The principles of data processing in TEHIK

The Health and Welfare Information Systems Centre (TEHIK) belongs to the governance of the Ministry of Social Affairs and has been established to perform public tasks. In the course of its lawful duties, TEHIK is exposed to personal data, including different types of personal data, which may include personal information of natural persons which is not subject to disclosure. TEHIK is exposed to the described data in particular when requests for processing are forwarded to the authority or the authority has been approached by natural persons.

In the performance of its duties, TEHIK shall ensure that personal data which have become known to the authority shall be stored and preserved only in the manner prescribed by law and by the internal procedures of the authority, and that the invasion to private life of persons is minimal. When processing personal data, we follow the applicable legislation, and we implement information technology and organisational security measures within the institution to ensure the secure processing of personal data. Next, we will describe in which cases TEHIK is exposed to personal data and how personal data is processed in the institution. The explanations provided concern only the storage and use of the personal data of natural persons.

A natural person has the right to access their data collected by TEHIK. It is possible to access the data upon submitting a corresponding request to the institution. The request must be digitally signed or signed in a way that allows verification of the handwritten signature - the authority must be able to establish that the handwritten signature was given by the person making the request.

TEHIK will respond to the request as soon as possible, but not later than within one calendar month. The time of the response may depend on the content and volume of the request. The data shall be issued to the person requesting the data in electronic form, unless otherwise stated in the request. TEHIK has the right to refuse to issue the data in case it may;

  • harm the rights and freedoms of another person;
  • harm national security;
  • obstruct or impair the prevention, detection or processing of an offence, or the execution of a penalty;
  • be in conflict with applicable law.

A person has the right to demand the correction of incorrect personal data, or, if TEHIK no longer has a legal basis for processing personal data, to demand the restriction or deletion of the use of such data.

A person has the right to contact TEHIK ([email protected]) or the data protection officer of TEHIK ([email protected]) with all the questions concerning the processing of his or her personal data.

The regulation described below extends to natural persons who have approached TEHIK for the protection of their privacy. If a request has been received by TEHIK on behalf of an institution or a legal entity, the person's professional contact information will be displayed in the public document register (e.g., when contacting TEHIK as a journalist, please use only professional contact information). The public document register of TEHIK is available here: https://adr.rik.ee/tehik/.

If TEHIK has received a request demanding for a reply (e.g., a request for clarification, a memorandum, an application, or a request for information), personal data will be used to respond to the request. If, in the course of responding to a request, there is a need to make inquiries in order to gather additional information, the personal data related to the person seeking the request shall be disclosed only to the extent necessary for the preparation of the response.

If TEHIK has received a request, the response of which is within the competence of another authority, TEHIK shall forward the request to the competent authority for processing in accordance with national regulations or return it to the person submitting the request.

TEHIK has the right to use correspondence data within the institution to assess the quality of work, and to collect statistics in a non-personalised form.

The metadata of the correspondence with TEHIK shall be visible in the public document register of the institution. The name of the person submitting the request, or the recipient of the response shall not be visible in the metadata of the correspondence in the public document register. In order to protect the privacy of persons, the title of the request will be displayed in the public register of documents according to the content of the request, e.g., "Request for clarification" or "Request for information".

According to national law, correspondence with natural persons is considered restricted information in order to protect the privacy of individuals. If you wish to access the correspondence with another person and make a request to that effect, it must be verified upon receipt of the request whether the requested document can be issued in full or in part. Access restriction depends on the content of the document. The bases for access restrictions are established in § 35 of the Public Information Act.

Notwithstanding the restriction on access to a document, TEHIK shall be obliged to issue the document to an authority or person directly entitled to request it under national law (e.g., a court, extrajudicial body or investigative body).

Pursuant to national law, the circumstances of the correspondence with TEHIK may be disclosed if there is an obvious public interest (§ 38 (1), § 30 (4) of the Public Information Act). This right is used only in exceptional cases, avoiding excessive invasion of privacy. TEHIK reserves the right to provide explanations to the public about its activities, if necessary, in case the person has disclosed the information. In such a case, the information shall not be disclosed to a greater extent than the person has previously disclosed.

