Estonian Military Academy
Login

Site policy

Policy
Terms of Use of the Study Information System

The study information system (hereinafter ÕIS) is established with the aim to ensure effective, single and secure administration of studies of the professional higher educational institutions. The studies are managed according to the legislation of the relevant area.

The aim of ÕIS is to ensure the joined educational institutions (hereinafter Institution) a single and secure web-based environment through which to manage the study-related activities and inquire and communicate the data necessary for managing studies from the Admissions Information System to the Estonian Education Information System.

The Controller of ÕIS as the information system is the Information Technology Foundation for Education (hereinafter HITSA). The Controllers of the data in ÕIS are the Institutions to the extent of data processed by them. In respect of the data of the Institution, HITSA is the Processor by enabling to use ÕIS for processing personal data, by providing the support for the use of ÕIS, and by hosting the personal data in ÕIS in its servers. The users of ÕIS are all natural or legal persons who use the ÕIS environment.

HITSA and the Institutions undertake to protect the personal data processed in ÕIS and their privacy.

1. General terms
a) The use of any information or data volume in ÕIS in any way or any purpose is deemed as the use of ÕIS.
b) The use of ÕIS is allowed only in case of accepting all terms of use. The use of ÕIS confirms accepting all terms of use.
c) The Institution has the right to use ÕIS for managing the studies. All Institutions get a sub-account of ÕIS Institution.
d) The Institution who wishes to use the ÕIS shall submit a relevant request that is digitally signed by the signatory to HITSA.
e) A data storage agreement is based on the Statutes of ÕIS that is available here: https://projektid.hitsa.ee/pages/viewpage.action?pageId=5475900
f) ÕIS can be visited only with the general-purpose Internet browsers (Chrome, Mozilla Firefox, Edge, Opera, Safari, and others).
g) Visiting of ÕIS with special purpose programs for any purpose is forbidden without a previous written consent of HITSA. The special purpose program is a program that is not intended for general purpose Internet browsing or which work is not directly controlled by a human. The special purpose programs include, inter alia, scripts, robots and automated tools or programs that are not intended for Internet browsing.
h) The activities that disturb or hinder the provision of services via ÕIS are not allowed while using ÕIS, including the user must refrain from overloading the computer network and servers.
i) In the case where a provision of the terms of use is invalid due to conflict with the law, it will not affect the validity of the remaining provisions of the terms of use.

2. How to create and delete the ÕIS account
a) The Institution will create an ÕIS account for the user. To create the account, the person must have an employment relationship or a relationship under the law of obligations act with the Institution, or study in the Institution according to the documents regulating the study arrangements of the Institution.
b) The student accounts are created in the Admissions Information System or based on the data entered by the Institution.
c) The teacher’s account is created based on the data entered by the Institution.
d) The system administrator’s account is created based on the data entered by the Institution. When taking ÕIS into use, HITSA will enter the system administrator of the first Institution according to the application submitted by the authorised person of the Institution.
e) To delete the account, the person must submit a request to the Institution with who their account is associated. The account cannot be deleted if there is a legal base for keeping it open (e.g. the account is associated with data which retention date has not arrived yet).
f) It is not possible to use ÕIS any more after deleting the Account.

3. Personal data protection
a) The aim of collecting and processing the personal data is to identify the person, managing the person-related studies, including involving the person in studies and adding performances there and drawing up the studies related documents, compiling the studies related statistics of the Institutions.
b) ÕIS processes the personal data in compliance with the European Parliament and Council Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons in the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
c) To protect the personal data, all relevant organisational, technical and physical measures are applied upon processing of personal data.
d) The personal data are processed in ÕIS only via the secure connection (https). The users authenticate via ID card, Mobile ID or other identity solution approved by the state and the Institutions account management.
e) Only the authorised and guided persons can access data for processing according to the extent necessary for performing their duties.
f) Personal data can only be transferred without the consent of the person to the establishment or a party who have the direct right arising from the law (e.g. court of law or pre-trial body conducting proceeding) and the justified need.
g) The personal data is stored according to the normative documents valid for the educational institutions.
h) While deleting the user account, the personal data may be retained in the backup copy in ÕIS for a limited period.
i) The User must address the Institution under whose educational activities their personal data are processed with issues related to processing personal data related to the study activities, or performing the law-related rights.

