Schengen border control

My rights and exercise of these rights

Everyone has the right to verify whether the processing of personal data concerning them complies with the legal basis. Exercising the right means that you have the right to obtain confirmation from the Police and Border Guard Board whether we process your data. If we process data about you, you have the right to access these personal data and information about their processing, or to request the rectification of inaccurate data about yourself entered into the information system, or if you find that there is no (any longer) legal basis for the use of personal data, you have the right to request the erasure of these data.

Such a right of a natural person (data subject) arises from: the General Data Protection Regulation(Regulation (EU) 2016/679), Articles 15–18 or the Personal Data Protection Act, § 24–25. The exercise of this right is specified by the following legislation:

  • related to the Schengen Information System, in the Regulation (EU) 2018/1862, Article 67, Regulation (EU) 2018/1861, Article 53, which concerns also the Regulation (EU) 2018/1860 through Article 19 and Regulation of the Minister of the Interior No 93 “Statute of the Maintenance of the National Register of the Schengen Information System” of 22 December 2009, § 21.
  • the Visa Register and the Visa Information System, in the Regulation (EC) 767/2008, Article 38, the Decision 2008/633/JHA, Article 14 and Regulation of the Minister of the Interior No 71 „Statute of Visa Register“ of 10 December 2015, § 21.
  • the Entry/Exit System, in theRegulation (EU) 2017/2226, Article 52 and Police and Border Guard Act, >§ 764.

Request to the data controller

Access to data concerning oneself which is entered in the information system and the exercise of other rights is carried out based on a request which can be submitted to the Police and Border Guard Board by oneself or through a legal representative. The resolving of the request shall be free of charge, unless the request is manifestly unfounded or excessive.

We recommend that you submit your request in the following format:

A copy of the identity document (for example passport, ID card, residence permit), including the part showing the person’s photograph may be attached to the request, but please do attach it to the request concerning the third-country national.

If you do not submit the request in person, but another person requests personal data about you, a document certifying the right of representation must be attached to the application. We must be able to verify the existence of the right of representation and the extent and period of validity thereof.

The request must indicate the person’s name, date of birth and other information that helps to identify the person whose data is requested and to resolve the request. For example, the authority which entered the data in question, the type of data, information on where and how the data owner became aware of the data in the system, or which data shall be rectified or erased.

Request submitted in a language other than Estonian or English will be accepted as possible.

We recommend that you sign the request

  • digitally. We accept Estonian digital ID or digital signatures of service providers on the European Union’s trusted list. You can submit your request to the Police and Border Guard Board at .... To send files securely, please encrypt them using the “Politsei- ja Piirivalveamet (PPA) 70008747” certificate, if possible.
  • manually. You can submit your request to the Police and Border Guard Board to the postal address Pärnu mnt 139, 15060, Tallinn.

As well, you can submit your request at the nearest police station, service office or when crossing the border at the border crossing point, as then the identification of your person occurs immediately upon delivery of the request (please see the contacts of the police station, service office or border crossing point on our webpage here).

If it is not possible to submit a request in the manner described above, we will assess the possibilities to verify the identity of the person in another manner before issuing the personal data. As a result, in addition to the submitted request, we may need additional information from the applicant in justified cases. For example, we may find that, through a passport copy, we cannot establish with certainty that the applicant is the same person whose personal data the applicant wishes to have access to or whose personal data the applicant wishes to have rectified or erased. Therefore, as far as possible, please include in the request other information that helps to identify the applicant in the information system for which access is requested.

Resolving the request

If you have submitted request to us, but the data has been entered to the system by another member state using the system, we must in any case ask the opinion of the competent authority of that member state before issuing the data.

If you have been in contact with law enforcement authority of another country, we recommend you to request access to data in the Schengen Information System directly from this authority, without going through the Police and Border Guard Board.

If you know, concerning you, there may be a valid entry ban, that prohibits you from entering or staying in Estonian territory for a specified period, you can check the validity of the entry ban on webpage of Ministry of the Interior. If you have doubts about the validity of an entry ban imposed by Estonia, you can contact the Police and Border Guard Board and in this case request for access to the data of the national register of entry bans. To change the period of validity of the refusal of entry of another country, it is necessary to contact the country which issued the refusal of entry.

If you submit request for access to the data of the visa application or its processing, it will be resolved by the Police and Border Guard – long-stay (category D) visa or by the Ministry of Foreign Affairs– Schengen (category C) visa. Where appropriate, the Police and Border Guard shall consult the Internal Security Service or other authority or member state processing the visa when dealing with the request. If your visa application has been resolved by another country, we recommend that you immediately submit your request for access to the Visa Information System to the foreign mission or competent authority of that country.

If you submit a request concerning the Entry/Exit System to us, we will check the accuracy of the data and the lawfulness of their processing, if this can be done without consulting the responsible member state. If you would like information about your border crossing, but you have not crossed the external border through Estonia, please submit a request for access to the border crossing data immediately to the respective country through which you entered or left the Schengen area.

Reply to applicant

We will provide a response

  • in 30 days related to request on SIS, Visa Register and VIS, and
  • in 45 days related to request on EES.

If we are unable to respond within this period, we will inform you and extend the deadline for replying to 90 days

We will reply to you in Estonian or English electronically, if you have submitted request electronically, and have not requested otherwise. When providing personal data, we encrypt the response to the personal identification code, if possible, or in any other way, unless you request otherwise.

We refuse to comply with the request or restrict issuing of personal data in justified cases only on the grounds provided by law, if, for example, examining of the data may:

  • damage the rights and freedoms of other persons
  • endanger the national security
  • endanger protection of public order
  • prevent or impair prevention, detection or proceedings of offences or execution of punishments

Before replying, we will consult the Data Protection Inspectorate, if necessary. For example, if you have applied to both the Police and Border Guard Board and the Data Protection Inspectorate at the same time.

Referral to the data protection supervisory authority or administrative court

You have the right to lodge a complaint to the Data Protection Inspectorate or to the administrative court. This is the case if you are not satisfied with the resolution of the request by the Police and Border Guard Board or if you find that we have infringed your rights in the processing of personal data. You can also claim compensation for damage caused by a breach of personal data processing through an administrative court.

Data protection conditions

The information on the processing of personal data is provided in order to comply with the requirements laid down in Article 12 of the General Data Protection Regulation (Regulation (EU) 2016/679), entitled „Transparent information, communication and modalities for the exercise of the rights of the data subject“ and of the § 22 of the Personal Data Protection Act, entitled „Information to be made available to data subjects“, and to inform about the principles of the processing of personal data and the rights of the data subject. This information has been prepared considering the provisions of the law of the Schengen Information System, the Visa Information System, the Visa Register and the Entry/Exit System.

If you want more information on general data protection conditions in the Police and Border Guard Board, you can see our website.

Contact details

If you have any questions about the processing of personal data by the Police and Border Guard Board, please contact

  • the Police and Border Guard Board at ...,
  • the state helpline by calling 1247 or when calling from abroad dial +372 600 1247
  • the Data Protection Officer of the Police and Border Guard Board at ...