Data in International Information Systems

Contents

1. Visa Information System (VIS)
2. Customs Information System (CIS)
3. Schengen Information System II (SIS II)

Visa Information System

For the purpose of processing visa applications for short stays in the Schengen States, the European Union has set up a central register of personal data, fingerprints and facial images contained in visa applications of visa applicants. The Data Protection Inspectorate exercises supervision over the compliance of the authorities with the requirements set out below when processing and collecting data. 

In the Schengen area, the Visa Information System (VIS), which connects the consular authorities of the Schengen States, and the border crossing points at the external borders to a central database and allows for the exchange of information, contributes to the implementation of visa policy. In Estonia, the Police and Border Guard Board is responsible for the visa register, through which the competent authorities make queries to the Visa Information System.

The Visa Information System is a system for the exchange of visa data between Member States with the aim of facilitating the visa application procedure, preventing visa trafficking and fraud, facilitating border checks and identity identification within the territory of the Member States and contributing to the prevention of threats to the internal security of any of the Member States. For this purpose, the Visa Information System, the central repository of short-stay Schengen visa data, processes personal data, fingerprints and facial images contained in the visa application of persons applying for a short-stay visa in the Schengen area.

The Visa Information System, used by Member States' consulates around the world, allows Member States to exchange information on visas for short stays in the Schengen States. 

Detailed rules for the use of the Visa Information System are set out in the VIS Regulation

Your rights

Everyone shall have the right to obtain confirmation as to whether data relating to him or her are available in the Visa Information System and to have access to personal data and information relating to their processing. Everyone also has the right to request the correction of incorrect data concerning themselves and entered in the information system or, if it is found that there is no (any longer) legal basis for the use of personal data, to request the deletion of such data.

In Estonia, a person can access the data concerning him/herself and entered in the information system by contacting the Police and Border Guard Board himself/herself or through a legal representative:

NB! For secure transmission of files by e-mail, please encrypt them using the certificate “Police and Border Guard Board (PPA) 70008747”).

The Ministry of Foreign Affairs and the Estonian Internal Security Service are also entitled to issue data entered in the Visa Information System.

If you apply for a Schengen (C) visa, the Ministry of Foreign Affairs is competent to reply.

If the application concerns a C-type visa issued at the border or if you apply for data on a long-stay (D-type) visa, the Police and Border Guard Board will issue data from the visa register or the Visa Information System.

The application must be signed by hand or digitally. The Police and Border Guard Board accepts digital signatures of service providers on the Estonian digital ID or the European Union trusted list. If it is not possible to digitally sign the application, please contact the nearest police station, service hall or border checkpoint to submit the application.

In the application, it is necessary to indicate the person's name, date of birth and other information that helps to identify the person whose data is being requested to access and to resolve the application. For example, the authority that entered the data in question, the type of data, information on where and how the owner of the data became aware of the data in the VIS, or which data is being requested to delete or correct.

Application form:

In addition to the submitted application, the Police and Border Guard Board may request additional information from the applicant, because before issuing personal data, it must be certain that the data is requested by the data subject or his or her legal representative. For example, it may be found that it is not possible to establish with certainty through a copy of an identity document that the applicant is the same person whose personal data the applicant wishes to access or whose personal data the applicant wishes to correct or delete.

The Police and Border Guard Board refuses to comply with the request or restricts the release of personal data in justified cases only on the basis provided by law if it may, for example:

  • adversely affect the rights or freedoms of another person,
  • endanger national security,
  • prevent the protection of public order,
  • prevent or damage the prevention, detection, prosecution or enforcement of a criminal offence.

The Police and Border Guard Board shall provide an answer in Estonian or English within 30 days by electronic means if you have submitted the application electronically and do not apply otherwise. When personal data is released, if possible, the response will be encrypted to you, unless you request otherwise. If the Police and Border Guard Board is unable to respond within this period, you will be notified and the deadline for responding will be extended by 60 days, up to 90 days.

Supervision of the Visa Information System

The European Data Protection Supervisor (EDPS) monitors that the processing of information in the Visa Information System at EU level is carried out in accordance with the rules of the Visa Information System. The national data protection authorities shall monitor the lawfulness of the processing of personal data by the Member States, including the transmission of personal data to and from the Visa Information System. The monitoring obligation of the national supervisory authorities derives from Article 41 of the VIS Regulation.

