Processing of personal data

Correspondence data is visible in the public view of our document register, in accordance with the Public Information Act. In our correspondence with a private person, we do not disclose the content of the letter and display ‘private person’ instead of his or her name. The name and exact title of a private person are only visible internally. Generally, our correspondence is intended for internal use only, with restrictions on access established under the Public Information Act. Upon registration in the document register, the letter sent by you to us is generally classified as restricted-access information pursuant to clause 35 (1) 12) of the Public Information Act (significantly breaches the inviolability of private life) and clause 35 (1) 19) of the Public Information Act, and subsection 26 (1) of the Taxation Act (other information provided by law – with the law being the Taxation Act, which refers to tax secrecy). In the case of special (previously referred to as sensitive) types of personal data in correspondence, notation clause 35 (1) 11) of the Public Information Act (special types of personal data) shall be added as a basis for access restriction.

When we respond to your letter or create another document, the author of the document will mark the document as ‘for internal use’ at the time of its creation, to protect your personal data from disclosure.

To submit a request for information, a request for explanation or a memorandum, please write to [email protected] or fill in the online form on our website in the “Official requests” section.

If you request information that contains your or a third party's personal data, please sign the request digitally and send it to the e-mail address [email protected].

On the online form, please submit requests that do not require a digital signature.

You can also send us a signed request on paper to the address: Estonian Tax and Customs Board, Lõõtsa 8a, Tallinn 15176.

We need your personal identification code and contact details to register your requests and respond to you. The data is stored in our document register for 7 years.

Request for information

Requesting an already existing document or documents is considered a request for information.

We usually respond to requests for information within five working days. However, depending on the volume of information requested, it may take up to 15 working days to respond. We will notify you of the extension of the term for responding and the reason behind it. We may refuse to issue information on the grounds arising from the law, which we will refer to when replying to you.

Request for explanation

Not all inquiries are requests for information. As a request for explanation, we consider your request, to which an analysis, synthesis or collection of additional information is necessary to prepare an answer, or a request in which you ask about the legislation underlying the activity of the ETCB or our competence. Pursuant to the procedure provided for in the Response to Memoranda and Requests for Explanations and Submission of Collective Proposals Act, we will respond to memoranda and requests for explanations no later than 15 calendar days after registering the request for explanation. Depending on the complexity of the answer, the deadline for answering may be extended up to two months. We will inform you about the extension of the response deadline and the reason for it.

Memorandum

You can send us suggestions for better organisation of our work with a memorandum. If your letter requires a response, the response deadlines are the same as for a request for explanation.

The right of and procedure for a person to examine data concerning themselves

You have the right to submit inquiries about the processing of your personal data and to access the data we have collected about you. Please send your digitally signed inquiry to the e-mail address [email protected]. If there is no such possibility, send us a signed request to the address: Estonian Tax and Customs Board, Lõõtsa 8a, Tallinn 15176.

Your request will be registered and forwarded to either a data protection specialist or the competent department for a response.

In accordance with Article 12 of the EU General Data Protection Regulation, we will reply to you without undue delay and in any event within one month of receipt of the request. This period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We shall inform you of any such extension within one month of receipt of the request.

We are not obligated to comply with your request for access, only if doing so may:

• harm the rights and freedoms of another person;
• impede or prejudice the prevention and detection of an offence, the performance of offence proceedings, or the execution of a punishment;
• endanger national security.

We will notify you of a decision to refuse to provide data or information.

In the course of procedural acts, we collect your personal data to the extent necessary to conduct the proceedings.

In tax proceedings, the tax auditor will explain your rights and obligations to you. You have the right to access information concerning you that was collected by the tax auditor and to make copies or extracts of such information (subsection 14 (3) of the Taxation Act). This means that the tax auditor will allow you to inspect the materials collected about you at each stage of the proceedings. The tax auditor has the right to refuse to provide information to a person if this would affect the ascertainment of the truth in criminal proceedings.

Information will not be disclosed to you if it was obtained in the context of international professional assistance and the tax authority of another country requests, in writing, that the information provided by it be withheld as a result of an international tax treaty. Data will not be published even if it has been declared secret (by an EU institution, such as the European Commission).

Our officials have access to the data in accordance with their duties, and improper processing of the data is punishable. The targeted use of your data is controlled by the Internal Control Department of the ETCB.

