Updated on 9 October 2025

The Entry/Exit System (1) contains personal data records on third-country nationals coming to the territory of the Member States (2) for a short stay (maximum of 90 days in any 180-day period). The system became operational in October 2025. Information about your entries into and exits out of the territory of the Member States, and, if applicable, information on whether you have been refused entry, is registered in the Entry/Exit System.

To this end, your data is collected and processed on behalf of the Finnish Border Guard (controller). Please see below the contact details. Your personal data is processed for the purposes of border management, preventing irregular immigration and facilitating the management of migration flows. This is required in accordance with Regulation (EU) 2017/2226 (3), specifically Articles 14, 16 to 19 and 23 of Chapter II and Chapter III of the Regulation.

What data is collected, recorded and processed?

During checks at the external borders of the Member States, the collection of your personal data is mandatory for the examination of entry conditions. The following personal data is collected and recorded:

1. data listed in your travel document; and
2. biometric data: from your facial image and fingerprints (4)

Data about you is also collected from other sources, depending on your situation:

3. the Visa Information System: data contained in your personal file; and
4. the European Travel Information and Authorisation System, in particular the status of your travel authorisation and your family member status, if applicable.

What happens if you do not provide the requested biometric data?

If you do not provide the requested biometric data for registration, verification or identification in the Entry/Exit System, you will be refused entry at the external borders.

Who can access your data?

Member States can access your data for the purposes of border management, facilitation of border crossings, immigration, and law enforcement. Europol may also access your data for law enforcement purposes. Under strict conditions, your data may also be transferred to a Member State, a third country or an international organisation listed in Annex I of Regulation (EU) 2017/2226 (5) for the purposes of return (6) or law enforcement (7).

Your data will be stored in the Entry/Exit System for the following duration, after which it will be automatically erased: (8)

  1. records of each entry, exit or refusal of entry record are stored for 3 years starting on the date of the entry, exit, refusal of entry record; (9)
  2. the individual file containing your personal data is stored for 3 years and one day starting from the date of the last exit record or of the refusal of entry record where is no entry recorded during that period;
  3. where there is no exit record, your data are stored for 5 years starting on the date of the expiration of your authorised stay.

Remaining authorised stay and overstay

You have the right to receive from the border guard information on the maximum remaining duration of your authorised stay on the territory of the Member States. You can also consult the following website (travel-europe.europa.eu/ees) or, where available, the equipment installed at borders to self verify your remaining authorised stay.

If you overstay the period of your authorised stay, your data will be automatically added to a list of identified persons (a list of overstayers). The list can be accessed by competent national authorities. The penalties applicable to persons on the list of overstayers are determined in accordance with national law (10). However, if you can provide credible evidence to the competent authorities that you exceeded the authorised duration of your stay due to unforeseeable and serious events, your personal data can be rectified or completed in the Entry/Exit System and you can be removed from the list of overstayers.

Your rights with regard to the processing of personal data

You have the following rights:

  1. to request from the controller access to data relating to you;
  2. to request that inaccurate or incomplete data relating to you is rectified or completed; and
  3. to request that unlawfully processed personal data that concerns you is erased or that the processing thereof is restricted.

If you want to exercise any of these rights listed in points 1 to 3, you must contact the data controller or data protection officer indicated below.

Contact details

Data controller

Headquarters of the Finnish Border Guard
Postal address: P.O. Box 3, 00131 Helsinki, Finland
Street address: Vilhonvuorenkatu 4- 6, 00500 Helsinki, Finland
Switchboard: +358 295 42 0000
E-mail: rajavartiolaitos(at)raja.fi

Data protection officer

Headquarters of the Finnish Border Guard
Postal address: P.O. Box 3, 00131 Helsinki, Finland
Street address: Vilhonvuorenkatu 4- 6, 00500 Helsinki, Finland
Switchboard: +358 295 42 0000
E-mail: tietosuojavastaava(at)raja.fi

In line with the division of tasks between Member States’ authorities and the European agencies involved, you can lodge a complaint with:

Supervisory authority of Finland which is in charge of processing your data (e.g. if you allege that they have recorded your data incorrectly):

Office of the Data Protection Ombudsman
Street address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: P.O. Box 800, 00531 Helsinki, Finland
Switchboard: +358 29 566 6700
Registry: +358 29 566 6768
E-mail: (registry): tietosuoja(at)om.fi

European Data Protection Supervisor for matters of data processing by European Agencies:

European Data Protection Supervisor
Postal address: Rue Wiertz/Wiertzstraat 60, B-1047 Brussels
Telephone: +32 2 283 19 00
E-mail: [email protected]

For additional information please consult website Travel to Europe – the Entry/Exit System (EES) (europa.eu).

Further reference information

  1. Regulation (EU) 2017/2226 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011
  2. Austria, Belgium, Bulgaria, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and Switzerland.
  3. Regulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 on establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011 (OJ L 327 9.12.2017, p. 20).
  4. Please note that the fingerprints data of third-country nationals who do not need a visa to enter the Schengen area and holders of Facilitated Transit Documents will also be stored in the Entry/Exit System. If you need a visa to enter the Schengen area, your fingerprints will already be stored in the Visa Information System as part of your file there and will not be stored again in the Entry/Exit System.
  5. UN organisation, the International Organization for Migration (IOM) or the International Committee of the Red Cross.
  6. Article 41(1) and (2) and Article 42.
  7. Article 41(6).
  8. If you are subject to visa requirement, your fingerprint will not be stored in the Entry/Exit system as they are already stored in the Visa Information System.
  9. In the case of third-country nationals who are family members of mobile EU, EEA or Swiss citizens (i.e. of EU EEA or Swiss citizens who travel to a State other than the State of their nationality or already reside there),and are accompanying or joining the EU, EEA or Swiss citizen, each entry, exit or refusal of entry record will be stored for one year following the date of the exit record or of the refusal of entry record.
  10. The calculation of the duration of the authorised stay and the generation of alerts to Member States when the authorised stay has expired do not apply to third-country nationals who are family members of mobile EU, EEA or Swiss citizens (i.e. of EU EEA or Swiss citizens who travel to a State other than the State of their nationality or already reside there) and are accompanying or joining the EU, EEA or Swiss citizen.