In Estonia, the supervisory authority for processing the personal data of the Visa Information System is the Data Protection Inspectorate. 

Under Article 43 of the VIS Regulation, the national supervisory authorities and the European Data Protection Supervisor, each acting within the scope of their respective competences, shall cooperate actively in the framework of their responsibilities and shall ensure coordinated supervision of the Visa Information System and national systems (VIS SCG), the website of which is available here.

Complaints

If your request is answered negatively or the answer is unsatisfactory, you have the right to file a complaint with the Data Protection Inspectorate or an administrative court. Proceedings in the Data Protection Inspectorate are free of charge. More information on the right of access to personal data.

More information on the processing of your data, access to it and data protection conditions can be found on the website of the Police and Border Guard Board.

Schengen Information System II (Central Register of Refusals of Entry)

In order to protect the security of the Schengen countries and prevent crime, a central register of refusals of entry has been established in the European Union. The Data Protection Inspectorate exercises supervision over the compliance of the authorities with the requirements set out below when processing and collecting data. 

The Schengen Information System II (SIS II) is a system for the exchange of data between Member States on refusals of entry, the purpose of which is to ensure public order, security and the free movement of persons in the Schengen judicial area by refusing a visa or entry to people on the list of refusals of entry in the Schengen Information System II. For this purpose, the Schengen Information System II processes the personal data of people on the list of persons refused entry in the Schengen area. 

The Schengen Information System II, used by Member States’ police and customs staff, allows Member States to enter alerts on certain categories of wanted or missing persons and objects. 

Detailed rules for the use of the Schengen Information System II are laid down in the SIS II Regulation and the SIS Decision

Your rights

Everyone, irrespective of his or her nationality, shall have the right to obtain confirmation as to whether or not data relating to him or her is available in the Schengen Information System II and to have access to personal data and information relating to its processing. Everyone also has the right to request the correction of incorrect data concerning themselves and entered in the information system or, if it is found that there is no (any longer) legal basis for the use of personal data, to request the deletion of such data.

In Estonia, a person can access the data concerning him/herself and entered in the information system by contacting the Police and Border Guard Board himself/herself or through a legal representative:

NB! For secure transmission of files by e-mail, please encrypt them using the certificate “Police and Border Guard Board (PPA) 70008747”).

If you know that you may be subject to an entry ban to Estonia, you can submit an enquiry on the website of the Ministry of the Interior.

If you have had a connection with a law enforcement authority of another country, we recommend that you immediately submit a request for access to your own data to the law enforcement authority of that country, without the mediation of the Police and Border Guard Board. If you have submitted an application to the Police and Border Guard Board but the information has been submitted to the information system by another state that has joined the Schengen Information System, the Police and Border Guard Board must in any case ask for the opinion of the authority responsible for the national part of the Schengen Information System of the respective state before issuing the data, and in the case of mediation of such applications, it must be taken into account that it will take more time to respond.

The application must be signed by hand or digitally. The Police and Border Guard Board accepts digital signatures of service providers on the Estonian digital ID or the European Union trusted list. If it is not possible to digitally sign the application, please contact the nearest police station, service hall or border checkpoint to submit the application.

In the application, it is necessary to indicate the person's name, date of birth and other information that helps to identify the person whose data is being requested to access and to resolve the application. For example, the authority that entered the data in question, the type of data, information on where and how the owner of the data became aware of the data in the Schengen Information System II or which data is being requested to delete or correct

Application form:

In addition to the submitted application, the Police and Border Guard Board may request additional information from the applicant, because before issuing personal data, it must be certain that the data is requested by the data subject or his or her legal representative. For example, it may be found that it is not possible to establish with certainty through a copy of an identity document that the applicant is the same person whose personal data the applicant wishes to access or whose personal data the applicant wishes to correct or delete.

The Police and Border Guard Board refuses to comply with the request or restricts the release of personal data in justified cases only on the basis provided by law if it may, for example:

  • adversely affect the rights or freedoms of another person,
  • endanger national security,
  • prevent the protection of public order,
  • prevent or damage the prevention, detection, prosecution or enforcement of a criminal offence.

The Police and Border Guard Board shall provide an answer in Estonian or English within 30 days by electronic means if you have submitted the application electronically and do not apply otherwise. When personal data is released, if possible, the response will be encrypted to you, unless you request otherwise. If the Police and Border Guard Board is unable to respond within this period, you will be notified and the deadline for responding will be extended by 60 days, up to 90 days.

