Personal data is defined as all data about identified or identifiable physical persons that deal with the person’s physical, psychological, physiological, economic, cultural or social characteristics, relationships and affiliations.
NB! The following information does not include:
– the processing of data related to legal persons and institutions, and the processing of data related to physical persons if the data are being processed in connection with their official duties;
– the processing of personal data on websites referred to by the Art Museum of Estonia website that are not managed by the Art Museum of Estonia (external links).
The bases for processing personal data
The bases for processing personal data at the Art Museum of Estonia are:
– a legal basis,
– obligation or assignment based on the law,
– performance of a contract,
– legitimate interest of a data controller,
– in the case of public interest, for a journalistic purpose,
– for academic, artistic and literary self-expression,
– a recording in a public place,
– data related to debts in the case of a legitimate interest,
– for the protection of life, health, assets, rights and freedoms, including security cameras, for research and for statistics,
– an agreement, in which data collected for one purpose will not be used for another purpose without consent. Consent may be rescinded.
Processing of personal data at the Art Museum of Estonia
In the course of our work, we accumulate personal data, including sensitive and private personal data. Our internal work rules are intended to ensure that your private life is infringed upon as little as possible.
To ensure security, video recording is carried out in the museums and on territories of the Art Museum of Estonia. The data is processed by the security service provider, and access to the recordings is limited to those people for whom it is necessary in the performance of their duties. As a rule, the recordings are saved for up to 30 days.
The Art Museum of Estonia keeps secret all client data that have been obtained in the course of someone applying for and using a Kumu annual card, and discloses the data to third parties only with the consent of the cardholder, except if the obligation or right to disclose the data is based on the law. The cardholder agrees that the Art Museum of Estonia has the right to process his or her data in order to provide the cardholder with suitable services.
When making purchases in the Art Museum of Estonia’s online store, personal data are treated as confidential information. The client’s data are used only to fill orders and are not disclosed to third parties, except if they are necessary for filling an order, or when submitted in the required form in cases stipulated by the law.
To pay for the order, the online store customer will be directed in the final phase of placing the order to a reliable certified card payment receiving system, which uses secure communication devices and protects your data.
When visiting the website, the data about the visitor that are collected and saved are limited to:
– the IP address of the computer and computer network being used,
– the name and address of the computer or computer network’s internet provider,
– the time of the visit (time, date and year). IP addresses are not linked to information that can identify the person. Data are collected about which section of the
website was visited and for how long. The collected data are used for compiling visit statistics and, based thereon, to develop the website and make it more convenient for the visitor to use.
There may be references to other websites that do not belong to the Art Museum of Estonia on the museum’s website and we are not responsible for the privacy policies of these websites.
Applying for a job or a traineeship at the Art Museum of Estonia
All of the documents (e.g. applications along with accompanying documents, correspondence with applicants, and information collected about applicants from public sources) related to applications contain personal data. Therefore, the applicant has the right to know what information the museum has collected about him or her. The applicant also has the right to access the information collected by the museum, to provide explanations and register objections.
At the museum, only a very limited number of employees who participate in the recruitment process have access to application documents. These documents and data are not disclosed to third persons. When applying for a job, the museum guarantees the applicant confidentiality, but assumes that they can communicate with the individuals that the applicant has provided as references, without asking permission.
The applicants’ data are restricted information, to which third persons (including competent institutions) can only gain access in cases stipulated by law.
In the case of other competitions (for example, scholarship competitions), the information related to the person’s participation in the competition is also not subject to public disclosure, unless permission is granted. At the Art Museum of Estonia, access to the applicant’s documents is provided to individuals who are involved in the competition’s decision-making process. Applications, along with the related documents, submitted by applicants for jobs at the Art Museum of Estonia are saved, upon the consent of applicants, for one year after the completion of the competition.
Correspondence, communications and applications
All submitted communications include personal data (name, contact information, description of problems related to the person, etc.). Personal data may also be included in letters sent by other institutions (e.g. a copy of an answer to a person’s communication).
