Data protection conditions
How do we protect your personal information?
The authorities of the City of Tallinn process your personal data primarily for the purpose of performing their duties under the law. We consider it important to comply with all principles of personal data processing and have implemented security measures to protect your personal data from accidental or unauthorized processing, disclosure, and destruction.
For more detailed information on the processing of personal data in municipal institutions, please refer to the following Tallinn City data protection conditions. If you have any questions, please contact the relevant institution at its general e-mail address or the city's data protection specialist at andmekaitse@tallinnlv.ee.
Tallinn City Data Protection Conditions
1. On what basis do we process your personal data?
We process your personal data (e.g., first and last name, personal identification code, date of birth, residential address, contact details) in the following cases:
- when performing a public task (e.g., assigning a school place or determining childbirth allowance),
- when fulfilling a legal obligation (e.g., transferring data to a bank in connection with the payment of salaries, keeping accounting records),
- when performing a contract concluded with you.
When processing personal data, we are primarily guided by
- the General Data Protection Regulation
- the Personal Data Protection Act
- the Public Information Act
- the Local Government Organization Act, and
- the Population Register Act.
2. Who processes your personal data?
The controller of personal data is a municipal authority that is responsible for performing a specific public task, legal obligation, or contract, or that has asked for your consent to process your data. Only those employees of the authority who use personal data to perform their duties have access to your personal data.The controller may transfer personal data to a processor authorized to process it (e.g., an information system administrator) with whom the municipal authority has entered into a relevant agreement. The processor must comply with the purposes and methods specified in the agreement and the instructions of the municipal authority.
3. What are our principles for disclosing personal data?
We do not disclose personal data without a legal basis, for example:- In the document register of Tallinn authorities, the name of a private individual in a letter is replaced with initials and the content of the letter is not displayed.
- The content of legal acts designated for internal use is not displayed in the Tallinn legal acts register.
- When issuing a document containing personal data to a third party, the personal data contained in the document is made illegible.
- we disclose personal data to a pre-trial investigator or court or pursuant to § 152(1)(3) of the Family Law Act or § 71 or 72 of the Population Register Act.
- we disclose personal data in Official Announcements if this is provided for by a special law or a legal act issued on the basis thereof.
4. How long do we keep your data?
We store your data either:- until the expiry of the retention period specified in the law, or
- for as long as necessary to perform a task specified in the law, or
- until the expiry of the limitation period specified in the law.
5. How do we protect your personal data?
Our goal is to prevent unauthorized processing of personal data, ensure access to data based on need, and prevent unauthorized disclosure of data. To this end, we use organizational, physical, and IT security measures, including an appropriate level of data protection. City officials are required to comply with all data protection rules arising from the law and to use security measures when processing personal data.An authorized processor, such as an information system administrator, must ensure at least the same level of security when processing personal data as a city agency would.
6. How do we process your personal data when you apply for a job or internship?
When applying for a job or internship at a Tallinn city government agency or an institution administered by a government agency (hereinafter referred to as city agencies), we rely on information you have published or obtained from public sources. Candidates have the right to know what data has been collected about them and to provide their own explanations or objections.The recruitment of candidates is organized by the City Personnel Service at the Tallinn Strategy Center and the Tallinn City Office. The City Personnel Service also organizes the recruitment of managers for city institutions. Other recruitment is organized by the institution's personnel officer or a person performing personnel work. The data of participants in the recruitment competition will not be disclosed to other candidates or persons who are not involved in the specific recruitment and selection process. All persons involved in the recruitment process shall keep the information received about candidates (application documents submitted in writing or electronically) and collected information confidential.
We conduct background checks with the prior consent and knowledge of the candidate. To this end, we will talk to the persons whom the candidate has named.
We expect candidates and other participants in the process to be interested in providing us with feedback on the recruitment process, which will help us improve our recruitment activities and make them more customer-oriented. When requesting feedback, we comply with data protection requirements.
We retain the data of unsuccessful candidates for the purpose of resolving any legal disputes that may arise during the recruitment process until the claim expires. With the candidate's consent, we retain their data for participation in future competitions.
We retain the data of unsuccessful candidates for the purpose of resolving any legal disputes that may arise during the recruitment process until the claim expires. With the candidate's consent, we retain the candidate's data for a period agreed with the candidate in order to make an offer to participate in a future competition.
Candidate data is restricted information that third parties can only access in cases provided for by law. If you apply for an internship with us, the same requirements for the processing of personal data apply as when applying for a job.
7. Register of personal data processing
A more detailed overview of data processing in Tallinn can be found in the Tallinn Data Processing Register. The Tallinn Data Processing Register can be found at: https://atr.tallinn.ee/.The data processing activities of specific institutions can be found below:
- click on the "search" field
- then click on the "select institution" button and enter the name of the kindergarten/school in the field that opens
- then click on the "search" button and click on the name of the kindergarten/school in the list that opens (which is red)
- finally, click on the blue "search" button below.
