Processing of Personal Data

Personal data

Personal data are any data that allow a person to be identified. Processing of personal data denotes any action pertaining to the personal data. Below you will find information about the principles of personal data processing at the Integration Foundation as well as information about the rights of a person to access their data.

Please note! The information below does not cover the processing of data of legal entities and agencies and the processing of data of a natural person if the data are processed in relation to their official duties.

Basis for processing of personal data

Pursuant to the General Data Protection Regulation, personal data must be processed on a legal basis, which means either based on law or with the consent of the person. The consent of a person must meet the following requirements:

  • the consent is related to a specific purpose
  • data collected for one purpose may not be used for another purpose without new consent
  • the existence of consent must be proved by the person who processes personal data
  • consent may be withdrawn


Protection of personal data is important to us and we process personal data in accordance with the General Data Protection Regulation and the Public Information Act. Information about the personal data collected by the Foundation, the purpose of use thereof and the rights of a person in connection with the processing of their data can be found below.

Processing of personal data at Integration Foundation

1. Visits to website of Integration Foundation

The data collected and stored about a visitor to the website are limited to the following:

  • the IP address of the computer or computer network used
  • the name and address of the Internet service provider of the computer or computer network used
  • the time (time, date, year) of the visit


IP addresses are not linked to information that may help identify the person. Data are collected on which part of the website is visited and for how long. Data about visits are stored for 26 months. The data collected are used to compile visiting statistics for the purpose of developing the website and making it more convenient for visitors.

2. Correspondence

The Foundation is a legal entity in private law and the requests for clarification, memos, requests for information and other correspondence arriving at the Foundation are not public. All the queries and letters that arrive at the Foundation are registered in the document register.

2.1 General correspondence

The Foundation also receives personal data, including sensitive and private information, in the course of its work. Such data may reach the Foundation through correspondence. This is also possible if the person is a party to any proceedings.

Correspondence with private persons is generally subject to access restriction. If someone wants to examine correspondence with a person and submits a request for information, the content of the letter will be reviewed and it will be decided whether the document can be issued in part or in full. Personal contact details, such as the e-mail or postal address or telephone number, are erased from the document issued. In other cases, access to a document is restricted based on its content. The possible grounds for access restrictions are set out in the Public Information Act. Documents to which access is restricted are only issued to the authorities and persons who have a direct statutory right to receive them (e.g. the body conducting pre-trial proceedings or a court).

The queries and letters addressed to the Foundation are stored in accordance with that which is set out in the document list. Documents whose storage period has been exceeded are destroyed. Statistics and summaries of correspondence are published impersonally, without personal data.

2.2. Request for clarification, memo and request for information

All submitted requests for clarification, memos and requests for information (queries) contain personal data (name, contact details, description of problems related to the person, etc.). A letter from another authority (e.g. a copy of a reply to a query sent by a person or a letter forwarded to the Foundation by another authority for providing a reply) may also contain personal data.

Personal data are used for replying to queries. If a query must be made to a third party for this purpose, the personal data are disclosed in the minimum volume required for making the query. If replying to a letter is within the capacity of another authority, it will be forwarded for reply to such an authority. The sender is notified of the forwarding of the letter.

2.3 Complaint and challenge

A complaint or challenge must also be filed taking into consideration the fact that on some occasions the personal data of the complainant or the person who filed the challenge – above all the name and the fact of filing the complaint or challenge and, in certain cases, its content – may become known to third parties.

Correspondence is subject to general restriction on access: if a third party wants to view your correspondence and files a request for information to this end, the Foundation will assess whether the partial or full issue of the complaint or challenge (and the reply thereto) would significantly damage the inviolability of private life of the person related to the correspondence or whether the complaint or challenge and the reply thereto contains other information subject to access restriction. The grounds for access restriction are provided for in § 35 of the Public Information Act.

The personal data included in a complaint are used for resolving the complaint. If enquiries must be sent to other persons or authorities in relation to this, no more personal data are disclosed to them than is necessary for preparing the reply.

The Foundation also uses the correspondence with a person to assess the quality of its work and prepare statistics of the Foundation and (this may also be done by the data processor). Such statistics and summaries are published without personal data.

If a person sends a complaint or challenge to the Foundation or data processors, the provision of a reply to which is within the capacity of another authority, the complaint or challenge will be forwarded to that authority, notifying the person thereof immediately but no later than within five working days.

3. Applying for a job or an internship with the Foundation

All application documents (e.g. application with accompanying documents, correspondence with an applicant, information collected on the applicant from public sources) contain personal data. Applicants are assessed based on the information disclosed by the person in their curriculum vitae and, if necessary, additional information may be collected on the applicant from public sources. An applicant has the right to examine the information collected on them and submit their clarifications and objections.

Application documents are examined in the Foundation only by the employees involved in the recruitment process. Documents and data are not disclosed to third parties other than persons who have a statutory right thereto. The Foundation presumes that they may communicate with the persons listed by the applicant as references without asking for the applicant’s additional permission.