Supervision of the Schengen Information System II

The European Data Protection Supervisor (EDPS) monitors that the processing of information in the Schengen Information System II at EU level is carried out in accordance with the rules of the Schengen Information System II. The national data protection authorities supervise the lawfulness of the processing and transmission of personal data contained in the Schengen Information System II within or from their territory, as well as the exchange and further processing of supplementary information. The supervisory obligation of the national supervisory authorities derives from Article 44 of the Schengen Information System II Regulation.

In Estonia, the supervisory authority for processing personal data contained in the Schengen Information System II is the Data Protection Inspectorate. 

Under Article 46 of the Schengen Information System II Regulation, the national supervisory authorities and the European Data Protection Supervisor, each acting within the scope of their respective competences, shall cooperate actively within the framework of their responsibilities and shall ensure coordinated supervision of the Schengen Information System II (SIS II SCG).

Complaints

If your request is answered negatively or the answer is unsatisfactory, you have the right to file a complaint with the Data Protection Inspectorate or an administrative court. Proceedings in the Data Protection Inspectorate are free of charge. More information on the right of access to personal data.

More information on the processing of your data, access to it and data protection conditions can be found on the website of the Police and Border Guard Board.

Customs Information System

The European Union has established the Customs Information System (CIS) to handle customs data in the Schengen countries, which facilitates fraud prevention by enabling the . Member States’ customs authorities of the Member States to share information. The Data Protection Inspectorate exercises supervision over the compliance of the authorities with the requirements set out below when processing and collecting data. 

The Customs Information System is a system of customs information between Member States, the purpose of which is to prevent, investigate and prosecute infringements of customs or agricultural legislation. For this purpose, the Customs Information System, which is the central repository of Schengen customs information data, processes data on goods, means of transport, businesses and persons involved in infringements passing through customs in the Schengen area.

The Customs Information System, used by the customs authorities of the Member States, allows Member States to exchange information on the customs data of the Schengen States. 
Detailed rules for the use of the Customs Information System are set out in the CIS Regulation.

Your rights

Once your data has been entered into the Customs Information System, you have the right to know which data has been entered, including which Member State has provided the data to the Customs Information System. You have the right to have factually incorrect data corrected and to request the deletion of unlawfully entered data in the Customs Information System. 

If you wish to find out which data concerning you has been added to the Customs Information System or to request the correction or deletion of data, you can submit an application to the Tax and Customs Board. 

You can submit an application to the Tax and Customs Board:

In the content window, enter the following information:

    • first name and surname
    • citizenship
    • date and place of birth
    • address
    • whether you request access, blocking, erasure or rectification of data. If you request a block, deletion or correction of data, please also include the reason why you want it.

Press the "Send" button.

  • By e-mail. Send a digitally signed application to [email protected].
  • By post. Application to be sent to Lõõtsa 8a, Tallinn.

If you send the application by post, it is necessary to submit with the application a copy of a valid identity document and a copy of the legal authorisation when representing another person.

If you submit an application at a service bureau, it is necessary to present an identity document to the service provider and, when representing another person, a legal authorisation.

Application forms (not available in English):

Monitoring of the Customs Information System

The European Data Protection Supervisor (EDPS) ensures that the processing of information in the Customs Information System at EU level is carried out in accordance with the rules of the Customs Information System. The national data protection authorities shall monitor the lawfulness of the processing of personal data in the Customs Information System. The supervisory duty of the national supervisory authorities derives from Article 24 of the CIS Regulation.

In Estonia, the supervisory authority for processing the personal data of the Customs Information System is the Data Protection Inspectorate. 

Under Article 26 of the CIS Regulation, the national supervisory authorities and the European Data Protection Supervisor, each acting within the scope of their respective competences, shall cooperate actively within the framework of their responsibilities and shall ensure coordinated supervision of the Customs Information System, including the provision of relevant recommendations (CIS SCG).

Complaints

If your request is answered negatively or the answer is unsatisfactory, you have the right to file a complaint with the Data Protection Inspectorate or an administrative court. Proceedings in the Data Protection Inspectorate are free of charge. More information on the right of access to personal data.

More information on the processing of your data, access to it and data protection conditions can be found on the website of the Tax and Customs Board (not available in English).

Last updated: 29.11.2024