Avalehe pilt
General principles of processing personal data
12/17/2018

 

Principles for processing personal data


The activities and documentation of the Police and Border Guard Board are public information in the extent set forth in legislation.

In processing personal data, we follow the principle that personal data may be processed solely on a legal basis and in the minimum extent necessary for achieving a concrete and legitimate objective. We process data only in the extent that ensures the performance of public functions and provision of efficient and high-quality service to individuals. The functions that the law imposes on the police are protection of the public order, prevention and processing of offences, carrying out punishments, issuing documents and activity licences, administering the border and organizing matters in the field of citizenship and migration, and several other functions arising from legislation and legal acts enacted thereunder.

In performing our functions, we receive information that contains personal data, above all sensitive information concerning people’s private life. For example, this may happen if you contact us or are a party to a specific proceeding.

In the interests of privacy, legal acts restrict access to personal data.

We process personal data in conformity with the European Union’s General Data Protection Regulation and the Estonian Personal Data Protection Act.

We process personal data in a secure fashion. To prevent the unauthorized or illegal processing, transmission, theft, accidental loss or destruction of personal data, we have adopted appropriate technical and organizational protection measures. Our internal work organization ensures that your privacy is affected as little as possible.

We do not release or transmit personal data to third parties unless we have a specific obligation to do so under a legal act or if we have the consent of the data subject (the person whose personal data is being processed) to do so.

We protect the privacy of the visitors to our website. When you send information through our website, we follow the same principles as when a disturbance, crime or other problem is reported to the police. The name of the tipster is not disclosed except in cases permitted by legal acts.

If you would like to know in more detail what your personal data are used for at the Police and Border Guard Board and whether and how personal data will be communicated to others by us, please read through the additional information above. The explanations do not pertain to retention of the data of legal persons and organizations and institutions, or processing of personal data on non-PPA websites linked to from our website (external links).

 

Right to examine data concerning yourself


Everyone has the right to see data collected concerning themselves. To do so, submit an application. We will review it as soon as possible, and always within one month. We will release the personal data on paper or electronically, depending on the person’s preference.

The application should be signed in handwriting or digitally so that we can be sure of your identity when we issue the personal data. The data gathered about you shall be released only to you. We release personal data to third parties only if required by law.

  • We will refuse to comply with a request to examine personal data solely on grounds set forth in legislation, if this could:
  • harm another person’s rights or freedoms
  • pose a threat to national security
  • hinder or harm prevention, detection or processing of an offence or carrying out a punishment.


Everyone has the right to demand correction of inaccurate personal data.

If we (no longer) have a legal basis for use of personal data, you may demand that the data be deleted or that their use be restricted.

In all matters related to processing of personal data by the Police and Border Guard, you will receive a response from our data protection specialists. Please write to ppa@politsei.ee if you have a related question.

You have the right to turn to the Consumer Protection Board or a court of law if you have complaints regarding processing of personal data.

 

Responses to inquiries


We use personal data for resolving queries and responding to individuals. If an inquiry requires queries to be made to other persons or authorities, only the minimum personal data necessary for preparing the response shall be disclosed to them.

If you have sent us a query that is in the remit of another institution, we will send it to the relevant authority and notify you thereof.

We may use our correspondence with you for internal use for quality assurance. We disclose statistics on and summaries of correspondence anonymously without any identifying names.

In accordance with legislation, the database on correspondence can be found in our document register. If a letter was sent/received by an individual, we will disclose only the person’s initials in the document register, not their full name. We do this to protect your privacy, as people often write to us concerning delicate matters. If you write us on behalf of a legal person or institution, we ask that you not use your private contact information, only your work contact information. These contact details will be public in the document register.

Correspondence with individuals has access restrictions – if anyone wishes to read correspondence and files a request for information, we will evaluate whether, depending on the document content, we can release the information in part or in full. Access restrictions depend on the content of the document. The possible grounds for access restriction can be found in Section 35 of the Public Information Act.

Access to documents is also restricted within the agency, depending on how sensitive the document content is. In this case, access is provided to official(s) who need access for the purpose of fulfilling their official functions.

Despite access restrictions, we will issue documents to institutions or persons who have a direct right under law to request the document (for example, a court of law).

