You can opt out of these cookies at any time by changing the settings of the browser on the device you are using and deleting the cookies stored.
Cookies used on the website
|Description of purpose
|Used to decide whether the website is displayed to the used in full or condensed mode (activates only if Focus on Content is clicked)
|Expires upon finishing the session
|Used to retain information on the usage of the webpage of registered users (activates only when the registered user has logged in)
|Expires upon finishing the session
|_ga, _gid and _gat *
|Used to retain unique information on the user for the purpose of site analytics*
|Expires in up to 2 years
|Used to retain information as to whether the user agreed to the terms and conditions of cookie file usage or the corresponding warning should be shown again.
|Expires in 100 years
* The website of EUROSAI ITWG uses analytical cookies that collect information about how the website pages are used , for instance, which pages are visited most frequently and whether the users get any error messages on the website pages. These cookies do not collect information that enables direct identification of the website user. But analytical monitoring of computer usage can result in indirect identification of the user.
The General Data Protection Regulation and Personal Data Protection Act serve as the basis for the records management, administration of staff, etc. of the National Audit Office while National Audit Office Act and the National Audit Office personal data processing guidelines are applied in the course of audit work. The following provides a description of what kind of personal data the National Audit Office processes and how.
1. Processing of personal data in the course of audits
The National Audit Office carries out audits on the basis of the law and in accordance with its work plan, in the course of which it needs and processes personal data (including special types of personal data).
The National Audit Office uses personal data for performing the functions arising from the National Audit Office Act. The data is generally communicated to the National Audit Office by the auditee in an electronic encrypted format or on paper in a sealed envelope. The National Audit Office also has access to a number of national registers for making inquiries, if required. A procedure for regular inspection of log files has been established in the National Audit Office with regard to inquiries to national registers. The data is only processed by the official or employee carrying out the audit. Other persons who are not involve in the audit do not have access to the data.
The National Audit Office processes personal data, including special types of personal data, if it is necessary for audit purposes. For this, wherever possible, the National Audit Office uses pseudonymised data or data in a format which provides equivalent level of data protection.
The National Audit Office does not disclose personal data in its reports or communicate it when carrying out audits (except if the data is related to a representative of the auditee, audit observations, assessments or recommendations) or store personal data for a longer period than required for the audit. After the necessity has expired, personal data is deleted in a secure manner.
2. Processing of personal data when responding to requests for explanation, memoranda or information
The National Audit Office uses the personal data of the person submitting the inquiry when responding to an inquiry. If the National Audit Office needs to make inquiries to another institution or database in order to respond to inquiries, the received personal data will only be disclosed in minimal and strictly necessary volume. Generally, in the case of an electronic inquiry, the name and e-mail address of the person submitting the inquiry will be communicated. If the response is requested on paper, the postal address is also communicated. In the case of responses to requests for explanation, memoranda and requests for information whose respective competition lies with another institution, the National Audit Office will forward it to the correct addressee and notify the sender thereof.
Pursuant to legislation, data concerning correspondence can be viewed in the web-based document register of the National Audit Office where the title of the letter, date and registration number are displayed as the result of a search. The content or any other data are not displayed. It is not possible to search for the name of a natural person, even via the search field “From”. To protect private life, the title is generalised rather than detailed (e.g. request for information, response to inquiry, application). Those who wish to receive detailed information concerning their inquiry are able to do so by expressing their wish by an e-mail to
Access to the correspondence with natural persons is subject to restriction. Upon the wish to examine the correspondence (e.g. on the basis of a request for information), the National Audit Office will first determine the right of the person submitting the respective wish to examine the data as well as whether the requested document can be partially or fully disclosed. Personal data (e.g. contact details such as [e-mail] address or telephone number) is left blank and restricting access in terms of the rest of the document depends on the content of the document. The possible grounds for restriction on access are provided in § 35 of the Public Information Act.
Regardless of the restriction on access, the National Audit Office will issue a document to an institution or person who has the direct right arising from legislation to request the document (e.g. a body conducting extrajudicial proceedings or a court).
If the inquiry is made on behalf of a legal person, state authority or a local government, only professional contact details may be used. These contact details are available in the document register of the National Audit Office that can be accessed via the website.
Inquiries, memoranda, applications, requests for information and requests for explanation received by the National Audit Office are stored permanently depending on the assessment decisions of the National Archives of Estonia.
3. Processing of personal data of the officials and employees of the National Audit Office or persons on a traineeship in the National Audit Office
Hiring and traineeships in the National Audit Office are organised by the HR Manager. The documents related to applying for a traineeship or work in the National Audit Office and formalisation of a traineeship or employment (e.g. application, CV, correspondence with the candidate, information on the candidate gathered from public sources and other documents) contain personal data (e.g. name, personal identification code, contact details). When hiring, the National Audit Office only collects data whose obligation or right of collection arises from legislation. Application documents can be accessed only by human resources staff and persons participating in the hiring process.
