Data protection conditions of the Information Technology Center of the Ministry of the Environment

Principles for processing personal data

The Information Technology Center of the Ministry of the Environment (hereinafter referred to as KeMIT) processes personal data in accordance with the General Data Protection Regulation and adheres to the following principles:

  • Personal data processing is lawful, fair, and transparent,

  • Personal data is collected and processed purposefully and to a minimal extent,

  • Personal data is accurate and updated when necessary,

  • Personal data is retained only for the legally prescribed period and is deleted thereafter.

  • KeMIT does not disclose personal data to third parties unless there is a legal basis for doing so,

  • We protect personal data entrusted to KeMIT from unauthorized processing. Security measures are used to protect personal data from illegal access, accidental loss, and destruction.

 

Situations in which we process Your personal data

Visiting the KeMIT website

We collect website visit statistics to improve and develop our web services and optimize content. For this, we use Google Analytics and cookies.

For each visitor, we collect the following data:

  • IP address of the device or network,

  • Name and address of the internet service provider,

  • Time of visit (time, date, year),

  • Website sections visited and duration of stay,

  • Approximate location of the device (country),

  • Technological profile (operating system and browser).

Collected IP addresses are not linked to any specific visitor. This data is stored for 26 months, after which it is deleted.

 

Visiting the office

When visiting KeMIT, you will be received by a KeMIT employee who has been informed in advance of your visit. The employee has the right to verify and register visitors and may ask for an identification document. Therefore, please bring an ID document (passport, ID card, or driver’s license). Visitors may move around the office only when accompanied by their host.

KeMIT uses a video surveillance system for the protection of employees and assets and for detecting legal violations. The areas under surveillance are marked accordingly. Video recordings are retained for up to 12 months and are then deleted.

 

Applying for a job or internship at KeMIT

We process only the data that you have provided during your application or that can be obtained from public sources. The purpose of processing is to assess the suitability of candidates for job or internship positions.

Candidate data is restricted and only accessible to employees involved in the recruitment process. Third parties (including authorities) can access the data only in legally prescribed cases. Candidate data is retained for 1 year to resolve disputes arising from the recruitment process.

Key principles:

  • We assume that we may contact references provided by the candidate,

  • The candidate has the right to know what data we have collected,

  • The candidate has the right to review and contest the data,

  • Other candidates' data will not be disclosed.

The employment contracts of former employees are stored for 10 years, while internship agreements are stored for 5 years, after which they are deleted.

 

Submitting information requests, inquiries, petitions or other requests

We use personal data to review and respond to your requests. These typically include: name, contact details and a description of the issue or procedure. Requests received from other institutions may also contain personal data. All letters and requests sent to KeMIT are registered in the document registry. The names of private individuals are not publicly displayed in the registry (only initials are shown).

Correspondence with private individuals is generally restricted. If someone requests access to your correspondence, the content is reviewed to determine whether it can be partially or fully disclosed. Contact details (email, phone number, etc.) are always removed before disclosure. Restricted documents are only provided to entities with a legal right to access them (e.g. law enforcement or court).

Correspondence and information requests are stored for 5 years, after which they are deleted.

 

Participation in public procurement and contract execution

We collect personal data such as contact details and CV-s of team members involved in procurement processes. This information is necessary for evaluating the bidder's team and fulfilling contractual obligations. Procurement-related documents and contracts are stored for 10 years, after which they are deleted.

 

Calling the customer support phone

Incoming calls to KeMIT customer support (+372 626 5000) are recorded to improve customer service. Personal data may be requested for identification. Callers are informed at the beginning of the call that calls are recorded.

Recorded calls are stored for 2 months, after which they are deleted.

 

Use of social networking channels

KeMIT uses social networks (LinkedIn, Facebook) to share news and job postings. These platforms collect personal data regarding content usage and for personalized advertising. The collection of personal data is subject to the respective platform's privacy policy:

 

Use of KeMIT's e-Services

KeMIT manages the information systems and databases of the following institutions: Ministry of Climate, Environmental Board, Estonian Museum of Natural History, Environmental Agency, Estonian Geological Service, Ministry of Economic Affairs and Communications, Land and Space Agency and the Consumer Protection and Technical Regulatory Authority.  Personal data collection in these databases follows legal regulations and internal guidelines. KeMIT processes this data based on agreements with the responsible institutions.

To access personal data stored in these databases, requests must be directed to the respective data controller.

 

The right to examine data concerning oneself 

You have the right to access your personal data. KeMIT provides personal data based on an information request. Requests must be digitally signed and data will be provided electronically as soon as possible, but no later than 2 weeks after receiving the request.

We may refuse to disclose personal data if doing so would:

  • Harm another person’s rights and freedoms,
  • Endanger national security,
  • Impede or interfere with the prevention, investigation, or prosecution of a crime,
  • Compromise the confidentiality of a child’s parentage,
  • Be unfeasible or require disproportionate effort.

You have the right to request the correction or completion of incorrect or incomplete data.

 

Right to erasure of personal data

You have the right to request the deletion of your personal data, and KeMIT will comply if:

  • You withdraw your consent,
  • The data is no longer needed for its original purpose,
  • There is no legal basis for processing,
  • The data has been processed unlawfully,
  • Deletion is required to fulfill a legal obligation.

If data is processed under a legal basis that does not allow deletion, the request cannot be fulfilled.

 

Contact information and complaints

For inquiries about personal data processing, please contact: andmekaitse@kemit.ee.

If you believe that KeMIT has violated your rights regarding personal data processing, you have the right to file a complaint with the Data Protection Inspectorate or take legal action.