By law, we are allowed to publicly disclose the circumstances of correspondence if the information concerns facts that can be expected to arouse public interest (subsection 30 (4) and 38 (1) of the Public Information Act). We exercise this right in exceptional cases and refrain from excessively infringing on the privacy of the parties involved. Among other things, we reserve the right to provide explanations to the public regarding our activities if a person publicizes information concerning themselves. We do not, however, release information to an extent greater than the person themselves disclosed.

Correspondence related to inquiries is retained pursuant to the retention terms set forth in the agency’s list of documents.

 

Misdemeanour and criminal proceedings


The Code of Misdemeanour Procedure governs the carrying out of misdemeanour proceedings.

The Code of Criminal Procedure governs in detail the carrying out of criminal proceedings.

Under the Public Information Act, all information collected in the context of criminal and misdemeanour proceedings is information for official use only. We release to other parties to proceedings (including in exchanging information with other agencies) data that become known to the Police and Border Guard Board only in the extent required in the procedural codes and necessary for conducting proceedings and resolving a given matter.

The general terms and conditions for disclosing file materials can be found in detail in Section 214 of the Code of Criminal Procedure. In the case of misdemeanour proceedings, the analogous terms can be found in Section 62 of the Code of Misdemeanour Procedure. Parties to the proceedings can examine the materials in accordance with procedures set forth in the procedural codes.

The Police and Border Guard Board document registers record the sender and receiver of the document in correspondence with individuals solely with the initials, not the full name. Such documentation has an access restriction – if a request for information is filed, we will review whether the document can be partially or completely issued or not. We will definitely redact (obscure) your personal contact details (email address, telephone number). In other regards, access restrictions depend on document content. The possible grounds for access restriction can be found in Section 35 of the Public Information Act.

By law, we are allowed to publicly disclose the circumstances of proceedings during proceedings only in exceptional cases (Section 214 of the Code of Criminal Procedure and Section 62 of the Code of Misdemeanour Procedure). We exercise this right in exceptional cases and refrain from excessively infringing on the privacy of the parties involved. Among other things, we reserve the right to provide explanations to the public regarding our activities if a person publicizes information concerning themselves, in which case we may, if necessary, comment publicly on our own actions. We do not, however, release information to an extent greater than the person themselves disclosed.

Punishment data is entered into the criminal records database on the basis of decisions that enter into force. All registry data concerning oneself can be requested free of charge from the criminal records database. Persons and institutions empowered by law may request information free of charge and in a larger extent.

Detailed requirements for access to criminal records can be found in Chapter 3 of the Criminal Records Database Act.

 

Applying for a position or internship


If you apply for a job or internship at the Police and Border Guard Board, we will proceed from the information you disclose or which is available from public sources. The job/internship candidate has the right to know what data has been collected concerning them and to provide explanations and make counterclaims if necessary.

The recruitment of candidates is organized by the Police and Border Guard Board human resources office. Data for participants in recruitment rounds are not disclosed to other candidates or to persons not participating in the specific recruitment and selection process. All persons taking part in the recruitment process shall maintain the information received (in writing or electronically) and gathered about candidates confidential.

We assume that the candidate has provided consent to the references for responding to questions about them and that the persons listed as references have consented to the Police and Border Guard Board contacting them.

Data of candidates who are not selected are retained for resolving possible legal disputes arising over the recruitment process until the statute of limitations expires (one year). With the consent of the candidate, we will retain the data for the candidate for an agreed-upon term for inviting the candidate to participate in competitions held in the future.

The candidate’s data are considered information subject to access restrictions that third parties can access only in cases set forth in legislation.

If you apply for an internship with us, the same requirements as for job applicants apply to processing of your personal data.

 

The Police and Border Guard Board website and information line


If you visit the police’s website and access the information posted there, be aware that anonymous statistical information is collected on visits to the website. The information collected is the place the visitor is accessing the page from and the articles and headings viewed. We use the statistics to develop our website and make the site more user friendly.

If you call our information line, telephone calls will be recorded for quality assurance. You will be notified at the start of the call that the telephone call is being recorded, so that you can select a suitable manner for contacting the PPA (telephone, email or mail).

 

Violations related to personal data


If a violation related to personal data occurs at the Police and Border Guard Board and this poses a likely risk to people’s rights and liberties, we will immediately adopt the appropriate measures to cease the violation and notify the Data Protection Inspectorate thereof without delay.

If the violation related to personal data poses a likely major threat to personal rights and liberties, we will also notify the persons affected. The purpose of the notification is to enable persons to adopt the necessary cautionary measures to alleviate the situation.