How do we protect your private information?
The authorities of the city of Tallinn process your personal data primarily to fulfill the tasks arising from the law. We consider it important to follow all the principles of personal data processing and have implemented security measures to protect your personal data from unintentional or unauthorized processing, disclosure, and destruction.
You can find more detailed information about the processing of personal data in the city’s institutions in the following data protection conditions of the city of Tallinn. If you have any questions, please contact either the general e-mail address of the relevant institution or the city’s data protection specialist at email@example.com.
Tallinna Emergency Medical Service data protection conditions
1. On what basis do we process your personal data?
We process your personal data
– in the performance of a public task
– in the performance of a public task
– In fulfilling the contract concluded with you
If we want to process your personal data on a basis not mentioned above, we will ask for your consent and name the personal data to be processed. If you do not give consent or withdraw it, we will not process your personal data.
When processing personal data, we are guided by the following:
– from the general regulation on the protection of personal data,
– from the Personal Data Protection Act,
– from the Public Information Act and
– from the Population Register Act.
2. Who processes your personal data?
The controller of personal data is a city institution that is responsible for the fulfillment of a specific public task, legal obligation or contract, or that has asked you for your consent to data processing. Only those employees of the institution who use personal data for the performance of work tasks can access your personal data.
The controller may transfer personal data for processing to an authorized processor (for example, an information system manager) with whom the city authority has concluded a relevant contract. The authorized processor must comply with the purposes and methods specified in the contract and the instructions of the city authority.
3. What are our principles for disclosing personal information?
We do not disclose personal data without a legal basis, such as:
In the document register of Tallinn authorities, the name is replaced by initials in a letter from a private person and the content of the letter is not displayed, – the content of legislation designated for internal use in the Tallinn legislation register is not displayed, – when a document containing personal data is issued to a third party, the personal data contained in the document is rendered unreadable.
We issue and disclose personal data only in cases arising from the law, for example:
– we issue personal data to a pre-trial procedure or a court or based on § 152 (1) point 3 of the Civil Status Act or § 71 or 72 of the Population Register Act.
– We disclose personal data in Official Notices if this is provided for by a special law or a legal act issued on its basis.
– We do not disclose personal data as open data, i.e. as machine-readable data that can be freely and publicly used by everyone. We do this only if it does not harm you and you have already been informed during the initial data collection that the data is public according to the law.
4. How long do we store your data?
We store your data either:
– until the expiration of the document’s statutory retention period or;
– for as long as is necessary for the performance of a statutory duty, or;
– until the statute of limitations expires.
We process data that has no archival value until the retention period expires. We hand over data of archival value to the public archive for storage and stop processing the transferred data.
5. How do we protect your personal data?
Our goal is to prevent unauthorized processing of personal data, ensure need-based access to data and prevent unauthorized disclosure of data. For this purpose, we use organizational, physical and information technology security measures, including the appropriate level of data protection. When processing personal data, employees of the city institution are obliged to comply with all data protection rules arising from the law and to use security measures.
An authorized processor, such as an information system operator, must ensure at least the same level of security when processing personal data as a city authority would.
6. What are your rights?
– You have the right to receive information about which data and how we process it. To receive information, you must prove your identity and submit a preferably digitally signed request to the city institution from which you want information. Your request will be answered within a reasonable time (no later than 30 days). The institution can extend the response deadline by 60 days based on Article 12 (3) of the General Regulation on Personal Data Protection, considering the complexity of responding to the request and the amount of requested data. The city authority will inform you of the extension of the response deadline and the reasons for the delay within 30 days of receiving the request. If the city authority refuses to answer the request, it explains the grounds and reasons for the refusal.
– If your personal data is processed based on your consent, you have the right to withdraw your consent at any time. To withdraw your consent, we ask you to make a statement to the city authority to which you have given your consent to data processing. The city authority stops processing personal data as soon as it learns about the withdrawal of your consent.
– You have the right to request the deletion of personal data if your data is processed based on your prior consent and you have withdrawn your consent or if the data retention period has expired and they do not need to be archived.
– You have the right to request the correction of your data if it has changed or are insufficient, incomplete or incorrect for any other reason.
– If the city institution intends to further process personal data for purposes other than the one for which it was initially collected, it will provide you with information about the purposes of further data processing in advance. – You have the right to contact the Data Protection Inspectorate or the court to protect your rights.
– If you want to see and manage your own health data, you can do so in the health information system www.digilugu.ee.
7. Who to contact?
The city authority that processes your personal data is responsible for the legality of personal data processing, and information about data protection conditions and the data processing process is provided. The data protection contact person of Tallinn Emergency Medical Service is Taavet Reimers, whose task is to coordinate the resolution of the institution’s data protection issues. In case of data protection issues related to Tallinn Emergency Medical Service, please contact the general e-mail address of the institution at firstname.lastname@example.org.
The duties of the data protection specialist of the city institutions are performed by the data protection specialist of the City Secretary’s Office of the Tallinn City Office. The city’s data protection specialist coordinates the fulfillment of data protection requirements in the city’s institutions and, if necessary, develops instructional materials and document forms for the city’s institutions to comply with legal regulations in the field of data protection and to shape the city’s unified administrative practice.
The city’s data protection specialist can be contacted at the e-mail address email@example.com.