4. Processed personal data
a) Personal data are processed in ÕIS in the composition established by the Institution. The data are entered to ÕIS by the Institution, inquired from other information systems or entered personally by the user.
b) The main data of the person (name, personal identification code, gender, citizenship, communication language), studies information (incl performances, documents), contact information, representatives and data on special conditions, if needed, are processed from the student’s data in ÕIS.
c) The person’s main data, working place data related to the Institution and information related to the arrangement of studies are processed from the data of the teacher in ÕIS.
d) The detailed data composition contained in ÕIS is disclosed in RIHA and is publicly available here: https://www.riha.ee/Infos%C3%BCsteemid/Vaata/ois#andmed
e) ÕIS is connected via the data exchange layer X-Road with:
◦ Admissions Information System (SAIS);
◦ Estonian Education Information System (EHIS).
f) The personalised data on when the user logged in and when their session ended is collected upon the ÕIS visit.
g) The pages visited by the person are logged only on the web server level and are hence not personalised. While processing the depersonalised data, no specific user can be identified in any way.

5. Ensurance of Accuracy of Data, amendment and rectification of data
a) The person who submitted the data and the person who entered the data are responsible for the accuracy of the data entered to ÕIS.
b) The data can be amended by the persons themselves, and HITSA by authorisation of the Institution. All amendments of the data are logged.
c) When the data are entered to ÕIS, the data about the person who entered data and the date and time of entering are stored.
d) When the data are rectified in ÕIS, the date of rectification and the person who rectified the data are fixed in the system log.
e) Adding, amendment and deletion of data are deemed as making an entry in ÕIS.
f) Every Institution enters only the data of own organisation.

6. Participants’ liability in data processing
a) ÕIS is hosted in the servers managed by HITSA and located in the territory of Estonia. Servers and ÕIS software is maintained currently with up-to-date security updates.
b) HITSA is responsible for the uninterrupted operation of ÕIS and necessary development works, provides support of the information system, arranges storage and backup copies of the data that are contained in ÕIS.
c) HITSA is not responsible for the failures of the ÕIS caused by circumstances that are outside the control of HITSA.
d) HITSA is not responsible for the content of the data and documents entered to ÕIS by the users.
e) HITSA may process all personal data processed in ÕIS for providing information system support and hosting service.
f) The Institutions are responsible for performing the requirements related to management of studies related information, processing of personal data (incl obligation of notification) and responding to the inquiry of the data subject.
g) The Institution undertakes to ensure the compliance of the user roles and rights of the Institution and prevent an access or unauthorised persons to ÕIS and personal data.
h) The Institution is responsible in case of the damage caused via the roles, including violation of the data protection requirements and activities damaging functioning of ÕIS.
i) HITSA has a unilateral right to limit or stop an access of the Institution or the user to ÕIS in case of an actual or potential risk to the security of ÕIS. HITSA will immediately inform the relevant Institution about restricting or stopping an access of the users of the Institution and both parties have to take immediate measures to eliminate the risk.
j) HITSA will inform about the data leaks all users whom the data leak concerned or might have concerned on its web-site https://www.hitsa.ee and the representatives of the group members via e-mail within 72 hours. In addition, HITSA will inform the Information System Authority and the Data Protection Inspectorate via the appropriate incident report form. In addition, HITSA will immediately take all measures to exclude the use of leaked data in any way against the users of the service.

Place and contacts of HITSA:
Information Technology Foundation for Education
Akadeemia tee 21/ 1 (floor IV)
12618 Tallinn, ESTONIA

Phone: (+372) 628 5802
Fax: (+372) 628 5803
E-mail: info@hitsa.ee
eten