After that, a list of all data processing operations of the selected institution will open. You can view the description of each data processing operation by clicking on the "view" button.
8. What are your rights?
- You have the right to receive information about what data we process and how we process it. To receive this information, you must verify your identity and submit a request, preferably digitally signed, to the municipal authority from which you wish to receive the information. Your request will be answered within a reasonable time (no later than 30 days). The authority may extend the response time by 60 days under Article 12(3) of the General Data Protection Regulation, taking into account the complexity of the request and the volume of data requested. The city authority will inform you of the extension of the response period and the reasons for the delay within 30 days of receiving the request. If the city authority refuses to respond to the request, it will explain the grounds and reasons for the refusal.
- If your personal data is processed on the basis of your consent, you have the right to withdraw your consent at any time. To withdraw your consent, please submit a statement to the city authority to which you have given your consent for the processing of your data. The city authority will stop processing your personal data as soon as it becomes aware of your withdrawal of consent.
- You have the right to request the deletion of your personal data if your data is processed on the basis of your prior consent and you have withdrawn your consent, or if the data retention period has expired and the data does not need to be archived.
- You have the right to request the correction of your data if it has changed or is otherwise inadequate, incomplete, or incorrect.
- You have the right to request the restriction of the processing of personal data for a period of time while the processing of personal data is being verified.
- You have the right to request that your data be corrected if it has changed or is otherwise inadequate, incomplete, or incorrect.
- You have the right to request the restriction of the processing of personal data for a period of time while the objection to the processing of personal data or the accuracy of personal data is being verified, or if you need the data in connection with the submission, preparation, or defense of legal claims.
- You have the right to object to the processing of personal data concerning you if you suspect that the data is being processed unlawfully or that the processing of the data violates your rights.
- If a municipal authority intends to further process personal data for purposes other than those for which it was originally collected, it will provide you with information in advance about the purposes of further processing.
- You have the right to contact the Data Protection Inspectorate or a court to protect your rights.
9. Who to contact?
The municipal authority that processes your personal data is responsible for the lawfulness of the processing of personal data and provides information about data protection conditions and the data processing process. Each municipal authority has a data protection contact person whose task is to coordinate the resolution of data protection issues within the authority. If you have a data protection issue related to a city authority, please contact the authority's general e-mail address. The city's data protection specialist can be contacted at andmekaitse@tallinnlv.ee.Cookies used on the Tallinn city website
Cookies are small files that are created when you visit a website and are stored on your device. Cookies are designed to improve your user experience. Cookies store preferences selected during a website visit and are used the next time the website is visited.Cookies used for the functioning of the website:
- PHPSESSID – for managing website sessions (including page language). Valid until the browser is closed.
- siteTextSize – for remembering the selected font size. Valid until deleted.
- siteContrast – contrast setting selected for visually impaired users. Valid until deleted.
- accentuateSelection – selection highlighting setting for visually impaired users. Valid until deleted.
- siteLineHeight – line height setting for visually impaired users. Valid until deleted.
- removeColor – color removal setting for visually impaired users. Valid until deleted.
- removeAllStyles – attribute for removing styles for visually impaired users. Valid until deleted.
- user_token – for maintaining logged-in status. Valid for 20 days.
Third-party cookies:
- __gat, __ga, __gid, __utma, __utmb, __utmc, __utmz, __utmv, NID, 1P_JAR, SID, HSID, AID, DSID, APISID, SAPSID, SIDCC, SSID – We use Google Analytics to get an overview of website traffic in order to improve the user experience in the future. Google stores your IP address and data related to your use of the website.
- id, IDE – Google sends a token to doubleclick.com to indicate whether the website visitor's browser supports cookies.
- CONSENT, PREF, VISITOR_INFO1_LIVE, YSC – YouTube collects statistics about the videos viewed by the website visitor.
- datr, dpr, C_user, pl, sb, wd, xs, fr – Cookies for collecting social media likes, shares, and statistics.
Cookies from other parties
Some of our web pages display content from external service providers, such as: To view content provided by these third parties, you must first agree to their specific terms and conditions. This agreement covers the use of cookies, over which we have no control.However, if you do not view this content, no third-party cookies will be installed on your device.
These third-party services are not under the control of Tallinn City Government. Service providers may change their terms of use, the purpose and use of cookies, etc. at any time.
How can you manage cookies?
If you wish, you can manage/delete cookies – detailed information is available at aboutcookies.org.Removing cookies from your device
You can delete all cookies already stored on your device by clearing your browser's browsing history. This will remove all cookies from all websites you have visited.Please note that this may also result in the loss of some stored information (e.g., saved login details, site preferences).