The main aim of the Estonian Presidency of the Council of the European Union Data Protection Guidelines is to inform users about their rights and to provide them with tools to control personal data collected by Presidency information systems. Special icons allow users to better understand the processes which are being executed with their data. Also, the user is empowered with the right to be forgotten by Presidency information systems.
The Estonian Presidency information system (eu2017.ee, Accreditation system, the Presidency Gateway, delegate.eu2017.ee) can collect and process different types of data, including personal data. Personal data is any data which enables the identification of its owner – YOU (a natural person, whose personal data is collected and processed). Importantly, personal data is inseparable from its owner. Therefore, the initial provider of personal data is treated as the sole owner of collected data.
Although Presidency-related systems will not become the owner of any personal data, those systems have to ensure that the collected data is accurate, kept secure, used for the stated purposes, and transferred to third parties only in instances required by law (for example, law enforcement).
In addition to personal data, sensitive personal data and pseudonymised data can also be collected via presidency information systems.
Icons are provided to illustrate different types of data which are processed by the systems to help YOU to understand what type of data Presidency-related systems collect.
Pseudonymised data is any data that does not directly identify its owner – YOU – but is still collected for statistical purposes. Pseudonymised data is for example visit logs that cannot be directly linked to an individual without additional information which is held separately.
Personal data is any personal data which enables to identify its owner.
Sensitive personal data is your personal data that may include any of the following data characteristics: political affiliation, health conditions, and diet. Sensitive personal data always requires extra security measures from its collector.
What do we know about you?
Every system that collects personal data and/or sensitive personal data must give the user the right to get information concerning collected data. Collected personal data will only be used for purposes for which it was submitted and in accordance with personal data protection laws. Presidency-related systems will not keep personal data longer than needed to perform activities for which the data was submitted. Everybody has the right to request information concerning their personal data.
To find out what exactly has been collected by the Presidency information systems, please contact firstname.lastname@example.org.
The right to be forgotten
If the system collects personal data and/or sensitive personal data, the user is given the right to remove his or her data records from the system. The ‘right to be forgotten’ can only be applied if personal and/or sensitive personal data has been collected. In the case of deletion, the system will only preserve a record of the occasion without any personal data. The ‘right to be forgotten’ can be exercised if the circumstances are appropriate, but will be limited on some occasions, for example when criminal offences or other unlawful acts are committed in the Presidency information systems. It is important to note that deletion is not universal and may leave some traces of indirect personal data.
To delete information which has been collected by the Presidency information systems, please contact email@example.com.
Data protection guidelines provide information on how data, including personal data, is collected, processed, preserved, and disclosed in Presidency-related information management systems (for example in eu2017.ee). Data processing is any activity done with collected data. Mostly these activities are embedded in the systems and users have little knowledge of different data collection activities. Therefore, Estonian Presidency-related information systems display special icons to indicate visually what type of data is processed and what actions the users can apply.
Presidency-related systems are using the following types of cookies:
Session cookies are erased when the user closes the browser.
Persistent cookies will remain on the user's computer/device for a pre-defined period of time.
Presidency-related systems may also use third-party cookies, which are set by the web server of the embedded page.
Third-party tools and services carry considerable continuity, accuracy and privacy risks and are therefore always listed on a separate information page to assist the user by explaining who has access to his or her data, why, and to what extent. This practice is also used by Presidency-related systems.
Open data is the idea that some data should be freely available for everyone to use and republish as they wish.
Presidency-related systems provide data as open data whenever possible. Before publishing data for free usage, the collector of data should evaluate risks to privacy if personal data is included. For example, if the keynote speakers and their names are published and available for free usage through the Presidency information system, the risks to the privacy of these individuals should be evaluated beforehand. In an instance where privacy is violated, the collector of personal data should publish data partially or pseudonymise this data.
Copyright is a legal right to protect the original expression of ideas and other creative work. Copyright is a form of intellectual property.
Content on Presidency-related systems can be used freely unless indicated otherwise (e.g. by a specific copyright notice). Therefore, using textual content from these systems does not require quoting, and is public. Pictures, videos and other elements found on Presidency-related systems should be credited as original sources.
This document contains data protection guidelines for the Estonian Presidency of the Council of the European Union. Personal data is collected and processed in accordance with Directive 95/46/EC, the relevant case-law of the Court of Justice, and the Estonian Personal Data Protection Act.