The principles for processing personal data at Eesti Pank and your rights concerning your own personal data are explained here. These principles do not apply to the processing of data by legal entities or other agencies and do not include the processing of personal data on websites that are not affiliated with us and that are linked to on our website through external web links.
The processor of personal data is Eesti Pank, of Estonia pst 13, 15095 Tallinn, Republic of Estonia. If you have any questions about how your personal data are handled, please contact the Eesti Pank data protection specialist at andmekaitse [at] eestipank.ee.
Whose personal data are processed?
Eesti Pank processes personal data from:
- current and former staff of Eesti Pank
- applicants for jobs at Eesti Pank so we can recruit new employees and contact candidates
- contractual partners of Eesti Pank and their representatives so that the legal obligations in contracts can be met and managed
- visitors to Eesti Pank, so that we can ensure the security of visitors, staff and the bank itself
- users of the Eesti Pank website, so that we can provide online services and compile statistics for the website
- subscribers to Eesti Pank newsletters, so we can send them the newsletters
- people contacting Eesti Pank requesting explanations, written memoranda, information or other communication, so that we can reply to them
- visitors to the museum shop, so that we can offer museum shop services and prevent and avoid fraud
- people recorded by the Eesti Pank security cameras, so that we can ensure the security of visitors, staff and the bank itself
- statistical reporting agents and their representatives or the subjects of official statistics so we can produce statistics and if necessary contact those agents.
If it proves necessary for the execution of legal obligations or other tasks, Eesti Pank has the right to process the personal data of other people not listed here.
How are personal data processed?
Eesti Pank processes personal data to help it achieve its goals and carry out its mission. The principles followed in processing personal data are:
- the processing is legal, justified, and transparent to the subject of the data
- personal data are collected for specified, explicit and legitimate purposes and are not later processed further in any way that is incompatible with those purposes
- personal data are relevant, significant and limited to what is needed to achieve the purpose for which they were processed
- personal data are kept in a form which allows the data subjects to be identified for no longer than is necessary for the purpose for which the personal data are processed
- personal data are processed in a way that ensures the security of the data, including protection against unauthorised or unlawful processing, using appropriate technical or organisational measures
- personal data are retained only for as long as they are needed for the specific purpose they were collected for. We have the right to retain personal information if this is necessary for us to fulfil our legal obligations or to protect your vital interests or those of others.
The legal basis
The basis for processing personal data is the law, a contract with the data subject, or the consent of the data subject. The principles for processing personal data in Eesti Pank are regulated by Decree No 104 of the Governor of Eesti Pank of 3 December 2018.
If you have any questions about how your personal data are handled, please contact the Eesti Pank data protection specialist at andmekaitse [at] eestipank.ee.
Processing the data of visitors to the Eesti Pank website
The website of Eesti Pank processes the visitor’s IP address or other network identifiers to provide the website service and to generate statistics on the use of the website to help develop it and make it more user-friendly. The email addresses of subscribers to Eesti Pank newsletters are processed so we can send them the newsletters. To subscribe to an Eesti Pank newsletter, you need to enter your email address in the sign-up form and choose which newsletter you want to receive. Eesti Pank only collects this information in order to send you the newsletter you have ordered to your email address. We store your data until you state that you want to cancel your subscription to the newsletter. Once you cancel your subscription we stop processing your data.
The Eesti Pank website uses the Google Analytics web analysis service, which we use to collate metadata about the use of our site. The Google Analytics data show for example the geographical location of visitors, the web browser and the version of the operating system they use, the time and length of the visit, and the pages visited and how they move between them. We receive the data in anonymised form so we cannot see whose they are, and we use the information we receive to make our website more user-friendly.
Processing of personal data for contacting or visiting Eesti Pank
Any requests for explanations, official letters, requests for information or other inquiries, and the subsequent correspondence are registered in the Eesti Pank document registry. The public view of the document registry shows the data that the Public Information Act requires to be published. If the letter comes from a private individual, we make the personal data unreadable in the public registry.
If you visit Eesti Pank or the Eesti Pank museum you will be recorded by the Eesti Pank security cameras. Visitors to Eesti Pank and those who bring money to us for expert analysis are asked to provide information to confirm their identity. The Eesti Pank museum shop may also request personal information confirming your identity in order to comply with anti-money laundering and terrorist financing legislation.
There are access restrictions to correspondence concerning private individuals. Access to such documents may be limited within Eesti Pank, depending on the content of the documents. In this case, access to the documents is only granted to members of staff who need it for their work. Despite the access restrictions, Eesti Pank may release documents to institutions or people who have the legal right to demand it and a reasonable need to use it for their official work.
These principles do not apply if you write to or visit Eesti Pank on behalf of a legal entity and give your personal contact data. This means your contact data would be visible in the public view of the document registry as we cannot assume that you are acting as a private person when we receive the letter.
To deliver replies we use the address data that you have yourself sent us. We reply to emails in unencrypted format.
Sending personal data to third parties
Eesti Pank may send the personal data of a data subject to third parties without the consent of the data subject
- if Eesti Pank has a legal obligation to send on the personal data
- or if the third party has signed a contract with Eesti Pank and is using the data on behalf of Eesti Pank for a specific purpose or job.
Such third parties may be located outside the Republic of Estonia, the European Union or the European Economic Area. If we send your personal data to such parties we take all the necessary legal measures to make sure your rights to privacy are fully complied with.
Everyone has the right to information on how their personal data are processed. To receive such information, please contact the Eesti Pank data protection specialist at andmekaitse [at] eestipank.ee.
If we refuse to release data or give information on the processing of personal data, we are required to give our reasons. We will inform you of any refusal within five working days of receiving your request to release data.
Everyone has the right to request that we correct personal data that we hold on them. To do so, please contact the Eesti Pank data protection specialist at andmekaitse [at] eestipank.ee.
If Eesti Pank no longer has a legal basis for using your personal data, you may request that we stop using those data or delete them. If we process your personal data with your consent, you have the right to withdraw that consent.
 A cookie is a small text file that is saved on the user’s computer or mobile device when the browser visits a website and allows the user’s preferences to be remembered so that navigation can be made simpler and more convenient.