Privacy settings

This Privacy Policy explains how [Company/NGO Name] (hereinafter: Manager) collects, processes, and protects the personal data of the users of the Estonian Accessibility Information System portal (hereinafter: Portal).

 

1. Data Controller

The controller of personal data is:

Name: [Company/NGO Name]

Registry Code: [Code]

Address: [Address]

E-mail: [E-mail]

 

2. Personal Data Collected and Their Sources

The Manager collects data provided by the user when logging into and using the Portal:

• Login via Email or Google account: First and last name, email address, profile picture (via Google).
• Login via TARA service: First and last name, and personal identification code (isikukood).
• Portal Usage Data: Favorite objects saved by the user, added comments, improvement suggestions, and, in the case of an Object Representative, data and photos of the added objects.
• Technical Data: IP address, cookie data, browser type, and operating system (collected automatically).

 

3. Purposes and Legal Basis for Processing

3.1. Provision of Service: Processing data to manage the user account, save favorites, and display comments (Basis: performance of a contract or user consent).

3.2. Identification and Reliability: Processing the personal identification code via TARA is necessary to identify the Object Representative. This is essential to ensure the accuracy of the public information entered into the portal (building accessibility) and its connection to a responsible person (Basis: legitimate interest of the Manager).

3.3. Web Statistics: Improving the usability of the Portal through anonymous visit statistics (Basis: consent via analytical cookies).

 

4. Special Conditions for Processing the Personal Identification Code

4.1. The personal identification code is collected only through the national authentication service (TARA) from users who wish to manage objects.

4.2. The Manager confirms that the personal identification code is not displayed publicly and is not shared with third parties for marketing purposes.

4.3. The personal identification code is stored only to the extent necessary to link the Object Representative's activities to a specific person and to resolve potential liability disputes.

 

5. Data Sharing and Authorized Processors

The Manager may share personal data with the following parties:

• IT Service Providers: For server hosting and database management.
• Google Ireland Limited: For providing the web analytics service (Google Analytics).
• Public Authorities: Data transfer occurs only in cases and according to the procedure prescribed by law.

 

6. Data Retention

6.1. User personal data is stored as long as the user account is active.

6.2. Upon deletion of the user account, personal data is deleted or anonymized, unless retention is necessary for accounting or legal reasons.

 

7. User Rights

The user has the right to:

• Access their data and receive copies;
• Request the rectification of incorrect data;
• Request the erasure of data ("right to be forgotten");
• Withdraw consent for data processing at any time.

To exercise these rights, please send a digitally signed application to the email address provided in Section 1.

 

8. Cookies and Web Analytics

8.1. The Portal uses cookies to maintain the login session and improve the user experience.

8.2. We use Google Analytics to help us understand how users use the Portal. Google Analytics uses cookies to collect anonymous information (e.g., number of visits, time spent).

8.3. Analytical cookies are used only with the user's consent. The user can restrict or disable cookies at any time in their browser settings or through the Portal's cookie selection window.

 

9. Changes to the Privacy Policy

The Manager has the right to change the Privacy Policy due to the development of services or changes in the law. Users will be notified of significant changes via the Portal.