How we protect your private information
Personal data is any kind of information that enables us to identify a person. Processing personal data is any kind of activity carried out with personal data. We will provide an overview on how we protect your private information, what kind of information we gather, how we use or disclose it, and on your rights regarding how we collect and use your data.
The following information does not include the processing of information of legal persons and institutions.
According to the Personal Data Protection Act, the Estonian Road Administration is a processor of personal data. We collect private information during our work. We collect personal data in an extent that is necessary to carry out the tasks stipulated in the statute of the Road Administration. We process (use, issue, transfer, etc.) personal data without the person’s approval only on the basis of § 14 of the Personal Data Protection Act. In order to protect personal data, we have implemented security measures to protect against accidental and unauthorized processing, disclosure, or destruction.
The information that is to be disclosed will be disclosed on the website of the Road Administration. You can find information about documents registered at the Road Administration from the public view of our document registry, where you can see registration data of documents: document status, type, presence and base of an access registration, registration date and number, title of the document, name of the recipient / sender, name of the compiler / supervisor, job title and department, and deadline of completion. The accompanying files of documents that do not have access restrictions as result of § 35 of the Public Information Act, can be opened. Documents with access restrictions can only be accessed in certain cases prescribed by law.
We will now give an overview of how personal data is collected and processed in the Road Administration.
Correspondence with private persons (requests for information, requests for clarification, applications, precepts, decisions, etc.)
In the case of correspondence with a private person, we shall mark the name of the person, their contact address and title of the document in the registration information to the internal document registry. In the case of correspondence with a private person, you can see the sender’s / recipient's initials in the public view of the document registry; we will not include the content of the matter in the title.
Correspondence with private persons has a general access restriction. If someone wants to see your correspondence and submits a request for information, we shall check, after receiving the request for information, whether the document can be issued to the requester and whether this can be done partially or in full. We will definitely cover up your personal contact information, such as your email address or phone number (unless you have carried out the correspondence as a legal person or a representative of an institution). In other respects, the access restriction of the document depends on its content.
We will use your personal data to reply to you. If we reply to your letter or compile some other document, the compiler of the document shall mark the document as “for use within the institution” at the moment of creation, in order to protect your personal data from being disclosed.
We retain correspondence with private persons according to the list of documents. Documents that have exceeded their retention date shall be destroyed regardless of their storage medium.
If you have sent us a request for clarification / formal notice / request for information, to which your institution is competent to answer, then we shall forward it to that institution. We shall notify you of forwarding it as well.
Review of challenge
We will use your personal data to solve the case.
We will mark down the name of the person, their contact information and subject of the challenge is the internal document registry. In the public view of the document registry, only the initials of the sender or recipient of the challenge will be visible, and the document shall be titled ‘Challenge’.
If you have sent us a challenge that your institution is competent to review, we shall forward it to that institution. We shall notify you of forwarding it as well.
We will use the address that the party to the proceeding disclosed to us or that which is available via the civil registry or business registry, to deliver the decision on challenge.
Challenges and relevant correspondence have a general access restriction (series restriction). If someone wants to see it and submits a request for information, we shall check, after receiving the request for information, whether the document can be issued to the requester and whether this can be done partially or in full. We will definitely cover up your name, personal contact information, such as your email address or phone number (unless you have carried out the correspondence as a legal person or a representative of an institution). In other respects, the access restriction of the document depends on its content.
We retain challenges and relevant correspondence for 5 years. Documents that have exceeded that deadline shall be destroyed.
Processing personal data in the National Traffic Registry
The traffic registry has the following information about a person: first name, last name, personal identification code, contact address, phone number and information about their right to drive and about their vehicles (both person and those which they are authorised to use).
This data will be entered into the traffic registry when the right to drive or a motor vehicle is acquired and when authorising the person as a user of a vehicle with the formalizing of relevant documents (e.g. driver’s license, contract of purchase and sale). This data is altered in the traffic registry when conducting a technical inspection, changing the category of the right to drive, suspending the right to drive, purchasing or selling a vehicle and changing its users.