Documents, including administrative acts, summonses and notices, shall be delivered against a signature, delivered by post or electronically or published in a periodical publication. We may choose the manner of delivery unless a mandatory manner of delivery is provided by law. The different methods of delivery are explained in Chapter 4 ‘Delivery of Documents’ of the Taxation Act.

When delivering documents, we use address data that the participant in the proceedings has disclosed to us or that is available from the population register. If information concerning your address is missing or incorrect and your actual whereabouts are unknown, we may publish the resoluti

on contained in the document in the official publication Ametlikud Teadaanded. In that case, the resolution is deemed to have been delivered after 10 days as of the publication thereof.

The conducting of misdemeanour proceedings is regulated in detail by the Code of Misdemeanour Procedure together with the Code of Criminal Procedure.

We will disclose the information of the person who made the misdemeanour report to the other participants in the proceedings, to the extent prescribed by the codes of procedure and necessary for resolving the matter.

The person subject to the proceedings and his or her defence counsel may examine the materials pursuant to the procedure prescribed in the codes of procedure. The person who made a misdemeanour report may inspect the materials upon submission of a request for information, taking into account the established access restrictions.

When conducting misdemeanour proceedings, we use the e-File system, which includes using the e-File system to exchange data with other authorities (for example, in cases, when transmitting information concerning punishment to the Criminal Records Database and to an enforcement agent). The e-File system is a closed system and can be accessed by logging in with an ID-card or mobile-ID. Access to the system is limited to competent officials. A party to proceedings may view his or her procedural information and submit and receive procedural documents via the public e-File to the extent provided in the code of procedure. It is also possible, by agreement, to send documents by e-mail or post via registered mail.

Misdemeanour decisions are not subject to publication on the ETCB website. Misdemeanour decisions that have entered into force may be requested by submitting a request for information. A misdemeanour decision that has entered into force may also be subject to access restrictions. The name and personal identification code of a person punished by way of misdemeanour procedure are public data, the data of other persons are not disclosed.

The law allows us to disclose circumstances related to misdemeanour proceedings only in exceptional cases, on the basis of § 62 of the Code of Misdemeanour Procedure and clause 27 (1) 10) of the Taxation Act. We only exercise this right when absolutely necessary, refraining from an undue invasion of privacy.

Punishments for misdemeanours that have entered into force shall be entered in the Criminal Records Database. Access to the Criminal Records Database is restricted, information can be requested pursuant to the procedure provided for in Chapter 3 of the Criminal Records Database Act.

Decisions are not always made by an official, instead taking place automatically in the data processing system. For example, our data processing system makes automatic decisions regarding income tax refunds in FIDEK, the income tax return processing system for natural persons. An automatic decision is made on the basis of the data you have entered in the e-services environment e-MTA of the Estonian Tax and Customs Board. You confirm the accuracy of the information provided at the end of the declaration. If your application for an income tax refund is in accordance with the law, it will be accepted by the data processing system. Notice of the decision to satisfy or refusal to satisfy the application will also be sent to you automatically in the e-MTA.

If you submit a tax return to us on paper, our official will enter the information you provide into the data processing system, and the decision to refund your income tax will again be made automatically. If your income tax refund application is not accepted, the notice will be sent to the residential address indicated in the Population Register or to the address last provided by you to the tax authority. You will not be notified separately in writing regarding the satisfaction of your application for an income tax refund.

The refunded amount will be credited to the bank account you provided on your tax return form.

If your application submitted within the e-MTA or on paper is not satisfied, we will contact you in the manner described above and the procedure will be continued from that point on by one of our officials, who will make a decision at the end of the proceeding, with the decision no longer being automatic.

Our data processing system also prepares other automatic decisions, such as decisions on the payment of tax arrears in instalments. In this case, a notice is added to the document stating that the document was created automatically. You have the right to express your views on the decision and to receive explanations from us. You also have the right to challenge the automatic decision.

If you would like us to review our own decision or action which affects your rights, you have the right to appeal within 30 days of becoming aware of the contested decision or action. A challenge cannot be filed if you have taken the same matter to court. The dispute will be resolved within 30 days. This term may be extended by up to 10 days. You can find more detailed requirements for a challenge in Chapter 14 ‘Challenge Proceedings’ of the Taxation Act, and in Chapter 5 of the Administrative Procedure Act.

