Enable preference cookies to be able to use automatic translations

Processing personal data in the City of Vantaa Public relations’ customer information register

Information & administrative services Safety and security Residents Co-workers

Pursuant to the EU's General Data Protection Regulation, a person must be informed if some of their personal data is entered into a person register. Personal data consists of, for instance, name and address information. The registered person must also be told the purpose of processing personal data, the parties the data is disclosed to, and the registered person’s rights.

Updated 30.1.2024.

This page describes, on a general level, how the City of Vantaa will process your data in the City of Vantaa’s public relations.

1. For what purposes are personal data handled?

An interest group register is used for managing the City of Vantaa public relations. The data in the register is used to target the invitations to the city’s events as regards interest-group events arranged by the city by itself or in cooperation with its partners, various events, and receptions. 

The data will never be used for other purposes such as direct marketing or commercial purposes.  

2. What is processing of personal data based on?

The consent is asked in writing. Giving your consent is voluntary and can be canceled at any time.   

Legal basis of processing: 

The EU's General Data Protection Regulation (2016/679), Article 6.1 a and c  

§6 of the Data Protection Act (2018/1050) 

3. What personal data is collected in public relations operations and who are the data received from?

Data on the client will only be collected to the extent required for providing the service. As a general rule, the data source consists of public data sources, such as organizations’ own websites. Data is also acquired from the city's own operations, such as meetings.  

The register entries consist of the name of organization, job title, person’s name, person’s email address, and, in restricted cases, also telephone number and mailing address. 

Information on allergies will be collected for events with catering, but the allergy information will be removed after the event. 

4. Is it necessary to provide personal data?

Providing your personal data is necessary for arranging public relations operations. The customer also has the right to have their data removed from the register. 

5. Will personal data be disclosed to other parties?

Personal data may be disclosed to such outside actors from whom the City of Vantaa purchases services. In these cases, the same data protection principles that the city has will be applied. Data will not be further disclosed without consent from the outside service provider to parties other than the City of Vantaa.  

You can cancel your consent to disclosing your data to outside parties at any time. The data will not be disclosed to outside parties for other purposes such as direct marketing or commercial purposes. 

6. How is personal data protected?

To ensure your privacy, we have protected your personal data with the help of various technological and organizational measures. Only the employees that need the data to perform their work are allowed to handle the data and only to the extent required by any individual task. Paper documents are stored in the city’s various archives, on safe premises that are inaccessible to  outside parties. 

The employees are bound by confidentiality and professional secrecy, which continues also after termination of employment.  

7. Will the data be transferred outside the European Union (EU) area or the European Economic Area (EEA)?

n cases where a party processes personal data on behalf of the City of Vantaa, the level of appropriate information security and data protection has been agreed on in the agreement made with the processor. The processor of personal data refers to a party that processes personal data on behalf of the City of Vantaa, for example, a service provider. 

As a general rule, the data is processed only within the EU or EEA, but the processor may also transfer data outside the EU or EEA countries. Nevertheless, the transfer is only allowed when it meets the contractual demands that ensure a sufficient level of protection of personal data. 

Personal data is transfered to the United States. The transfer is based on the EU Commission's decision, ratified on July 10, 2023, on the sufficient level of the U.S. data protection. The U.S. Companies to which data is transferred are committed to the data protection measures agreed between the EU and the U.S. 

8. How will the city act in case of breach of data security?

It is possible that regardless of protection, your personal data may exceptionally end up as a target of a breach of data as well as in the possession of an outside party. In these cases, we will take immediate measures to mend the situation and we will inform the data protection ombudsman if the breach of data security causes any risk to you. The notification will be made, at the latest, within 72 hours of noticing the breach of data security. If the breach of data security presents a high risk, we will also inform you about it. 

