Processing of Personal Data in the Webropol Survey Service

The City of Vantaa may collect information from you, for example, for the development of municipal services, registration for various events, or for providing feedback.

We never use this data for any other purpose, such as direct marketing or commercial purposes. 

The processing of personal data that is necessary for the organisation of Webropol survey services is often based on compliance with the municipality’s statutory obligations. In connection with the use of Webropol, the City of Vantaa also collects personal data that are not related to the municipality’s statutory duties. Such personal data are stored in a form that allows the data subject to be identified only for as long as is necessary for the purposes of processing the data.

Your consent to the processing of personal data is requested on the front page of the survey form. Giving consent is voluntary, and you may withdraw your consent at any time.

Legal basis for processing:

• Article 6(1)(a) and (c) of Regulation (EU) 2016/679 (General Data Protection Regulation)
• Data Protection Act (1050/2018), Section 6
• Act on the Openness of Government Activities (621/1999), Sections 9–12, 16 and 26 

Through the application, the City of Vantaa may collect a wide range of information from you, for example from registrations for training courses to the implementation of extensive surveys. The type of information collected through the application is always the responsibility of the person conducting the survey and is determined according to the specific information needs in each case.

In some Webropol surveys, you may have the option to respond to questions using voice input. The purpose of voice responses is to improve the accessibility of surveys, for example for persons for whom writing is difficult. 

As far as the processing of personal data is based on consent, the data subject has the right to withdraw the consent given for the processing at any time, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal. Webropol surveys include the contact details of the person responsible for the survey, whom the data subject may contact to withdraw their consent.

In the provision of statutory services, the provision of personal data is mandatory. 

We disclose your personal data only if the disclosure is based on law or if you have given your consent to the disclosure of your data. Consent to the disclosure of data may be withdrawn at any time. Personal data are never disclosed to external parties for marketing or other commercial purposes. 

To safeguard your privacy, the information security and data protection of personal data are ensured through various technical and organisational measures. For example, personal data may be processed only by persons who need the data for the performance of their work or official duties, and only to the extent required by the specific task. The data controller exercises due care at all stages of processing so that no one’s privacy is endangered or violated.

The technical conversion of voice responses into text is carried out via an encrypted connection. Raw audio data are neither stored nor disclosed to the service provider. The system ensures that audio data are not used for identification or biometric purposes. The converted text response is stored in Webropol and is subject to the same protection and processing principles as other response data.

Whenever a Webropol survey and its results are viewed or edited, a record of each access is logged in the Webropol system. Data collected through Webropol are stored on Webropol’s servers and/or on the servers of the City of Vantaa and are appropriately protected. The data processor and the service provider (Webropol Oy) are required, in their operations, to comply with the provisions on confidentiality laid down in the Act on the Openness of Government Activities.

Personnel are subject to a duty of confidentiality and secrecy, which continues after the termination of the employment or official service relationship. 

In cases where a processor processes personal data on behalf of the City of Vantaa, an appropriate level of information security and data protection has been agreed with the processor in a contract. A processor refers to an entity that processes personal data on behalf of the City, such as a service provider.

As a rule, data are processed only within the EU or the EEA; however, the processor may also transfer data outside the EU or the EEA. Such transfers are permitted only where they comply with the requirements laid down in data protection legislation and in the relevant contract, ensuring an adequate level of protection for personal data.

No data are transferred outside the EU or the EEA from the Webropol survey service. 

Despite protective measures, it is possible that, in exceptional cases, your personal data may be subject to a personal data breach and may come into the possession of unauthorised parties. In such situations, we will immediately take measures to remedy the situation and will notify the Data Protection Ombudsman if the personal data breach poses a risk to you. The notification will be made no later than 72 hours after the breach has become known.

If the personal data breach poses a high risk, we will also inform you of the breach. 

The data are retained and disposed of in accordance with the City of Vantaa’s information management plan. The retention periods for documents defined in the information management plan are based on legislation, regulations issued by the National Archives concerning documents to be permanently preserved, and recommendations issued by the Association of Finnish Local and Regional Authorities concerning documents to be retained for a fixed period. Once the retention period has expired, the data are destroyed.

