Skip to content
Search for information, services, etc.

Data protection conditions

Data protection conditions

How do we protect your private information?

Tallinn City public offices process your personal data primarily to fulfil tasks arising from the law. We consider it important to follow all personal data processing principles and have implemented security measures to protect your personal data from unintentional or unauthorised processing, public disclosure and destruction.

You can find more detailed information about the processing of personal data in the city's offices in the following Tallinn City data protection terms. If you have any questions, please write to either the general email address of the relevant office or the city's Data Protection Specialist at
[email protected].


Data protection terms of Tallinn City

1. On what grounds do we process your personal data?

We process your personal data (e.g. first name and surname, identification code, date of birth, residential address, contact information) in the following cases:

  • when performing a public task (e.g. assigning a school placement or birth support),

  • in fulfilling a legal obligation (e.g. transferring data to a bank in relation to the payment of salaries, keeping accounting invoices),
  • in fulfilling a contract concluded with you.
If we wish to process your personal data on the grounds not mentioned above, we will ask for your consent. If you do not give consent or withdraw it, we will not process your personal data.
When processing personal data, we are guided by the following:

2. Who processes your personal data?

The controller of personal data is a city office that is responsible for the fulfilment of a specific public task, legal obligation or contract, or that has asked you for your consent for data processing. Only those employees of the office who use personal data to perform work-related tasks can access your personal data.

The controller may transfer personal data for processing to an authorised processor (e.g. an information system manager) with whom the city office has concluded a relevant contract. The authorised processor must comply with the purposes and methods specified in the contract and the instructions of the city office.

3. What are our policies on disclosure of personal data?

We do not disclose personal data without a legal basis, for example:

  • in the Register of Documents of Tallinn’s public offices, the name is replaced by initials in a letter from a private person and the content of the letter is not displayed,
  • the Register of Legislations of Tallinn does not display the content of legislation designated for internal use of an organisation,
  • when a document containing personal data is issued to a third party, the personal data contained in the document is rendered unreadable.
We issue and disclose personal data only in cases arising from the law, for example:
  • we issue personal data to pre-trial proceedings or to a court or on the basis of § 152 (1) clause 3 of the Vital statistics Registration Act or § 71 or 72 of the Population Register Act;
  • we disclose personal data in Ametlikud Teadaanded (Public Notices) if this is determined by a special law or a legal act issued on its basis.
As a rule, we do not disclose personal data as open data, i.e. as machine-readable data that can be freely and publicly used by everyone, unless disclosure is determined by law or other legislation.

4. How long do we keep your data?

We store your data either:
  • until the expiration of the document's statutory retention period or
  • for as long as is necessary for the performance of a statutory duty, or
  • until the requirement arising from the law expires.
We process data that has no archival value until the retention period expires. We hand over data of archival value to the public archive for storage and stop processing the transferred data.

5. How do we protect your personal data?

Our goal is to prevent unauthorised processing of personal data, ensure need-based access to data and prevent unauthorised disclosure of data. For this purpose, we use organisational, physical and information technology security measures, including the appropriate level of data protection. When processing personal data, employees of city offices are obliged to comply with all data protection rules arising from the law and to use security measures.
An authorised processor, such as an information system operator, must ensure at least the same level of security when processing personal data as a city office would.


6. How do we process your personal data if you apply for a job or internship?

If you apply for a job or internship in a public office of the city of Tallinn or an office managed by one (hereinafter referred to as city offices), we use the information you have published or that we have obtained from public sources. The candidate has the right to know what data has been collected about them and to give their own explanations and objections.

The recruitment of candidates is organised by the city's HR service at the Tallinn Strategic Management Office and Tallinn City Office. The city’s HR service also organises the recruitment of heads of city offices. Other recruitments are organised by the office's HR specialist or a person working in HR. The data of participants in the recruitment competition will not be disclosed to other candidates or persons who are not participating in the specific recruitment and selection process. All persons involved in the recruitment process keep the information received (application documents submitted in writing or electronically) and collected about candidates confidential.

We conduct a background check with the candidate with their prior consent and knowledge. For this purpose, we talk to persons who have been provided by the candidates themselves.

We expect applicants and other participants in the process to be interested in providing us feedback about the recruitment process, which will help us improve and make recruitment more client-centric. When asking for feedback, we abide by the data protection terms.

We retain the data of candidates who are not selected to resolve possible legal disputes arising in the recruitment process until the claim expires. With the consent of the candidate, we will store the candidate's data for the period agreed upon with the candidate in order to propose participation in recruitments organised in the future.

Candidate data is access-restricted information which third parties can access only in cases stipulated by law. If you apply for an internship with us, the same requirements regarding the processing of personal data apply as in case of applying for a job.


