We process personal data in accordance with the law and the legislation issued on the basis thereof for the performance and execution of the functions assigned to local authorities and their agencies. We process personal data in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, the Personal Data Protection Act, other legislation that regulates data protection and the Guidelines of the Data Protection Inspectorate. We have put in place data protection policies to minimise the impact on the privacy of individuals and to ensure the security of your personal data. This privacy policy gives an overview of how personal data is processed.
You visit our websites, participate in surveys, register for events, order notifications or call the helpline
- We use cookies to identify your session when you visit our websites. We retain your IP address, browser indicator, authentication method, location to the accuracy of the administrative unit and the URL of the website you visited before contacting the portal as technical data.
- We process the data of visits to our websites only in a non-personalised format for statistical purposes that help us develop the websites and make them more convenient for visitors.
- When you request personal notifications, we only process your personal data for sending the requested notifications.
- If you participate in a survey, the data will be disclosed for statistical purposes only in a non-personalised format. In the case of surveys where respondents can win prizes, we process your data in order to contact you.
- Upon registration for an event, we process your personal data to prepare the list of participants in the event and to contact you if necessary.
- If you call our helpline, we only process your personal data to the extent disclosed by you in order to give you information.
When you visit Tartu Visitor Centre
- A security camera has been installed at the Tartu Visitor Centre. The security camera is installed to ensure the public order of the Visitor Centre, in particular the safety of visitors and the preservation of the city's property.
- The camera transmits a real-time image to the company providing security services and to the persons providing security at the Visitor Centre.
- In addition to real-time monitoring, the camera image is recorded. The recording is accessible to the security company.
- The recordings will only be used in the event of a breach of security or security incident to identify the perpetrator of the breach, identify the person responsible for the damage and analyse the situation.
- We will keep the recording for at least one month after the day of recording, but not longer than one year, unless otherwise provided by law. If the recording needs to be used in misdemeanour or criminal proceedings, we will keep the recording until the end of the proceedings.
When you apply for a job with us
- When applying for a job, we process the personal data you have disclosed in order to assess your suitability for the respective job.
- To assess suitability, we collect additional information about you from public sources. You have the right to access the received information and submit your own explanations and objections.
- We assume that the applicant has given consent to the referees provided in the application documents to answer questions about themselves, and that the referees have also agreed to us contacting them for information.
- We retain documents received as part of the recruitment process for the following purposes:
- to resolve possible legal disputes arising in the recruitment process - until the claim expires;
- to propose the position to the next best candidate in the ranking;
- with the candidate's consent, to propose participation in a competition organised in the future.
In all the above cases, a candidate's application file will be kept for one year. Candidate data is access-restricted information which third parties can only access in cases provided by law.
When do we transfer your personal data?
- In the work of public authorities and local government bodies, we only disclose personal data for conducting proceedings on a matter and to the persons involved in the proceedings to the minimum extent, i.e. to the extent necessary to resolve the case.
- If someone wants as a request for information to see a document that is access-restricted, we check whether the requested document can be issued unaltered or if it must be processed in such a way that the access-restricted information does not fall into the possession of third parties. Restricting access depends on the content of the document.
- Despite the access restriction, we will issue the document to an institution or a person who has a direct legal basis to request it (e.g. investigative body, body conducting extra-judicial proceedings or court).
How do we store your personal data?
- We adhere to the principle that your personal data will be processed as long as it is necessary to fulfill a specific purpose.
- We store your personal data in accordance with the retention periods established in the list of documents established by the Tartu City Government.
- Documents are retained until the end of the retention period assigned to the series or until they are handed over to the public archive. Documents that have exceeded the retention period will be destroyed.
How do we respond to personal data breaches?
- If there is a personal data breach that poses a likely risk to the rights and freedoms of individuals, we will notify the Data Protection Inspectorate. We will apply measures to rectify the breach immediately.
- If the breach is likely to result in a significant risk to your rights and freedoms, we will also notify you. The purpose of the notification is to enable you to take the necessary precautions to mitigate the situation.
What are your rights?
- You have the right to access your personal data that we have collected about you. We will respond to your corresponding request within one month at the latest. We issue your data either on hard copy or electronically according to your request. In order to provide access to personal data, we must be convinced that the request was submitted by a person who has the right to receive such data. For this purpose, we have the right to request the submission of additional information necessary for your identification.
We will only refuse to fulfill your request for access if it might:
- harm the rights and freedoms of another person;
- harm national security;
- hinder or impair the prevention, detection, or prosecution of, or execution of punishment for an offence.
- If the processing of your personal data is based on your prior consent, you have the right to withdraw your consent at any time.
- You have the right to request the rectification of the personal data concerning you, if such data has been changed or is insufficient, incomplete or incorrect for any other reason. In addition, you have the right to request the completion of incomplete personal information arising from the specific purpose of the processing.
- In certain cases, you have the right to request the restriction of the processing or the deletion of your personal data. In particular, if we no longer have a legal basis for processing your personal data.
- Your rights as a data subject are specified in more detail in Articles 15 to 22 of EU Regulation 2016/679, which you can read here.
- You have the right at any time to object to our decisions and actions in the form of a challenge or file an appeal with the administrative court. You also have the right to file a complaint to the Data Protection Inspectorate.
The retention of data on legal persons and other bodies is not covered by these clarifications. They also do not cover the processing of personal data on foreign websites that are referred to on our website (foreign links).
If you have any questions about the processing of personal data, please send an enquiry to info [at] visittartu.com.
