Enable preference cookies to be able to use automatic translations

Processing of personal data for information requests of the Education and Learning Department

Education and training Day care Residents Families with children Young people Students Pupils

In accordance with the EU General Data Protection Regulation, a person must be informed if their personal data is recorded in a personal data register. Personal data includes things such as the data subject’s name and address. The data subject must also be informed about the purpose of the processing of personal data, where the data is regularly disclosed and the rights of the data subject.
This document outlines how the City of Vantaa processes your personal data when processing information request forms.

Updated 11.8.2025.

1. For what purpose is personal data processed?

Personal data is processed for the purpose of processing information requests. 

The data provided on an information request form will only be used for the purpose of processing the information request. The City of Vantaa will never use this data for any other purposes, such as direct marketing or commercial aims. 

2. What is the basis for the processing of personal data?

The processing of personal data necessary for the processing of information requests is based on statutory obligation. 

Legal basis for the processing:
Article 6(1)(c) of the EU General Data Protection Regulation (2016/679)
Section 26 of the Act on Information Management in Public Administration (906/2019)

Act on the Openness of Government Activities (621/1999)

3. What personal data is collected on the information request form, and where is it obtained from?

Name, address, telephone number, email address and personal identification code are required for processing information requests regarding documents other than public documents. In the case of a dependent person or a person under guardianship, their name and personal identification code are required, as well as the personal data contained in a power of attorney, if any.

If the user wishes to create a user profile in the system, the data used to create the profile include: name, address, email, telephone number, account number. None of the fields are mandatory. 

The data is obtained from the information request form where the data has been filled in by the requester. 

4. Is the provision of personal data necessary?

In order to process information requests for documents other than public documents, it is necessary to collect and process personal data in order to ensure the right of the requester to the requested documents. 

5. Are personal data disclosed to third parties?

The data is not disclosed to third parties.

6. How are personal data protected?

Data security and data protection have been secured by various technical and organisational measures to ensure your privacy. For example, personal data may be processed only by persons who need it to perform their work or official duties and only to the extent required by an individual task. This is monitored, among other things, by using log information. Paper documents are kept in city archives in a safe place that no outsider can access.

Staff are bound by the obligation of professional confidentiality and will continue to be bound by it after the end of their employment.

7. Is personal data transferred outside the EU or EEA?

In cases where the processor of personal data handles personal data on behalf of the City of Vantaa, the appropriate level of data security and data protection has been agreed in an agreement with the processor. “Processor of personal data” means a party that processes personal data for the city, such as a service provider.

As a rule, data is only processed in the EU or EEA territory, but the processor can also transfer data outside the EU or EEA. However, such a transfer is only permitted if it meets the requirements set out in the data protection legislation and the agreement, which ensure an adequate level of protection for personal data.

The data on the information request forms are not transferred outside of the EU or EEA. 

8. What does the city do in case of a security breach?

Despite the protection measures, it is possible in exceptional cases that your personal data may be subject to a security breach or end up in the hands of a third party. In these cases, we will take immediate measures to rectify the situation. If the breach causes a risk to you, we will notify the Data Protection Ombudsman. The notification shall be made no later than 72 hours after discovering the breach. If the security breach poses a high risk, we will also notify you of the security breach.

9. How long is the data kept?

The data is kept and destroyed in accordance with the City of Vantaa’s information management plan. The storing times of documents defined in the data management plan are based on legislation, the National Archives of Finland’s provisions concerning permanently stored documents and the Association of Finnish Municipalities’ recommendations concerning documents stored for a definite period of time. At the end of the period, the data will be destroyed. Information request forms are kept for 10 years. 

10. Will the data be used for profiling or automatic decision-making?

Your data will not be used for profiling or automatic decision-making.

11. What rights does a data subject have, and how can these rights be exercised? How long does processing a case take?

Data subject means the person whose personal data are being processed. If we process your personal data, you have the right to: 

  • check what data of yours are being processed
  • demand the correction of incorrect or inaccurate data
  • demand the restriction of the processing of your data

You can make a personal data review request via the e-service, in person at Vantaa Info or by posting the review request form to the City of Vantaa Registry Office. More detailed instructions can be found on the City’s Data Protection page.

If you wish to enforce other rights to which you are entitled as a data subject or request additional information on the processing of personal data, please contact the person specified under section 14 below. The legal basis for the enforcement of your rights is verified on a case-by-case basis. In order to enforce your rights, you may have to prove your identity.

We will fulfil the requests without undue delay, but no later than within one month of receiving each request. If necessary, the deadline may be postponed by a maximum of two months based on the complexity of the request and the quantity of the data. If the deadline is postponed, you will be notified.

12. Is there a fee for the exercise of one’s rights?

As a general rule, exercising one’s rights is free of charge. However, we may collect a reasonable fee corresponding to the administrative costs or refuse a request if the request in question is clearly unfounded, unreasonable or recurrent. We will contact you if we intend to collect a fee for completing your request. If we refuse to complete your requested measure, you will be informed in writing of the grounds for the refusal and your right to refer the matter to the Data Protection Ombudsman or resort to other legal remedies.

13. How can I submit an appeal to a supervisory authority?

If you suspect that your personal data are being processed unlawfully, you can submit an appeal to the Data Protection Ombudsman. More information and instructions on submitting an appeal are available from the contact person specified in section 14, the city’s data protection officer and on the website of the Office of the Data Protection Ombudsman and the office’s telephone guidance service:

Office of the Data Protection Ombudsman/www.tietosuoja.fi
Street address: Lintulahdenkuja 4, FI-00530 Helsinki Postal address: PO Box 800, FI-00531 Helsinki
Email: tietosuoja(at)om.fi
Telephone (exchange): +358 29 566 6700
Telephone (helpline for private individuals): +358 29 566 6777

14. Where can I request more information, and who is the controller?

More information on the processing of personal data is available from the contact person specified below. Please note that email is not a safe medium for processing personal data. As such, please do not send sensitive information, such as your personal identity code, via email.

Contact person

The controller is the City of Vantaa’s Education and Learning Committee. Contact details of the controller and the City of Vantaa data protection officer can be found below:

Akseli Holm, legal counsel

firstname.lastname(at)vantaa.fi

tel. 050 3146 295

Controller                                                                                                       
City of Vantaa                                                                                                                           
Business ID 0124610-9A
Asematie 7, FI-01300 Vantaa                                             

Data Protection Officer
tietosuojavastaava@vantaa.fi

Registry office   

 Education and Learning Committee    
Postal address: PO Box 1100, FI-01030 City of Vantaa
Street address: Vantaa Info Centre Tikkurila, Dixi, Ratatie 11, 2nd floor, FI-01300 Vantaa.
Tel. (exchange): +358 9 839 11
Fax +358 9 8392 4163, email: kirjaamo(at)vantaa.fi

You can find the information documents of the City of Vantaa compiled on the page Processing personal data at the City of Vantaa.

Data protection and processing personal data Information request