this poses a probable threat to the rights and freedoms of a person, we inform the Data Protection Inspectorate of the breach. We take measures to resolve the breach immediately.
- If a major threat to your rights and freedoms occurs as a result of the breach, we will also inform you of this. The purpose of notifying you is to allow you to take the necessary precautions to resolve the situation.
What are your rights?
- You have the right to view the personal data that we have collected about you. We will respond to your request for this within one month. We will issue the data concerning you on paper or electronically as requested by you. In order to allow a person to view personal data, we must be convinced that the person has the right to receive the relevant data. We have the right to demand submission of the additional data necessary for identifying you.
We refuse to satisfy your application to view data if doing so may:
- damage the rights and freedoms of another person;
- damage national security;
- prevent or damage the prevention, detection or processing of an offence or the enforcement of punishments.
- If your personal data are processed on the basis of your prior consent, you have the right to withdraw the consent at any time.
- You have the right to demand the correction of personal data concerning you if they have changed or are inadequate, incomplete or incorrect for any other reason. You also have the right to demand that incomplete data are updated for the specific purpose of processing.
- You have the right to demand the restriction of the processing of your personal data or their deletion in specific cases, especially if we (no longer) have a legal basis for processing your personal data.
- The rights of you as a data subject are stipulated in detail in Articles 15-22 of Regulation (EU) 2016/679, which you can view here.
- You have the right to file objections against our decisions and activities at any time as challenges or to go to administrative court. You also have the right to file a complaint with the Data Protection Inspectorate.
These explanations do not concern the retention of the data of legal entities and other agencies. Neither do they cover the processing of personal data on the other websites referred to on our website (external links).
If you have any questions about data processing, you can contact our data protection specialist by e-mail: firstname.lastname@example.org.