Processing of personal data

Valid from 12.11.2020

The purpose of TI Estonia is to ensure the secure and lawful processing of personal data in accordance with the legislation.

1. What is personal data and when do we process it?

1.1 Personal data means any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, psychological, genetic, mental, economic cultural or social identity of that natural person.

1.2 Special category data is personal data containing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data used for identification purposes, health data or data concerning a person’s sex life and sexual orientation.

1.3 We process your personal data when:

1.3.1 you visit our website;
1.3.2 you subscribe to our newsletter;
1.3.3 you participate in surveys, research;
1.3.4 you participate in events organized by TI Estonia;
1.3.5 you contact the employees, the board or the members of our association;
1.3.6 you apply for a job or start a job in TI Estonia;
1.3.7 you want to become a member of TI Estonia, volunteer or start an internship here;
1.3.8 you report unethical or inappropriate conduct in accordance with the association’s code of ethics;
1.3.9 your personal data is contained in media articles that are featured on our website;
1.3.10 the processing of personal data has a legal basis;
1.3.11 there is another justified reason for this, which is in accordance with the regulations on the processing of personal data.

 

2. Principles relating to processing of personal data

2.1 Personal data is processed lawfully, fairly and in a transparent manner in relation to the data subject. Personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. Personal data is accurate and, where necessary, kept up to date.

2.2 Personal data is only kept for a specified period of time and then deleted. The period of retention of personal data depends on the legitimate interest and legislative obligations (retention of accounting documents, the expiry of legal requirements, etc.).

2.3 Personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.

 

3. Rights of the data subject

3.1 Right of access by the data subject

3.1.1 The data subject has the right to obtain the confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data. We recommend that you submit an application, which we will respond to within 1 month at the latest. If it is not possible to release the data within 1 month, we will notify the data subject and extend the deadline for replying.

3.1.2 In the event of unreasonable or excessive requests for access to personal data, we have the right to charge a reasonable fee or refuse to release the data.

3.1.3 We will refuse to comply with the request if it may infringe the rights or freedoms of another person or is prohibited by law.

3.2 Right to rectification

3.2.1 The data subject has the right to request the rectification of inaccurate or incomplete personal data concerning him or her.

3.3 Withdrawal of consent

3.3.1 The data subject has the right to withdraw his or her consent to the processing of personal data at any time if we process personal data on the basis of prior consent.

3.4 Right to erasure

3.4.1 The data subject has the right to request the erasure of personal data concerning him or her.

3.4.2 We will erase personal data when:

3.4.2.1 the data subjects withdraws consent on which the processing is based and where there is no other legal ground for the processing;
3.4.2.2 the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
3.4.2.3 there are no legitimate grounds for processing data.

3.4.3 If personal data is processed on legitimate grounds which does not allow the data to be erased, the data will not be erased.

 

4. Contacts

4.1 You can get more information about the processing of data:

NGO Transparency International Estonia
Reg. no. 80246815
Address: Telliskivi 60a/3 (3rd floor), 10412 Tallinn
Tel.: +372 5330 9965 (Mon-Fri 9am-5pm)
E-mail: info@transparency.ee

4.2 The data subject has the right to turn to the supervisory authority (Data Protection Inspectorate) if he or she finds that the processing of personal data infringes his or her rights.

 

5. Privacy policy related to donations

5.1 All the donations made through the donation environment go through the Internet bank, so the data collected in the donation environment can be considered as customer data. Customer data is any kind of information that the bank knows about its customer, such as the customer’s name, personal identification number, contact information, and bank transaction details.

5.2 NGO Transparency International Estonia is the main controller of personal data, who forwards the personal data necessary for making payments to the authorized controller Maksekeskus AS.

5.3 Donor data is protected by security and confidentiality rules and is not disclosed to third parties except for the provision of a payment service.

5.4 TI Estonia publishes a list of persons who have donated to the association once a year. The donor can notify the association if he or she  does not wish to have his or her name disclosed by writing to info@transparency.ee. If the donor has made donations for more than €500 in one financial year, the association considers it exclusively important to ensure transparency, which is why, in this case, it is not possible to remain anonymous.

5.5 Donations received from the refund of excess income tax are disclosed as a separate total, since it is not possible for the association to identify the person or persons who made the donation.

5.6 Personal data is kept in a form, which permits identification of data subjects for no longer than necessary for the purpose for which the personal data are processed, unless otherwise provided by law, which provides for different time limits for the storage of personal data.

5.7 The data subject has the right to request the termination of the processing of his or her personal data and/or the erasure of the collected data, if the respective right arises from the Personal Data Protection Act or other legislation.