e-Governance Academy shall ensure protection of personal data according to the General Data Protection Regulation of the European Union and relevant legislation of the Republic of Estonia.
- We process personal data in accordance with the law, in a fair and transparent manner.
- When we collect personal data, we always indicate the objective of the collection thereof.
- We only process such personal data that are relevant and necessary to fulfil the respective purpose.
- If necessary, we update personal data and remove any inaccurate or incomplete personal data.
- We do not store any data longer than necessary to fulfil the purposes of personal data processing.
- We keep personal data in a secure and protected manner and do not share these data without any legal basis with any unauthorized third parties.
More detailed information about personal data protection in the European Union and the General Data Protection Regulation is available at: https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en.
In the course of our projects, events and other activities, eGA processes personal data that are required to achieve our statutory targets and provide our services.
For eGA, it is crucial to protect all the personal data entrusted to us. For this purpose, we implement different organizational, technical and physical security measures (e.g. training of the personnel, restrictions on access to information systems, etc.).
eGA shall not disclose any personal data, expect when we have got the consent of the person for this purpose or if required by law.
eGA processes personal data only on the legal bases, which are listed in Article 6 of the General Data Protection Regulation:
- Based on consent – in the case the person has given an unambiguously understandable consent to process their personal data, and the consent can be withdrawn at any time.
- To perform contracts – to prepare for entry into contracts and perform these contracts.
- To perform legal obligations – processing of personal data for the purposes and to the extent provided by legislation (e.g. in the Accounting Act or the Employment Contracts Act).
- To protect vital interests – in the case this is required to protect a person, e.g. to call emergency help.
- Legitimate interests – in the case eGA believes that the interests of the organization outweigh the interests or fundamental rights and freedoms of people upon use of personal data, eGA shall make a discretionary decision and identify therein the objective of the activity and legitimate interests, and analyse whether the processing of the personal data is necessary to achieve the objective, whether the person may assume that personal data are processed, and what are the potential consequences of processing to privacy and freedom. Should the interests of eGA be more weighty as a result of the discretionary decision, the legitimate interests can be used as the legal basis (e.g. requesting feedback in the interest of providing quality services and maintaining the customer relationship, processing personal data to prevent fraud, submission of cooperation proposals and inquiries to persons who have shared their contact information with the personnel of eGA, etc.).
The data controller is the e-Governance Academy Foundation (E-riigi Akadeemia Sihtasutus). In order to view, update the personal data, submit objections, request limitation of data processing, request transfer or deletion of data, please write to firstname.lastname@example.org, whereas the applicant is required to identify themselves. We respond to the inquires within 30 days as of the receipt of the request.
If any person, whose personal data is processed by eGA, feels that the processing of the personal data relating to him or her at the e-Governance Academy does not comply with the data protection standards, such person has the right to appeal to the Estonian Data Protection Inspectorate.
The participants in eGA training courses, conferences and other events are asked to submit their personal data only to the extent which is required to conduct the respective events. The information shall be stored in eGA’s SharePoint and/or the document management system and/or, as appropriate, in the e-mail system, and is accessible by eGA personnel. If necessary, the data shall be sent to the contractual partners who help to organize the respective events. The information shall not be used for any other purposes or sent to any other parties.
In the case visa requests have to be prepared for the participants in the training courses or events, eGA shall also collect the copies of the photo page in the passport and it shall be destroyed immediately after the end of the visit. There is a paper shredder in the office of eGA for destruction of paper documents.
By entering the event premises, participants in training courses and events agree that they may be captured on photos and video recordings that are produced for the purpose of recording the event and give consent to the publishing of such materials in eGA’s social media channels, websites and publications to exhibit the work of eGA and promote similar events in the future.
In the recruitment process, the organization may collect additional information about an applicant from public sources, whereas the applicants shall have the right to examine the information obtained and submit their comments and objections. In the recruitment phase, no such data or documents are requested which are only required during the employment relationship for the performance of the employment contract.
The curriculum vitae and personal data of job applicants shall be deleted one year after the notification of the applicant of that he or she was not selected, or are retained, with the consent of the applicant, in eGA’s document management system in order to make cooperation proposals in the future.