Applications of the applicants for positions in the Foundation together with accompanying documents are stored for one year and, thereafter, only with the applicant’s written consent.

Minutes of the competition committee of employees of the Foundation containing decisions such as those permitting an applicant to enter the next round, appointing an applicant to office, etc. are stored in accordance with the list of documents of the Integration Foundation (which is approved by a directive on principle activity) for three years.

4. Processing of personal data in counselling and training activities

The Foundation collects personal data in connection with carrying out counselling and training activities, organising studies and communicating information related to studies as well as issuing documents on completing and participating in training. Data are collected and processed based on the consent of the person, the Adult Education Act, the Citizenship Act and other relevant legislation (e.g. the Structural Assistance Act).

The Foundation administers the information system (database) of those interested in Estonian language learning, in connection with which personal data are processed for the purposes of organising and managing Estonian language learning and counselling activities and for enhancing and planning participation in the services and activities.

The database consists of data of the residents who contact the Estonian Language Centres of the Foundation for counselling or participating in language learning services and activities. The personal data collected include the general data of persons (personal identification code, first name and surname, sex), contact details, data about education, language skills, employment, previous language learning activities, opportunities to participate and objectives of participating in language learning activities.

The database enables the Foundation to:

  • plan counselling as well as language learning services and activities;
  • form language learning and counselling groups;
  • gain an overview of the language learning services and activities of a person and provide the person with targeted services and activities in order to ensure more efficient language learning activities; and
  • organise information exchange on referral to, notification of and documentation of language learning services and activities.


The data controller of the database is the Foundation and the data processors are contractual users of the information system.

Personal data are stored in accordance with law and the procedure established in the Foundation. Personal data, including documents containing personal data, are stored according to the principle that the data are stored only as long as is necessary for achieving the objective for which the data were collected or as long as the storage of the data is mandatory pursuant to law.

5. Processing of personal data upon involving volunteers

The Foundation collects personal data in connection with mapping the volunteers who participate in language learning activities. Data are collected and processed based on the consent of the person. The data collected include the general data of persons (first name and surname, sex, age group), contact details, data about interests, skills and hobbies, language skills and participation of volunteers in language learning activities. The data in the database of volunteers are used to find volunteers for supporting language learning services and activities and for compiling statistics on the activities of volunteers.

The data controller of the database is the Foundation and the data processors are contractual users of the information system.

Personal data are stored in accordance with law and the procedure established in the Foundation. Personal data, including documents containing personal data, are stored according to the principle that the data are stored only as long as is necessary for achieving the objective for which the data were collected or as long as the storage of the data is mandatory pursuant to law.

6. Processing of personal data upon organising the Citizen’s Day quiz

The personal data of those taking the Citizen’s Day quiz held each year in November are used for determining winners (those who achieved the highest score). The personal data of those taking the quiz are stored for two weeks after the quiz. The names of the winners of the quiz are published on the website of the Foundation based on their consent.

All previously held quizzes are also open for putting knowledge to the test. Participants receive an e-mail containing the score achieved upon taking the quiz. We do not store the personal data of those who have taken the previously held quizzes.

7. The Foundation organises allocation of State budget grants

The Foundation grants access to the applicant’s documents to the employees and persons involved in the decision-making process of the competition. For example, project applications containing the data of the persons involved in the project are sent to members of the committees for assessment. Personal data are processed only in connection with specific applications based on the rules of procedure of the Foundation and they are not subject to disclosure. The Foundation discloses only the name of the person who received a positive financing decision, the name of the project and the amount of the grant.

If a challenge is filed with the Foundation for contesting the allocation of a grant, the personal data included in the challenge will only be used to resolve the specific dispute. If enquiries must be sent to other persons or authorities in relation to this, no more personal data are disclosed to them than is necessary for preparing the reply.

In the case of another competition (e.g. a scholarship competition), information about the participation of a person in the competition is not subject to disclosure, except in the case of a positive decision.

8. Right to access data. Right to request rectification and erasure of inaccurate data.

Every person has the right to access the personal data collected on them, request the rectification or completion of their personal data or erasure of their data or withdraw their consent to the processing of their personal data. To this end, an application must be submitted, which is digitally signed by the person, i.e. the person must be identifiable. If possible, the data are issued in the manner requested by the applicant within five working days after registration of the application. If the personal data are subject to access restriction, the Foundation must establish the identity of the applicant. The application is denied if granting the same may:

  • damage the rights and freedoms of another person;
  • obstruct the prevention of a crime or apprehension of a criminal offender;
  • make it difficult to determine the truth in criminal proceedings; or
  • threaten the protection of the confidentiality of a child’s filiation.


A person has the right to file a challenge or complaint against the activities of the Foundation in the processing of personal data with the Data Protection Inspectorate or file an action with an administrative court.

9. Data protection specialist

In all matters related to the processing of personal data in the Foundation, a person may receive a reply from the data protection specialist of the Foundation via e-mail andmekaitsespetsialist@integratsioon.ee.