7. What are your rights?

  • You have the right to receive information about the data we process and how we process it. To receive information, you must prove your identity and submit a (preferably digitally) signed request to the city office from which you want information. Your request will be responded to within a reasonable time (no later than within 30 days). The office can extend the response deadline by 60 days based on Article 12 (3) of the General Data Protection Regulation, taking into account the complexity of the response to the request and the amount of requested data. The city office will inform you of the extension of the response deadline and the reasons for the delay within 30 days of receiving the request. If the city office refuses to respond to the request, it will explain the grounds and reasons for the refusal.
  • If your personal data is processed on the basis on your consent, you have the right to withdraw consent at any time. In order to withdraw your consent, we ask you to make an application to the city office to which you had given your consent for data processing. The city office stops processing your personal data as soon as it learns about the withdrawal of your consent.
  • You have the right to demand the deletion of personal data if your data is processed on the grounds of your prior consent and you have withdrawn your consent or if the data retention period has expired and they do not need to be archived.
  • You have the right to request the correction of your data if they have changed or are for any other reason insufficient, incomplete or incorrect.
  • You have the right to request the restriction of personal data processing for the period of time when the objection to the processing of personal data or the correctness of the personal data is being checked, or if you need data for the submission, preparation or defence of legal claims;
  • You have the right to object to the processing of your personal data if you suspect that the data is being processed illegally or that the data processing violates your rights.
  • If the city office intends to further process personal data for purposes other than the one for which it was initially collected, it will provide you with information about the purposes of further data processing in advance.
  • You have the right to contact the Data Protection Inspectorate or the court to protect your rights.

8. Who should you turn to?

The city office that processes your personal data is responsible for the legality of personal data processing and it provides information about data protection terms and data processing. Each city office has a data protection contact person whose task is to coordinate the resolution of the office's data protection issues. In the case of a data protection question related to a city office, please contact the office at its general email address. The city's data protection specialist can be contacted at the email address [email protected]

Cookies used on the Tallinn City website

Cookies are small files that are generated when you visit a website and are stored on the device used to visit the website. Cookies are designed to improve the visitor's user experience. The preferences selected during your visit to the website are stored as cookies and are used on your next visit to the website.

Cookies used for website operation:

  • sess_admin – for managing website sessions. Valid until the browser is closed.
  • fontSize – to remember the selected font size. Valid for three years.
  • TallinnAccContrast – contrast feature selected for the visually impaired. Valid for three years.
  • TallinnAccEmphasis – selection emphasis feature for the visually impaired. Valid for three years.
  • TallinnAccLineHeight – line height feature for the visually impaired. Valid for three years.
  • TallinnAccNoColor – a feature to turn off colours for the visually impaired. Valid for three years.
  • TallinnAccNoStyle – style removal feature for the visually impaired. Valid for three years.
  • TallinnFontSize – to remember the selected font size. Valid for three years.
  • keel_nimi – the language selected when visiting the website. Valid for one year.
  • mobiilivaade – design of the mobile phone view selected when visiting the website. Valid for one year.

Cookies from other parties:

  • __gat, __ga, __gid, __utma, __utmb, __utmc, __utmz, __utmv, NID, 1P_JAR, SID, HSID, AID, DSID, APISID, SAPSID, SIDCC, SSID – we use Google Analytics to gain insight into web traffic in order to improve user experience in the future. Google saves your IP address and data related to your use of the website.
  • id, IDE – Google sends an identifier to on whether the visitor's browser supports cookies.
  • CONSENT, PREF, VISITOR_INFO1_LIVE, YSC – YouTube collects statistics about videos viewed by the visitor.
  • datr, dpr, C_user, pl, sb, wd, xs, fr – cookies for collecting social media likes, shares and statistics.

Third party cookies

Some of our pages display content from external service providers, such as:

To view content provided by these third parties, you must first agree to their specific terms. This consent covers the principles of the use of cookies over which we have no control.

If you do not view this content, no third-party cookies will be installed on your device.
These third-party services are not under the control of the Tallinn City Government. Service providers may change their terms of use, purpose and use of cookies, etc. at any time.


How can you manage cookies?

You can manage/delete cookies if you wish – learn more on

Removing cookies from your device

You can delete any cookies already stored on your device by deleting the browsing history from your browser. This will remove all cookies from all websites you have visited.

Please note that this may also cause you to lose some of your saved information (e.g. saved login details, site preferences).

Managing site-specific cookies

For more detailed control over site-specific cookies, review the privacy and cookie settings of your preferred web browser.

Blocking cookies

Most browsers can be set in a way that cookies will not be stored on your device, but in this case you will have to manually adjust certain preferences each time you visit a website/page, and some services and functions may not work at all (e.g. login).


See more
Call recording procedures on the city's general phone line
The procedure for using monitoring devices in the buildings of the Tallinn City Office

Last modified 05.04.2023