Processing personal data at the Estonian Research Council

Personal data are any data on the basis of which a person can be identified. The processing of personal data is any act performed with personal data.

As a rule, the Estonian Research Council processes personal data to perform its obligations arising from law and other legal acts, primarily to finance basic and applied research as well as research and development activities, assess the efficiency and impact of grants, organise participation in international research programmes, analyse the public availability of the outcome of research and its societal impact, organise science communication and develop international research cooperation.

More information about personal data processing related to performing the duties of the Estonian Research Council is available in the relevant subsections.

 

Overview of processing personal data

The overview of processing personal data specifies the categories of personal data processed to perform the Estonian Research Council’s main tasks and supporting activities, the purpose of the processing, persons to whom data is transferred, and the storage terms of the data by reference to the Estonian Research Council’s list of documents. The overview does not cover the accidental and insignificant processing of personal data.

The overview on processing personal data can be found here.

The following is an overview of the conditions and circumstances under which the Estonian Research Council processes personal data.

If a person addresses the Estonian Research Council with a request for explanation or information, the Estonian Research Council needs the person’s contact data and name in order to respond. The basis for processing such data arises from the Public Information Act and the Response to Memoranda and Requests for Explanations and Submission of Collective Addresses Act.

The legal basis for processing personal data during correspondence arises from the Estonian Research Council’s legitimate interest (e.g., when feedback is requested) or the performance of a contract in cases when the correspondence is related to a contract.

Personal data is used for responding to inquiries. If this requires making inquiries from third parties, personal data is disclosed in a minimal, indispensable extent.

If a person has submitted a request for explanation, information or a memorandum to the Estonian Research Council, responding to which is within the competence of another institution, the Estonian Research Council forwards the document to the correct address and notifies the respective person thereof.

The Estonian Research Council uses a public document register, thus, data on correspondence can be viewed publicly. Access to correspondence with private persons is restricted and such letters are not published in the document register. If someone wishes to examine a document and submits a request for information, the contents of the correspondence are reviewed and a decision is made on whether the document can be released partly or fully. The document to be released shall not include personal contact data, such as an e-mail or postal address or telephone number (except if the correspondence relates to a representative of a legal person or institution).

Documents with restricted access are issued only to those institutions and persons with a direct right arising from law to request them (e.g., a body conducting pre-trial procedures or a court).

As a rule, the Estonian Research Council stores correspondence for 5 years. More specific storage periods are available in the list of documents approved by the Estonian Research Council’s directive .

Purpose for data processing
Participants must register beforehand for conferences, training courses, information days, etc. in order for such events to be better organised. Therefore, the Estonian Research Council collects the names and contact details of people and information about the institution they represent, if necessary. In regard to the people who participate in the event, sign-up sheets will be kept as the accounting source document and contact details will be kept for the objective of forwarding event materials and requesting feedback.

If the event is recorded or photographed, the objective of processing personal data (images of persons) is to enlighten and inform the public. Additionally, photographs and excerpts from the recordings are used for communication purposes to promote research activities as well as the Estonian Research Council.

Basis for data processing
The basis for data collection is the completion of the contract (mutual obligations) and legitimate interest (asking for feedback, creating statistics and impact analysis). In the case of recordings and photography, consent of the participants is also an essential basis – if the event is recorded or photographed, the participant will be notified and they will have the opportunity to communicate that they don’t wish to be photographed or recorded and they can select a seating option accordingly.

Data retention
Once you register for the event, we will store the data collected for two years; the objective is statistical, reporting and impact analysis. The data will be stored in accordance with the requirements of the programmes if the event is related to the implementation of various structural fund programmes.

We will store data about the people who participated in the event (signature sheets, names in the case of e-events) along with the accounting source documents for seven years from the end of this year or in accordance with the programme if the event was funded by a structural funds programme.

The data will be deleted after the retention period has elapsed.

More specific retention periods are available in the list of documents approved by the Estonian Research Council directive.

Data processing if there’s catering at the event
We collect data about dietary preferences to ensure the suitability of the food on offer when organising an event that has catering. We’ll forward the food preference data in an anonymous manner to the caterer and delete it at the same time as other registration data.

Recording and taking photographs
If the event is broadcasted or recorded or photographed, this will be notified in a separate manner during the event. Recordings and photographs will be kept for an indefinite period. These may be published on the Estonian Research Council’s website or social media channels.

Transfering data
If the event was financed by the structural funds, the signature sheets demonstrating event participation are forwarded to the implementing agency of the relevant programme, which is the State Shared Service Centre.

The Estonian Research Council processes the name, contact data, and, if necessary, financial data of persons with whom a contract for services, an authorisation agreement, employment contract or other contract under the law of obligations has been entered into.

The processing of such data is necessary for entering into a contract and performing contractual obligations.

The Estonian Research Council uses a public document register, thus, the data on contracts (contract number, title, date) can be viewed publicly. Access to contracts entered into with private persons is restricted and such documents are not published in the document register. If someone wishes to examine a document and submits a request for information, the contents of the contract are reviewed and a decision is made on whether the document can be released partly or fully. A contract to be released shall not include personal contact data, such as an e-mail address or telephone number (except if it is a representative of a legal person or institution).

Documents with restricted access are released only to those institutions and persons with a direct right arising from law to request them (e.g., a body conducting pre-trial procedures or a court).

As a rule, the Estonian Research Council stores contracts for 10 years after the expiry or termination thereof. Contracts related to the use of resources from the European Regional Development Fund are an exception. More specific storage terms are available in the list of documents as approved by the Estonian Research Council’s directive .