When visiting our service bureaus, we ask you to submit a document for identification, which is either a passport, ID card, driving licence or any other type of document listed in the Identity Documents Act. Your visit will be recorded in the visitor registration program, where a consultant will record the time and reason for your visit. Data about your visit can be accessed by employees to whom it has been assigned. We keep records of visits for 7 years.

A computer for customers has been installed in the service halls. You can sign in to your email inbox and review or fill in your income tax return. To do this, you must first authenticate yourself with an ID-card, mobile-ID or Smart-ID. If necessary, you will be assisted by a consultant. The consultant will not monitor you entering your PIN codes. Please close the web browser after you have finished using the customer computer.

The user account used on the computer for customers is anonymised and users’ browsing and use history is deleted after the end of the use (session).

Your operations with the income tax return are saved on the server of the Tax and Customs Board. The Tax and Customs Board does not have access to the content of your e-mail inbox.

The personal data used by the ETCB, including your contact information, is a tax secret on the basis of subsection 26 (1) of the Taxation Act, in other words, tax secrecy is all information that the Estonian Tax and Customs Board has about a taxable person. Sections 27–30 of the Taxation Act provide to whom a tax secret may be disclosed.

In tax proceedings, a participant in the proceedings has the right to introduce the personal data of third parties related to the given specific matter, except for specific types of personal data. The part of the bank statements that we use as evidence in this same specific tax proceeding can be described.

We use video surveillance to protect the property and persons. The use of security cameras is revealed by the signs installed on the building or territory.

Video recordings are stored for at least 30 days from the date of recording, but no longer than one year depending on the location of the video surveillance system. At the end of the retention period, the data will be deleted automatically.

Mobile devices (mobile phones, dictaphones, video cameras, photo cameras, body cameras and cameras installed in special service vehicles) are used by the Board for the performance of state supervision, recording of important facts and evidence and use in procedural operations. Before using a device, an officer will inform you about it; corresponding stickers are installed in special service vehicles.

After a recording device has been used, the recording will be erased from the device and moved to the Board's information system, where it will be stored in accordance with the time limits for the various procedural steps set out in the Board's classification scheme for documents.

Body cameras may only be used by officials of the Customs Control Department to record the examination of movable property or premises. Body camera recordings are stored in the Board's information system for 30 days. If a recording is used as evidence in offence proceedings, the retention period for the recording may be extended by up to one year. Recordings are deleted automatically.

We automatically notify of the fact of recording phone calls before starting calls. When you call our customer information lines, we record calls to assess service quality, develop and improve the service, as well as promptly resolve disputes.

When calling our hotlines, we record phone calls for processing allegations of possible offences related to taxes and smuggling, as well as for processing allegations of possible offences by officials and, if necessary, for contacting the person making the allegation with his or her consent.

Phone call recordings are stored for 30 days. Access to recordings is regulated by the Board's internal procedures.

You can find more information on the procedure of reporting suspected violations on the webpage “Fraud hotline”.

If you contact us using web forms on the website, we will use the personal data you enter on these forms to register you for events or to respond to you/provide you with information. The amount of data required for registration depends on the event and we specify this separately each time during registration. We may ask for, for example, your name, e-mail address, and, if necessary, place of work, etc. We usually store the personal data provided in web forms for one calendar month. 

You can also join newsletter mailing lists using web forms (e.g. "Data-based reporting", "News on services"). To enable subscriptions to newsletters, we retain the data provided in the web forms for the entire period during which you want to receive newsletters. If you unsubscribe from the newsletters or wish to be removed from the newsletter mailing lists, we will retain the personal data you provided for one calendar month.

The purpose of the Public Information Act is to ensure that the public and every person has the opportunity to access information intended for public use, based on the principles of a democratic and social rule of law and an open society, and to create opportunities for the public to monitor the performance of public duties. At the same time, we refrain from excessively infringing upon the privacy of those involved. Among other things, we reserve the right, if a person himself or herself presents procedural information to the public, to provide public explanations about his or her activities, if necessary.

Twice a year, we ask for the opinion of customers who have recent experience using services via our e-services environment e-MTA or who have visited our service offices, called or written to our customer support.

