Processing of personal data in the Hellewi system used in Vantaa Model of leisure activities

Hellewi is an electronic registration system with which guardians can enroll their children in free hobby groups. The system is also used to manage participant information, for the instructors’ use and for reporting on the activities. The data shall not be used for other purposes, such as direct marketing.

The processing of the personal data necessary for organizing Vantaa Model of leisure activities is based on fulfilling a statutory obligation.

For hobbies that involve food, health information belonging to special categories of personal data may be separately collected with the data subject’s consent – in this case, allergy information. Consent is requested separately in writing. Giving your consent is voluntary and can be canceled at any time.

Legal basis of processing:
The EU's General Data Protection Regulation (2016/679), Article 6(1)(c) (statutory obligation) and (a) for allergy information (consent).

Pursuant to Section 7 of the Local Government Act (410/2015), municipalities shall arrange the functions provided for them separately by law. Pursuant to Section 8 of the Youth Act (1285/2016), youth work is part of the municipality’s functions, and Section 12 of the Youth Act stipulates the organization of leisure activities for young people based on the Finnish model for leisure activities.

The collected information includes the participant’s name, year of birth, contact information, guardian's contact information, chosen hobbies and possible special needs. The information is obtained from the guardian in connection with registration.

Yes. Registration is not possible without providing the required personal data.

The data will only be disclosed to the service providers in accordance with the Vantaa Model of leisure activities service agreement. The data will not be disclosed for marketing purposes.

To ensure your privacy, we have protected your personal data with the help of various technological and organizational measures. For example, only the employees that need the data to perform their work are allowed to handle the data and only to the extent required by any individual task. In the customer-information system, this is monitored with the help of logfiles, among other things. Paper documents are stored in the city’s various archives, on safe premises that are inaccessible to outside parties.

The employees are bound by confidentiality and professional secrecy, which continues also after termination of employment.

In cases where a party processes personal data on behalf of the City of Vantaa, the level of appropriate information security and data protection has been agreed on in the contract made with the processor. The processor of personal data refers to a party that processes personal data on behalf of the City of Vantaa, for example, a service provider.

As a general rule, data is processed only within the EU or EEA, but the processor may also transfer data outside the EU or EEA countries. Nevertheless, the transfer is only allowed when it meets the demands of the data protection legislation and contract that ensure a sufficient level of protection of personal data.

Some personal data is transferred to the United States. The transfer is based on the EU Commission's decision, ratified on July 10, 2023, on the sufficient level of the U.S. data protection. The U.S. companies to which data is transferred are certified and committed to the data protection measures agreed between the EU and the U.S.

It is possible that, regardless of protection, your personal data may exceptionally end up as a target of a breach of data as well as in the possession of an outside party. In these cases, we will take immediate measures to rectify the situation, and we will inform the data protection ombudsman if the breach of data security causes any risk to you. The notification will be made, at the latest, within 72 hours of noticing the breach of data security. If the breach of data security presents a high risk, we will also inform you about it.

Data will be stored and deleted in accordance with the City of Vantaa’s information management plan. The duration of storing documents specified in the information management plan is based on legislation, the National Archives of Finland's regulations for permanently stored documents, as well as the Association of Finnish Local and Regional Authorities’ recommendations for temporarily stored documents. After the end of the data storage period, the data will be deleted.

The data will be deleted manually at the end of the calendar year during which the hobby period in question ends. As such, the data will be stored for no more than 12 months. A designated person shall be responsible for the deletion, and the process will be ensured via calendar reminders or checklists. Anonymous compilations of data may be created for statistical purposes (e.g. numbers of participants and wishes for leisure activities), which will be stored for longer periods of time.

For the system supplier, the user and customer information (end customers) will be stored for 1 year from the moment that the customer information was last processed in the system (in other words, during the organization and reporting of the activities) by default. The backups made each day are stored for 21 days, and, in addition, the backups made once per month are stored for 1 year. For information network traffic, logfiles are stored for 30 days and, for the system’s internal log, for a maximum of 1 year or less in the event that the customer information storage period is reduced from 1 year.

Your data will not be used for profiling or automatic decision-making.

The data subject has the right to check, correct, remove or restrict the processing of their personal data. The inspection request can be made online or at the city’s service point. Exercising your rights may require verification of your identity. As a general rule, a response will be given within 1 month.

You can submit a personal data inspection request through the e-services, in person at Vantaa-Info, or by mailing the inspection request to the City of Vantaa’s Registry. You can find more detailed instructions on the city’s Data Protection webpage.

If you wish to exercise the data subject's other rights or ask for additional information on the processing of personal data, please contact the person mentioned below in section 14. We will case-specifically verify the preconditions for exercising your rights. Exercising your rights may require verification of your identity.

We will execute information requests without undue delay, but, at the latest, within a month of receiving the request. The deadline can be extended by at most two months, when required, by accounting for the complexity and amount of data of the request. If the deadline is extended, we will inform you about it.

As a general rule, exercising your rights is free of charge. We may, however, charge a reasonable fee, corresponding with the administrative costs, for implementing the request, or decline to perform the measure, if the request is obviously ungrounded, unreasonable, or recurrent. If there is a charge for executing your request, we will contact you. If we decline to perform the measure, we will inform you in writing about the grounds for the refusal as well as about the option to submit the matter to be handled by the data protection ombudsman or to exercise other legal remedies.

If you suspect that your personal data is being illegally processed, you can submit an appeal to the data protection ombudsman. Further information on and instructions for submitting an appeal is provided by the contact person mentioned in section 14, the city's data protection officer, the data protection ombudsman's office website, and phone consultation:

Data protection ombudsman's office / www.tietosuoja.fi
Street address: Lintulahdenkuja 4, 00530 Helsinki
Mailing address: P.O. Box 800, 00531 Helsinki
Email: tietosuoja@om.fi 
Phone (switchboard): 029 566 6700
Phone (consultation for private persons): 029 566 6777

Additional information on processing personal data is provided by the contact person below. Please note that email is not a safe medium for processing personal data. Be sure not to send, for example, your identity number or any sensitive information by email.

Contact person
Urban Culture and Wellbeing Department's data protection officer
kaku.tietosuoja@vantaa.fi

The data controller is the City of Vantaa’s Urban Culture and Wellbeing Committee. You will find the contact information of the data controller and the City of Vantaa's data protection officer below:

Controller                    
The City of Vantaa                     
Urban Culture and Wellbeing Committee                
Business ID: 0124610-9
Asematie 7, 01300 Vantaa            

Data protection officer
tietosuojavastaava@vantaa.fi

Registry    
Mailing address: P.O. Box 1100, 01030 Vantaan kaupunki
Street address: Tikkurila Vantaa-info, Dixi, Ratatie 11, 2nd floor, 01300 Vantaa.
Phone (switchboard): 09 839 11
Fax: 09 8392 4163, email: kirjaamo@vantaa.fi