Officials, employees and trainees have the right to know what data is gathered about them, to examine such data, and to provide explanations regarding them or submit objections. The documents and data submitted in the hiring process or during the service or employment relationship constitute information with a restriction on access that is not disclosed to third parties except in the instances provided in legislation
The National Audit Office processes the personal data of officials, employees and trainees as little as possible and does not store them for any longer than required for processing. The National Audit Office stores the collected documents for the following purposes and terms:
- resolving any legal disputes that may arise during the hiring process until the end of the limitation period of the claim (1 year);
- making a proposal to the next candidate in the ranked list for commencing work in the position (150 days as of making a proposal to the person who won the contest for commencing work in the position);
- making proposals for participating in future hiring contests upon the consent of the applicant;
- personal data of the official, employee or trainee for entering into and performing the contract (up to 10 years).
4. Visiting the website of the National Audit Office, and responding to questionnaires and inquiries via the website
Generally, the National Audit Office processes the data of the visitors of the website in a non-personal manner, unless the visitor of the website has provided their data by themselves.
The National Audit Office automatically collects certain information in its public web environments, which is stored in log files. Such information may contain the IP address, general location where the computer or device of the visitor is connected to the internet, date and time, type of browser used, operation system and other information related to use, such as history of visited pages. The National Audit Office uses this information in order to better administer its website. It may also be necessary to use the IP address of the visitor to clarify any issues in the server of the National Audit Office, administer the website, analyse various trends and gain an overview of the activities of the website visitors.
The National Audit Office uses the search engine of Google, an external service provider, on its website. The search word entered by the user is directed to the Google search engine, but no data concerning the user is communicated in relation to the search.
The National Audit Office uses the web analysis service Google Analytics provided by the company Google Inc., which helps collect information as to how the visitors use the website of the National Audit Office. The National Audit Office only uses this information for the purpose of making the structure of the website as user friendly as possible and to offer better information that can be found more easily.
If a visitor of the website of the National Audit Office does not wish for the aforesaid data concerning them to be communicated to Google Analytics, it is possible to prohibit it. For this purpose, the respective browser add-on must be downloaded and installed. The add-on is available at the address https://tools.google.com/dlpage/gaoptout?hl=en
5. Facebook and Twitter social media channels and links on the website of the National Audit Office
The National Audit Office also uses social media channels for communicating information (Facebook and Twitter ) in accordance with the privacy settings of the respective service providers. These service providers collect, use and store the personal data of users and computer configurations proceeding from their privacy settings.
The National Audit Office uses links to the Facebook and Twitter social media networks on its website. A connection to Facebook or Twitter is established when you click the respective link when visiting the website of the National Audit Office. If you are logged into Facebook or Twitter at the time of clicking the link, the respective service provider will be able to connect the visit to the account of the person clicking the link. Likewise, in this instance, you are granting consent to Facebook or Twitter, respectively, to communicate your data, which will be stored. In order to avoid such collection of data, you should log out of the respective social media channel before clicking the Facebook or Twitter link on the website of the National Audit Office or avoid clicking the link.
6. The right to access data
The data subject has the right to examine the data collected about them in the National Audit Office by submitting an inquiry that will receive a response at the earliest opportunity. The data will be submitted either on paper or electronically depending on the request of the addressee.
In the course of records management, administration of staff and other administrative activities, the person inter alia has:
- the right to receive information concerning the processing of personal data in the instances and volume provided in relevant legislation as well as access to the respective data (including the possibility to examine it);
- the right to request in the instances and volume provided in relevant legislation that any incorrect personal data be corrected if the data is insufficient, incomplete or inaccurate;
- the right to receive the personal data that the person has submitted themselves and that is being processed on the basis of a consent or for performing a contract in writing or in a commonly used electronic format;
- the right to submit objections concerning the processing of their personal data, as well as the right to apply for the deletion of personal data in the instances provided in relevant legislation. The person does not have this right if the personal data they are requesting to be deleted is also processed on the basis of other legal grounds;
- the right to restrict the processing of their personal data under applicable law;
- the right to address the Estonian Data Protection Inspectorate (www.aki.ee) or have recourse to the courts if, in the opinion of the person, the processing of their personal data violates their rights and interests and is not in compliance with relevant legislation
The National Audit Office may refuse to comply with the request to examine data in the instances provided in relevant legislation, and also if:
- it hinders or may hinder the prevention of a criminal offence or apprehension of a criminal offender;
- it damages or may damage the rights and freedoms of other persons;
- it impairs or may impair ascertaining the truth in criminal proceedings;
- the data has been deleted.
7. Communication and protection of personal data
The National Audit Office communicates personal data to:
- its cooperation partners and/or subcontractors (e.g. experts or IT service providers) who have been involved on the basis of a civil law contract to carry out audits or develop IT solutions;
- persons to whom the communication of data is required on the basis of legislation (e.g. supervisory authorities).
The National Audit Office implements relevant organisational, technical and physical measures for protecting personal data. When communicating data to experts or service providers, the confidentiality requirements are thoroughly set out in the contracts entered into with them, and it is also verified that applicable technical security measures are sufficient.
In case of any questions related to personal data you can contact the National Audit Office via