The data of the traffic registry is used by those Road Administration users whose work tasks include the processing of traffic registry data. According to subsection 184 (5) of the Traffic Act, several other institutions also have the right to use data from the traffic registry to carry out their work tasks, there institutions are: the Police and Border Guard Board, notaries, local authorities, the Transport Board, etc. Additionally, subsection 184 (4) of the Traffic Act enables the restricted access data of the traffic registry to be issued to third parties in the case of a legitimate interest. Legitimate interest will be verified and the issuing of data will be decided by the Road Administration.
The processing of traffic registry data and requests for information from the traffic registry are subject to surveillance according to rules and regulations that have been compiled for this purpose.
Right to see your data
You have the right to see the data that we have collect regarding your person. You have the right to submit an application to us to receive this data. We are required to verify the applicant’s identity, because an access restriction applies to personal data.
We can refuse to satisfy your application to see your personal data only if it could:
violate the rights and freedom of another person;
hinder preventing a crime or capturing a criminal;
complicate matters in finding out the truth in a criminal proceeding;
endanger the protection of a child’s parentage secret.
We will notify you of a decision to refuse the provision of data or information.
You have the right to demand that incorrect personal data be corrected. If we no longer/do not have legal basis for using your personal data, you have the right to demand that the use of this data be terminated or the data deleted.
Compliance to the requirements of the Personal Data Protection Act is inspected by the Estonian Data Protection Inspectorate.
Applying for a job at the Road Administration
In the case of Road Administration job applicants, we base our evaluations on information provided by the applicant and information that is accessible via public sources. If necessary, we ask the applicant’s approval for making additional information requests.
The personal data of people who participate in the recruitment contest of the Road Administration will not be disclosed to other candidates and persons who do not partake in the specific recruitment and selection process. All persons involved in the recruitment process shall keep the information they have received (in written form or from electronically submitted application documents) regarding the candidates confidential. The applicants have the right to receive information on the progress of the contest.
The data of those candidates who were not selected shall be retained until the legal date of such data.
The e-service user of the Estonian Road Administration agrees that the Estonian Road Administration shall make an inquiry about the service user for the performance of statutory tasks to obtain his or her photo and specimen of signature to be entered into the database of personal identification documents and to receive the motor vehicle driver’s medical certificate data of the Health Information System. The Estonian Road Administration shall also make an inquiry from the Health Information System if the service user has made an inquiry to obtain his or her medical certificate data. The service user is aware that the Estonian Road Administration shall have the right to make inquiries about him or her and obtain data from the Criminal Records Database, the Population Register, and other national or local government databases for the performance of statutory tasks.
The service user shall be obligated to enter his or her telephone number and e-mail address in the e-service environment of the Estonian Road Administration.
The service user agrees that the Estonian Road Administration may use his or her contact details to send notifications related to the activities of the Estonian Road Administration (for example, the expiry of driving licence, the deadline for inspecting the compliance with technical requirements) and carry out surveys related to public services.
What are cookies?
Road Administration uses two types of cookies: persistent and session cookies. They differ by purpose of use and retention time.
1) Session cookies are stored only for the duration of the visit on the website.
2) Persistent cookies are saved into the user’s computer after they close the web browser. Persistent cookies can remain in the user’s computer for days, months or years, but they can be deleted from the device, if preferred.
Persistent cookies are used for:
- identification of the web browser;
- service provision and management;
- website security and integrity of services;
- user statistics and analysis (cookies that give information on how and for how long the Road Administration’s website is used, what are the user groups and which search tools are used).
The computer user can take preventive action to avoid the storage of cookies in their computer. For this, they need to change the web browser’s privacy setting. By disallowing all cookies, however, the functionalities of websites may be restricted.
The user can also delete all the cookies saved into their device.