Name: State Treasury Address: Sörnäisten rantatie 13, P.O. Box 14, FI-00054 State Treasury Other contact details: tel. +358 (0)295 50 2000, kirjaamo(at)valtiokonttori.fi
2. Contact person for filing system-related matters
Name: Anna Sirenius, Government Finance Administration, Information and Working Life Management division, Information and Working Life Management Services Address: Sörnäisten rantatie 13, P.O. Box 14, FI-00054 State Treasury Other contact details: +358 (0)295 50 3206, anna.sirenius(at)valtiokonttori.fi
3. Data protection officer
Heikki Kangas, tel. +358 (0)295 50 2156, heikki.kangas(at)valtiokonttori.fi
4. Legal basis and purpose for processing of personal data
- Responding to customer feedback (feedback form): The contact details provided by the customer are used only for responding to feedback. The giving of contact details is voluntary. The customer gives their consent by writing their contact details on the feedback form.
- Delivering subscriptions for published materials (the State Treasury’s different publications, press releases and newsletters, and order forms): The contact details provided by the customer are used only for delivering the subscription. The State Treasury maintains a separate customer register in eMailer for the purpose of distributing publications (not linked to the website). The customer gives their consent by writing their contact details on the subscription form.
5. Information content of the register
- Feedback: data provided by feedback giver (not compulsory), generally email address and name, possibly telephone number. The State Treasury responds to the feedback using the data.
- Subscriptions / subscription cancellations for published materials (* = required information): Newsletters and other online publications: first name*, last name*, email address*, organisation, the publications subscribed*.
- Visitor monitoring (Google Analytics): The user’s IP address without individualised data (= anonymised IP), in which case Google Analytics only uses part of the IP address collected instead of the entire address. The user is able to select the ‘do not track’ setting on their browser, in which case Google Analytics does not even collect the above data. Using the IP address, data is collected for the purpose of visitor monitoring on the actions carried out by the user on the website. This data includes e.g. navigation within the site, clicking on links, length of visit and information about where the visitor connected to the service from and where they transferred to afterwards. Further information about the anonymisation of an IP address is available at https://support.google.com/analytics/answer/2905384/
6. Normal data sources
Cases 1 and 2: The data is collected from the customer themselves. Case 3: The data is collected using cookies.
7. Regular disclosures of data
Cases 1, 2: The data is not disclosed to others. Case 3: The data is not regularly disclosed to others.
8. Regular disclosures of personal data or transfer of data outside the EU/EEA
The data is not disclosed to others.
9. Principles for filing system protection
The register does not contain confidential material. Only individuals authorised by the controller have access to the data processed within the information system. Access rights are kept up-to-date by regular inspection, and unnecessary access rights are removed. The information network and terminals containing the register are protected using technical measures.
10. Data storage period/criteria for determining storage period
Case 1 (feedback): The data is stored only for the period required for processing the customer’s affairs. It is not saved into the register. Case 2 (subscriptions): The data is saved into the State Treasury’s customer register for publication subscriptions in eMailer, and it is stored there for the duration of the service’s life cycle or until the customer cancels their subscription. A link for unsubscribing is provided in each e-mail message. Case 3 (visitor monitoring): The data is saved into the Google Analytics visitor monitoring service, in which the data is stored for 26 months. At the end of the data storage period, expired data is automatically removed monthly.
11. Information about automatic decision-making (e.g. profiling) and information about the logic of data processing and its impacts on the data subject
No automatic decisions or profiling are carried out using the data.
12. Right of access
Steps 1–3: The data subject has the right to access their data in the register. Requests should be sent to the registry office.
13. Rectification of data
The data subject has the right to access their data in the register. Requests should be sent to the registry office.
14. The right to object to processing of personal data
The data subject has the right to object, on grounds relating to their particular situation, at any time to processing of their personal data, such as profiling.
15. Right to restriction of processing
The data subject has the right to restrict the processing of their personal data as specified in Article 18 of the GDPR.
16. Right to erasure
The data subject has the right to request that the controller erase their personal data from the person register. Requests should be sent to the registry office.
17. Right to lodge a complaint
The data subject has the right to lodge a complaint with a supervisory authority if the data subject believes that their rights have been infringed by the actions of the controller.
18. Other rights
Personal data is neither used nor disclosed for the purposes of direct advertising, distance marketing or other direct marketing, market and opinion research, registers of individuals, or genealogy. Customers may report any data security risks or problems to the State Treasury by emailing the State Treasury (viestinta(at)valtiokonttori.fi) or through the feedback form on the website.