In processing applications for research funding, the Estonian Research Council processes the person’s name, contact data, data on education and training courses, documents, and employment.

The purpose of processing the data referred to above is performing an obligation arising from law (granting research funding) and performing a task in the public interest; it is also necessary for entering into and performing a contract with the persons who have been awarded funding. The processing of contact data upon reviewing the feedback related to granting research funding is based on the Estonian Research Council’s legitimate interest. The names of the persons whose applications are satisfied are published.

Personal data related to granting research funding is generally processed through the Estonian Research Information System and the data is stored in the database without a term.

In processing the applications and offers of the programmes Mobilitas Pluss (mobility and co-operation funding), RITA (research offers, applications, scientific councillors), ResTA (support for R&D activities of resource valorisation) and TeaMe+ (science communication), the Estonian Research Council processes the name, contact data, data on education and training courses, and, if necessary, the financial and employment data of a person, depending on the application.

The processing of the data referred to above is conducted for performing an obligation arising from law (implementation of programmes) and performing a task in the public interest, also, when a contract is entered into in relation to the application, the processing is necessary for entering into and performing the contract. The processing of contact data in reviewing feedback related to the implementation of programmes is based on the Estonian Research Council’s legitimate interest. The names of the persons whose applications are accepted will be made public.

As a rule, data related to RITA is stored until 31 December 2027, TeaMe+ until 31 December 2033, ResTA until 31 December 2028 and Mobilitas Pluss until 31 December 2032. More specific storage terms are available in the list of documents as approved by the Estonian Research Council’s directive .

In organising competitions (national student research competitions and competitions for pedagogical research projects, national contest for young inventors, the Estonian Science Communication Award) and providing grants and support (science communication project competitions, young scientists’ scholarship), a person’s name, contact data, document data, and, if relevant, financial data are processed.

The processing of the data referred to above is conducted for performing an obligation arising from law and performing a task in the public interest, also, when a contract is entered into in relation to the activity, processing is necessary for entering into and performing the contract. The processing of contact data in reviewing feedback is based on the Estonian Research Council’s legitimate interest. The names of the persons who receive an award in a competition or are granted a science communication award are published.

As a rule, the data processed in organising competitions is stored for 7 years, awarded works are stored permanently. More specific storage terms are available in the list of documents as approved by the Estonian Research Council’s directive.

In organising international research cooperation and in providing various grants and support (e.g., bilateral cooperation, Joint Baltic Sea Research and Development Programme Bonus, the Norwegian-Estonian Research Cooperation Programme, partnerships), the Estonian Research Council may process the name of a person involved in application, evaluation, projects, or any other relevant activity. If it is necessary for achieving the purpose of the processing, their contact data, data on education and training, employment data, and/or financial data may also be processed.

The organisation of international research cooperation is the Estonian Research Council’s obligation arising from law and a task in the public interest. Also, when a contract related to international research cooperation is entered into, processing is necessary for entering into and performing the contract. The processing of contact data in collecting and reviewing feedback about the Research Council’s activities is based on the Research Council’s legitimate interest.

Personal data that is necessary for the mediation of partner searches related to the Framework Program, COST and other calls shall be processed based on the consent by the person who has requested the partner search mediation. The data shall be disseminated using, inter alia, mailing lists of National Contact Points (NCPs) and relevant social media groups. The information contained in the partner search form will be used to make similar offers or send relevant information in the future.

As a rule, data is stored for 5 years after the expiry of a project. More specific storage terms are available in the list of documents as approved by the Estonian Research Council’s directive.

In selecting candidates for employment, the Estonian Research Council proceeds from the information disclosed by the persons themselves and gained from public sources. A candidate has the right to know what data the Estonian Research Council has collected in relation to them. The candidate also has the right to access the collected data, provide explanations, and submit objections.

Application documents are examined only by the employees participating in the hiring process. These documents and data are not disclosed to third parties. The Estonian Research Council presumes that the people who have been listed by the candidate as their referees can be contacted without asking for permission. If the candidate is not selected, their data is stored for one year. A longer storage period requires the person’s written consent.

The data on the candidates is restricted and third parties (including competent institutions) may gain access to it only in cases provided by law.

When a person browses the Estonian Research Council’s web page, the following data is collected and stored regarding the visitor:

  • the Internet protocol address (IP address) of the accessing computer or computer network
  • the software version of the computer’s Internet browser and operation system
  • time of visit (time, date, year).

IP addresses are not associated with data that can identify a person. Data is collected about the section of the website visited and the duration of browsing it. The collected data is used for compiling statistics on web-traffic to develop the website and make it more convenient for visitors.

The Estonian Research Council’s web page uses persistent cookies and session cookies to offer a better user experience, additional content, for example, videos, blogs, and push notifications. The cookies may be also created by various external service providers (e.g., Facebook and Google) who aid us in improving the website. Visitors are deemed to have agreed to cookies when cookies have been allowed in the web browser’s settings. If agreement is withheld, some of the website’s functions may be restricted.

The user can erase cookies and the data collected about them on the Internet by following the instructions of the relevant service provider, but in that case the Estonian Research Council cannot guarantee the correct performance of the service. Instructions for erasing cookies and changing the settings of your browser are available at:

A person is, at any time, entitled to:

  • request access to their personal data
  • request the rectification, completion or erasure of their personal data
  • request the restriction of the processing of their personal data
  • request the transfer of their personal data
  • file a complaint with the Estonian Data Protection Inspectorate.

 Data protection officer

Kati Uusmaa
ph +372 7317 342
kati.uusmaa@etag.ee