Personal data are used to answer inquiries. If answering an inquiry requires that another inquiry be made from a third person, the minimum amount of personal data will be disclosed. Access to correspondence between private individuals is usually restricted. If anyone wishes to access a person’s correspondence, they must submit a request for information, after which the content of the letter will be reviewed, and a decision made as to whether the document can be partially or totally disclosed. The individual’s personal contact information, such as address and telephone number, is removed from any document that is disclosed. In other cases, the limitations on access depend on the content of the document. The possible bases for access restrictions are specified in the Public Information Act. Documents with access restrictions are disclosed only to those institutions and persons who have a direct right to get them pursuant to the law (e.g. a body conducting pre-trial proceedings or a court).
Communications and letters addressed to the museum are saved according to the management procedures of the respective institution. At the end of the retention period, documents are destroyed.
A complaint or a claim
When lodging a complaint or a claim, you must also consider that, in some cases, your personal data – primarily your name and the fact that you lodged a complaint or claim, and in some cases, also the content thereof – may also become known to third parties, or your name and the fact that you lodged a complaint or claim may be disclosed in our document register. The correspondence data in the register (sender and recipient of the letter, and type of letter: “Complaint” or “Claim”) are disclosed based on the provisions of the Public Information Act. If you express a specific wish, your first and family names may be recorded using only your initials or the notation “Private person” in the document register.
In the public section of the document register, the complete titles or purposes of letters with sensitive information are not indicated; instead, only the word “Complaint” or “Claim” is indicated. A general restriction on access applies to correspondence with private persons: if anyone wants to access your correspondence, they must submit a request for information, after which the content of the letter will be reviewed, and a decision made as to whether the partial or total disclosure of your complaint or claim (and the answer) will significantly harm your privacy, or whether your complaint or claim includes other information regarding which a restriction on access applies. The bases for the restriction of access are stipulated in § 35 of the Public Information Act. Your personal information, e.g. email address, phone number and residential address, are not disclosed (except in cases where you represent a legal person or institutions).
The personal data included in your complaint will be used to resolve the complaint. If in this connection inquiries must be submitted to other persons or institutions, only the personal data necessary for preparing an answer will be disclosed to them.
The processing of personal data based on the law
The Art Museum of Estonia uses the Museums Public Portal (MuIS), where the processing of personal data occurs based on the law:
The objective of the information system is to enable:
– objects of cultural value to be registered according to uniform procedures and as electronic museum objects;
– the centralised and systematic preservation of data collected about museum objects, objects of cultural value that have been deposited in the museum for longer than one year (hereinafter, deposited objects) and things deposited in the auxiliary collection upon their acceptance by the museum or in the course of subsequent research work;
– the electronic registration of actions taken with museum objects, deposited objects and things deposited in the auxiliary collection, as well as any changes in their condition or location;
– the introduction of museum objects and deposited objects to the public through a web interface.
The right to access your own data. The right to demand the correction or deletion of incorrect data. The right to the transfer of data.
Everyone has the right to access their own collected personal data. If the personal data are not disclosed on the website, it is possible to submit a request to receive the data (if digitally signed by the individual, i.e. the person must be identifiable). If possible, the data will be issued in the way requested by the applicant within five working days of the application being registered. If access to the personal data is restricted, the museum must be convinced of the applicant’s identity. If the request includes the issuance of data on paper, a fee of up to €0.19 can be required for each page, starting with the 21st page. The application will be denied if the disclosure might:
– damage the rights and freedoms of another person;
– hinder the prevention of a crime or the capture of a criminal;
– impair the discovery of the truth in a criminal proceeding;
– endanger the protection of a secret about a child’s descent.
Everyone has the right to demand that incorrect personal data about them be corrected.
All data that a person transmits directly or that is transmitted to a data processor by a person in the course of some activity are included under the heading of transfer. If the data processor has made various analyses with the data transmitted by the person, or created data with new added value, these are not included in the scope of the transfer. The transfer of data can only be applied to the data which have been processed with the approval of the individual or based on an agreement concluded between the person and the data processor.
Therefore, if data processing can only occur based on the law, the right to transfer data does not apply. Only the personal data that the data processor processes automatically are subject to transfer. For example, personal data on paper are not covered here. A person can also demand that one data processor forward the data directly to another data processor. This applies in cases where it is technically possible.
Data protection specialist
You will receive answers to any and all questions related to the processing of your personal data by the Art Museum of Estonia if you send an email to: