Personal Data Processing

The Defence Resources Agency generally delivers decisions and other documents concerning the conscript electronically via the Estonian Information Portal service and sends them to the email address in the format [email protected]. Documents sent this way are considered delivered 30 days after they have been made available, unless prior receipt of the document has been proven.

Additionally, the agency uses other electronic channels and, if necessary, sends documents by regular mail, registered mail with a return receipt, or by other methods prescribed in the Administrative Procedure Act.

To ensure that necessary information and all important documents reach the individual on time, it is important that correct and up-to-date data is maintained in the Defence Service web portal.

The purpose of the register is:

The purpose of the register is to keep records of conscripts, individuals wishing to undertake conscription, the fulfillment of conscription obligations, and to manage the actions and decisions prescribed by law.

The data collection includes:

• personal data
• education data
• data about skills and religious beliefs
• data about health condition assessments
• data about call suitability
• data about fulfillment of military service obligation
• data about military service
• data about the course of military service
• data about applicable restrictions
• data about correspondence and administrative decisions

Access to your data is allowed only for official use. Logs of queries made by persons with access rights are retained for three years from the date of the query.

Retention period:

Data is processed in the database as long as you are subject to military service obligation. After the end of the military service obligation, the data is retained for 50 years from the date of transfer to the digital archive.

Your personal data is used to respond to you or to resolve the matter of your inquiry.

If inquiries about you need to be made to third parties, your personal data will be disclosed to them only to the necessary extent.

If you have sent an inquiry, complaint, appeal, etc., which is under the jurisdiction of another authority, the inquiry will be forwarded and you will be notified of the transfer.

Correspondence with you, complaints, appeals, and their review materials may be used internally for assessing work quality and organization. Statistics and summaries are published anonymously, without names.

Correspondence, complaints, appeals, and similar data are legally visible in the agency’s online document register, with document titles such as “Complaint” or “Appeal.” This principle protects personal privacy, as sensitive topics are often addressed to KRA.

Your correspondence is access-restricted.

If an information request is submitted to review correspondence or other documents, it will be assessed whether the requested document can be partially or fully disclosed. Personal contact details such as (e-)mail address or phone number will always be redacted unless the correspondence is with a legal entity or official representative. Other access restrictions depend on the document content, based on Public Information Act §35.

Documents are released to authorities or individuals with a direct legal right and justified need, e.g., pre-trial investigators or courts.

Complaints or appeals and related correspondence are retained for 10 years. Documents older than this are subject to destruction.

The procedure for administrative offence proceedings is regulated by the Administrative Offences Act together with the Code of Criminal Procedure.

The details of the person reporting the offence are disclosed to other parties involved in the procedure to the extent provided by procedural laws and necessary for resolving the case. Witness anonymity is not guaranteed in administrative offence proceedings.

The person subject to the proceedings and their representative have the right to review the materials in the manner prescribed by procedural laws.

The agency is connected to the e-case management information system, which is used to conduct administrative offence proceedings, including data exchange with other authorities (e.g., transmitting punishment data to the punishment register and bailiff).

The law allows disclosure of facts related to administrative offence proceedings only in exceptional cases (§ 62 of the Administrative Offences Act). This right is exercised only in urgent cases and while avoiding excessive interference with the privacy of the persons involved.

If a person publicly discloses information related to the proceedings themselves, the agency has the right to provide explanations about its activities to the public if necessary.

Finalized administrative offence rulings are recorded in the punishment register. Access to the punishment register is restricted, and data can be requested according to the procedure set out in Chapter 3 of the Punishment Register Act.

Administrative offence case files are retained for 5 years. Files exceeding this retention period are subject to destruction.

• The application process is conducted through the recruitment platform Recrur, managed by Recrur Services OÜ.
• We rely on the information you provide and publicly available sources.
• We assume we may contact the referees you have indicated.
• We will obtain your written consent if we wish to request information about you from your previous workplaces, service places, or educational institutions.
• You have the right to know what data we have collected about you.
• You have the right to review the data we have collected and provide explanations or objections.
• Data of other candidates is not disclosed by the agency.
• Summaries of competitions for civil servants and active military personnel are retained according to the Government of the Republic’s regulation.
• Data of unsuccessful candidates is retained until the deadline for contesting ends. If we wish to retain candidate data longer, we will ask for the candidate’s permission.
• Candidate data is confidential information with restricted access; third parties (including competent authorities) may access it only as prescribed by law.

You have the right to access the data collected about you.

KRA may refuse to provide access to data only if this could:

• harm the rights and freedoms of another person,
• hinder the prevention of a crime or the apprehension of a criminal,
• complicate the establishment of the truth in criminal proceedings,
• threaten the protection of a child’s lineage secrecy.

You have the right to request the correction of incorrect personal data.

If KRA no longer has a legal basis to use your personal data, you may request the cessation of its use or its deletion.

You have the right to appeal the agency’s decisions or to take the matter to administrative court.

In the event of a personal data processing violation at KRA, we record the incident and prepare a breach notification. If the incident threatens your rights, we notify the Data Protection Inspectorate. If the violation poses a significant threat to your rights, we will inform you about the incident.

From the moment the violation occurs or is discovered, we take the necessary measures to stop the breach.