The correspondence with natural persons shall be retained for 5 years. The documents that exceed this deadline are generally subject to destruction. The exact time of data retention can be found in the list of documents of TEHIK’s administrative procedure on the basis of the serial number or index of the document. The administrative procedure of TEHIK is available in TEHIK’s public document register.

The webpage of TEHIK is available on the address www.tehik.ee. When visiting and accessing information on a website, the information collected and stored about the visitor is limited to the IP address used, which shall not be associated with a specific person.

TEHIK collects and stores the following information: the parts of the website that have been visited, the files which have been downloaded and the time of visiting the website This data is used to compile traffic statistics to develop the site and make it more user-friendly. The website of TEHIK does not use cookies for visitors.

You can contact the customer support of TEHIK at the phone number +372 7943 943. TEHIK does not record the calls. TEHIK may use call data in non-personalised form to compile internal statistics for the purpose of modifying or improving the quality of work. The summary or other information about phone calls will not be made public.

We will only reflect the procedure of applying for a job at TEHIK and the recruitment procedure to the extent that is not regulated by national law.

To fill jobs, TEHIK organises recruitment competitions and targeted searches. Recruitment, review of candidates' applications, evaluation and other relevant activities related to the filling of positions are organised by the Head of Human Resources of the Ministry of Social Affairs and the staff of the Human Resource Department of the Ministry of Finance. Job advertisements are published on the competition website, for example on the website of the recruitment portal www.cv.ee, where all interested persons are allowed to apply for the job.

TEHIK has the right to cancel the announced competition and change the terms and conditions of the announced competition. These circumstances will be communicated to the applicants via their contact details.

In the recruitment process, TEHIK has the right to make a decision on the successful candidate by using a method deemed suitable and necessary by TEHIK, including the right to use the round of documents, the round of tests, testing, interviews or other appropriate methods of recruiting candidates. If necessary, TEHIK will perform a background check on the candidate in the criminal records database.

When submitting a job application, it is considered the candidate has given consent to the processing of his or her personal data. Additional information about the candidate may be gathered from public sources during the recruitment process. The candidate has the right to access the information gathered and to submit their explanations or objections. It is assumed that the references mentioned in the application documents have given their consent to answer the questions about candidates, and that they have agreed to be contacted for information.

The job shall be offered to a candidate whose education, work experience, knowledge and skills meet the requirements needed for the performance of the duties. Participants in the competition shall be informed of the results of the competition in writing or orally (e.g., via the competition website or by telephone).

The documents collected during the competition will be retained by TEHIK for the following purposes:

  • for up to 1 year to resolve possible legal disputes arising in the recruitment process;
  • with the consent of the candidate, for proposing to take part in a future competition or for proposing an alternative job. Candidate data is restricted information to which a third party is granted access only in cases provided by law.

Candidate data is restricted information to which a third party is granted access only in cases provided by law.

If TEHIK identifies a breach connected to personal data that may pose a probable threat to the rights and freedoms of a natural person, the documents provided for in national regulations shall be prepared and the controller of personal data or the national supervisory authority (Estonian Data Protection Inspectorate) shall be informed immediately, but not later than within 72 hours. The data protection officer appointed by TEHIK is responsible for notification.

If the violation is likely to endanger the rights and freedoms of a natural person, the person shall be notified immediately, but not later than within 72 hours, in order to enable the person to take the necessary precautionary measures to alleviate the situation.

Upon the detection of an infringement, appropriate measures shall be taken immediately to bring the infringement to an end and to minimise or eliminate the possible consequences of the infringement.

Information related to natural persons may be used by TEHIK in digital form. The names of natural persons shall be displayed as initials in the public document register published on the website of TEHIK. TEHIK collects information only for the performance of tasks assigned to the authority by law. The information held by TEHIK is subject to the Public Information Act, which stipulates that information with unrestricted access on the website and in public databases may be re-used by anyone for their own commercial or other private interests. For reusing data, the information can be downloaded as machine-readable and combined with information collected elsewhere.

TEHIK has decided not to publish the information in the document management system for re-use as open data in order to protect people's privacy