The City of Vantaa retains data collected through Webropol only for as long as they are needed for each justified purpose of use. The maximum retention period for Webropol surveys and datasets is ten (10) years. 

Tietojasi ei käytetä profilointiin tai automaattiseen päätöksentekoon.

Webropolissa käytettävä äänen automaattinen muuntaminen tekstiksi ei ole profilointia eikä automaattista päätöksentekoa, eikä järjestelmä tee äänestä tulkintoja tai analysoi vastauksen antajaa.

A data subject refers to the individual whose personal data are being processed. If we process your personal data, you have the right to:

• access the personal data concerning you that are being processed
• request the rectification of inaccurate or incorrect personal data
• request the erasure of your personal data
• request the restriction of the processing of your personal data
• object to the processing of your personal data
• receive your personal data and transmit them to another controller, and to withdraw your consent at any time where the processing is based on consent.

You may submit a request for access to personal data via the electronic service portal, in person at Vantaa Info, or by sending the access request form by post to the City of Vantaa’s Registry Office. More detailed instructions are available on the City’s Data Protection webpage.

An access request may also be submitted in person at Vantaa Info. Access request forms are available at Vantaa Info and on the vantaa.fi website. Please bring a passport, driving licence or a photo ID card to verify your identity. The form may also be sent by post to the following address: Registry Office, P.O. Box 1100, FI‑01030 City of Vantaa. In this case, your identity will be verified by other reliable means.

If you wish to exercise other rights of the data subject or request further information on the processing of personal data, please contact the contact person referred to in section 14 below. The statutory conditions for exercising the rights are assessed on a case‑by‑case basis. Exercising the rights may require proof of identity.

We will respond to data requests without undue delay and in any event within one month of receipt of the request. Where necessary, the time limit may be extended by up to two additional months, taking into account the complexity of the request and the number of requests. If the time limit is extended, you will be informed accordingly. 

The exercise of rights is, as a rule, free of charge. However, we may charge a reasonable fee corresponding to the administrative costs of complying with the request, or refuse to comply with the request, if the request is manifestly unfounded, excessive or repetitive. If a fee is to be charged for complying with your request, we will contact you in advance.

If we refuse to carry out the action you have requested, you will be informed in writing of the reasons for the refusal, as well as of your right to lodge a complaint with the Data Protection Ombudsman or to seek other legal remedies. 

If you suspect that your personal data are being processed unlawfully, you may lodge a complaint with the Data Protection Ombudsman. Further information and instructions on how to lodge a complaint can be obtained from the contact person referred to in section 14 below, from the City’s Data Protection Officer, and from the website and telephone advisory services of the Office of the Data Protection Ombudsman:

Office of the Data Protection Ombudsman / www.tietosuoja.fi 

Visiting address: Lintulahdenkuja 4, FI‑00530 Helsinki

Postal address: P.O. Box 800, FI‑00531 Helsinki

Email: tietosuoja(at)om.fi

Telephone (switchboard): +358 29 566 6700

Telephone (guidance service for private individuals): +358 29 566 6777 

Further information on the processing of personal data can be obtained from the contact person listed below. Please note that email is not a secure means for processing personal data; therefore, please do not send, for example, your personal identity code or other sensitive information by email. 

Contact person

Further information on the processing of your data by the City of Vantaa is provided by the Head of Knowledge Management or a Planner from the Research and Information Services team of the Finance and Strategy service area.

Email: tilasto(at)vantaa.fi

Telephone (switchboard): +358 9 839 11

The controller is the City Board of the City of Vantaa. The contact details of the controller and the City of Vantaa’s Data Protection Officer are provided below:

Controller

City of Vantaa 

City Board

Business ID: 0124610-9

Telephone (switchboard): +358 9 839 11

Address: Asematie 7, FI‑01300 Vantaa

Data Protection Officer

Email: tietosuojavastaava(at)vantaa.fi

Registry Office

Postal address: P.O. Box 1100, FI‑01030 City of Vantaa

Visiting address: Tikkurila Vantaa Info, Dixi, Ratatie 11, 2nd floor, FI‑01300 Vantaa

Telephone (switchboard): +358 9 839 11

Fax: +358 9 8392 4163, Email: kirjaamo(at)vantaa.fi