Principles of processing personal data

When processing personal data, we collect data, which is necessary for the organization of port activity and the execution of contracts. We process personal data without the consent of the person only in order to fulfill the obligations arising from laws and contracts.

Port of Tallinn keeps personal information confidential. We apply security measures in order to protect personal information against unintentional and unauthorized processing, disclosure or destruction.

Personal data is only available to those employees of Port of Tallinn, whose duties include processing of personal data. As authorized processor, our IT services and security services providers have access to personal data. Personal data is only issued in cases provided by law or in agreement with us.

Port of Tallinn does not process personal data automatically, make automated decisions or profile analysis. Port of Tallinn does not use personal data to perform statistical analyses.

What data do we collect?

Responding to individuals’ requests and case management

When a person turns to Port of Tallinn with a query or Port of Tallinn solves a case, which occurred in the port facilities, we collect and process the following information:

  • person’s name, personal identification code or date of birth;
  • vehicle registration plate number, if the case is related to the vehicle;
  • person’s phone, email or residence address;
  • personal health information if it was an accident, in which the person was injured;
  • insurance information in case of insured event.


Solving the risk of emergencies and epidemics

In order to solve emergencies, Port of Tallinn has the right, based on the Maritime Safety Act, to process passenger data via the National Maritime Single Window (NMSW), if necessary:

  • name, date of birth, nationality, and gender;
  • place of departure and arrival, time of the trip;
  • personal identity documents data.


Safety and security

When processing the application for port access permits and granting access rights to the port area, we collect and process personal data, which we need for granting and verifying access rights:

  • person’s name, personal code or date of birth and vehicle registration plate number.

In port area, we use a tracking device to check the right of access to the port area in order to identify a person who is threatening or attacking an individual, or property, to solve incidents, and to ensure security. When using tracking equipment, we collect and process the following data:

  • video recording of a person, their location at a particular time, vehicle registration plates;
  • passageway logs: name, location of a person at a specific time (identification point, date and time).


The issue of port licenses and the use of tracking equipment are governed by the provisions of the Port Act, Security Act, Customs Act, Muuga free zone work arrangement, ISPS Code, and other legislation.


The conclusion and performance of contracts and providing grants under contract

When concluding contracts and providing grants, we process the following personal data:

  • person’s name, personal identification code or date of birth;
  • address of residence, telephone, e-mail, and account number;
  • vessel registration number in case of berth rental contract;
  • CV-s in case of job applicants.


Organizing events and sending newsletters

We often take photos and film during public events and different occasions. Public events and occasions are publicly broadcasted via social media (website, Facebook, Instagram, etc.). When broadcasting smaller events (excursions, etc.), we ask participants to provide consent for publishing the recordings and photos.

We will only send newsletters to those who have shared their contact details with us and agreed to it. Any recipient of the newsletter may unsubscribe from newsletter list at any time.

Personal information, which is collected for marketing and communication purposes:

  • person’s name and e-mail address;
  • social media posts may reflect person’s photo, location and time of stay.



Personal data will only be stored for as long as necessary or within the time limits laid down in the legislation.

  • Correspondence, port permits and incident data are kept for 7 years.
  • We process passenger data only in case of emergency and store it for 5 days.
  • Logs for entering the port area are kept for 1 year and surveillance camera recordings for 30 days, but no more than 1 year according to Security Act.
  • Contracts and related data are retained for 10 years after the expiration of the contract.

After the retention period, the data will be deleted and the documents will be destroyed.


Rights of individuals

Persons are entitled to:

  • get information from the Port of Tallinn about how and why their personal information is processed;
  • get acquainted with personal data about him / her;
  • request to rectify their personal data if it is incomplete or inaccurate;
  • withdraw his / her consent for processing personal data in case of newsletters and social media posts;
  • request the deletion of personal data if personal data is processed with his / her consent and if he / she has withdrawn his / her consent. We will remove the photos and names published in social media and website if the person submits a corresponding request;
  • contact Estonian Data Protection Inspectorate if a person has complaints about processing of his / her personal data.