Feedback from users is very important to us and helps us to better see our services and the quality of those services through your eyes. In this way, we can better assess what is already working and what requires further development in order to provide the best experience that meets expectations.

The measurement of satisfaction with the web environment service is provided to us by our contractual partner OÜ Recommender. We use the Promoter Index methodology to measure satisfaction.

Answering the questionnaire is optional, you can unsubscribe by clicking the ‘Remove email address from list’ link found at the end of the e-mailed questionnaire.

We store customer responses in the Recommy web environment, without personal data, for a period of two years. This is necessary in order to compare the results of the current year with the results of the previous year.

A public competition will be announced to recruit staff. The competition is announced on the web-page "Public competitions" of the Ministry of Finance, web-page of the ETCB and in other employment mediation environments. Recruitment is organized by the Personnel Department and the recruitment process usually takes place over a period of 2–4 months.

Depending on the complexity of the position to be filled, the following methods, in addition to the structured interview, will be used to assess candidates:

• test assignment – a practical task related to the duties of the position;
• compatibility study – with the permission of the candidate, his or her submitted references will be interviewed, and previous professional behaviour, cooperation skills, personal characteristics and possible coping in the new position will be studied.

The recruitment specialist will send an e-mail to the candidates who have reached the final round asking for signed consent to conduct a background check. Consent from candidates will be forwarded to the Head of the Internal Control Department. A background check is performed by an authorized official of the Internal Control Department on the basis of data obtained from databases being used by the ETCB, and the CV is reviewed via Talendipank. The legal basis for conducting a background check is provided for in section 81² of the Taxation Act and section 10 of the Customs Act.

The next best candidate may be appointed to the post in the cases provided for in § 18 of the Public Service Act. In this case, a new competition will not be announced.

The person who won the competition and the candidates who were not selected shall be notified of the final results of the public competition in a format enabling reproduction in a written form within 14 calendar days following the date of making the decision.

References

Procedural documents relating to your personal data will be preserved in accordance with the time limits laid down in the Board’s list of documents, including in accordance with applicable law. For example, decisions on collecting tax arrears and the payment thereof in instalments have a retention period of seven years, while tax audits and control files have a retention period of 10 years after the end of the inspection. Customs examination minutes are preserved for seven years. Challenge files are preserved for seven years after the end of the challenge procedure and misdemeanour documents for 10 years.

When recruiting staff, we will preserve any documents received during the competition for a period of one year, for the purpose of resolving any legal disputes that may arise during the recruitment process, to nominate the next best candidate for the position, and to propose a future competition with the consent of the candidates.

The purpose of the data tracker is to provide citizens with a clear overview of the activities carried out with their data. The data tracker displays databases to which queries have been made, the time when the queries were made and the authorities that made the queries. For example, we have interfaced the register of taxable persons with the processing of data in the income tax return of natural persons. The data of the data tracker is available via the state portal eesti.ee.

Details of meetings with lobbyists are published on the ETCB's website. We will publish your name or the name of the person representing you, the name of the organisation, the topic of the meeting, and the date of the meeting. We will also publish the name and position of the official with whom the meeting took place.

The purpose of disclosing meetings with lobbyists is to increase transparency in lobbying and communication with interest groups. By disclosing meeting data, policy-making is more understandable to the public and allows for a better understanding of which interest groups participate and contribute to policy-making.

In order to operate our web site properly, to analyse its use and to provide the best user experience, we place so-called cookies to your device’s (computer, smart device, etc.) browser(s).

You can find more information about the use of cookies on the webpage "Cookies".

You have the right to file a complaint with the Estonian Data Protection Inspectorate if your rights have been violated during the processing of personal data.

Contact details of the Estonian Data Protection Inspectorate: telephone: +372 627 4135, e-mail: [email protected], address: Tatari 39, 10134 Tallinn

• Information Technology Center of the Ministry of Finance (Rahandusministeeriumi Infotehnoloogiakeskus, RmIT) – information and communication technology development and management services;
• Estonian Information and Communication Technology Centre (Riigi Info- ja Kommunikatsioonitehnoloogia Keskus, RIT) – centralised computer workstation and basic server infrastructure service;
• State Shared Service Centre (Riigi Tugiteenuste Keskus, RTK) – provision of financial and personnel and payroll accounting services.