9. How long will the data be stored?

The data will be stored and deleted in accordance with the City of Vantaa’s information management plan. The duration of storing documents specified in the information management plan is based on legislation, the National Archives of Finland's regulations for permanently stored documents, as well as the Association of Finnish Local and Regional  Authorities’ recommendations for temporarily stored documents. After termination of the data storage period, the data will be deleted. 

Personal data will be stored for only as long as required for providing the service. Personal data will be deleted, at the latest, after five years from the last contact or request. 

10. Will the data be used for profiling or automatic decision-making?

Your data will not be used for profiling or automatic decision-making. 

11. What are the rights of the registered person and how can the rights be exercised? How long will processing the matter take?

The registered person refers to the person whose personal data is being processed. If we process your personal data, you have the right to  

  • check how your data is processed 
  • demand that inaccurate or faulty data be corrected 
  • demand that your data be removed 
  • request that handling of your data be restricted 
  • object to handling of your data 
  • get your data and transfer it to another controller as well as cancel your consent at any time, if processing is based on your consent.  

 

You can submit an inspection request by personally visiting Vantaa-info. Inspection request forms are available at Vantaa-info and online at: vantaa.fi. Bring your passport, driver’s license or photo-ID to verify your identity. You can also mail the form to: Kirjaamo, PL 1100, 01030 Vantaan kaupunki. In this case, we will verify your identity by another reliable means. 

If you wish to exercise the registered person's other rights or ask for additional information on handling personal data, please contact the person mentioned below in paragraph 14. We will case-specifically verify the preconditions for exercising your rights as soon as your identity has been verified.  

We will execute information requests without undue delay, but, at the latest, within a month from receiving the request. The deadline can be extended by at least two months, when required, by accounting for the complexity and amount of data of the request. If the deadline is extended, we will inform you about it. 

12. Is exercising my rights subject to a charge?

As a general rule, exercising your rights is free of charge. We may, however, charge a reasonable fee, corresponding with the administrative costs, for implementing the request, or decline to perform the measure, if the request is obviously ungrounded, unreasonable, or recurrent. If there is a charge for executing your request, we will contact you. If we decline to perform the measure, we will inform you in writing about the grounds for the refusal as well as about your option to submit the matter to be handled by the data protection ombudsman or to exercise other legal remedies. 

13. How can I submit an appeal to the supervisory authorities?

f you suspect that your personal data is being illegally processed, you can submit an appeal to the data protection ombudsman. Further information on and instructions for submitting an appeal is provided by the contact person mentioned in paragraph 14, the city's data protection officer, the data protection officer's office website, and phone consultation: 

 

Data protection officer's office / www.tietosuoja.fi 

Street address: Lintulahdenkuja 4, 00530 Helsinki 

Mailing address: PL 800, 00531 Helsinki 

Email: tietosuoja(at)om.fi  

Phone (switchboard): 029 566 6700 

Phone (consultation for private persons): 029 566 6777 

14. Who can I ask for additional information and who is the data controller?

Additional information on processing personal data is provided by the contact person below. Please note that email is not a safe medium for processing personal data. Be sure not to send, for example, your identity number or any delicate information by email. 

 

Contact person 

Jarna Hyvärinen, PR coordinator, City Strategy and Management Department,                                 Local Democracy Service Area 

E-mail: jarna.hyvarinen@vantaa.fi 

 

The data controller is the City of Vantaa. You will find the contact information of the data controller and the  data protection officer below: 

Controller  

City of Vantaa  

Business ID: 0124610-9  

Asematie 7, 01300 Vantaa  

 

Data protection officer 

tietosuojavastaava@vantaa.fi 

 

Registry  

Mailing address: PL 1100, 01030 Vantaan kaupunki 

Street address: Tikkurilan Vantaa-info, Dixi, Ratatie 11, 2nd floor, 01300 Vantaa. 

Phone (switchboard): 09 839 11 

Fax: 09 8392 4163, email: kirjaamo(at)vantaa.fi 

Data protection and processing personal data Networks