Enable preference cookies to be able to use automatic translations

Processing personal data in morning and afternoon clubs for schoolchildren

Education and training Residents Pupils

In accordance with the EU General Data Protection Regulation, a person must be informed if their personal data is recorded in a personal data register. Personal data includes things such as the data subject’s name and address. The data subject must also be informed about the purpose of the processing of personal data, where the data is regularly disclosed and the rights of the data subject.

This document describes, on a general level, how the City of Vantaa processes your data in morning and afternoon clubs for schoolchildren.

Updated 9.6.2025.

1. For what purposes are personal data handled?

Personal data is handled for arranging morning and afternoon clubs for schoolchildren. The City of Vantaa arranges morning and afternoon clubs for schoolchildren both by itself and as an assisted service. The City of Vantaa decides on admitting a schoolchild to morning and afternoon club activities. The City of Vantaa will charge a fee for activities it itself arranges, as well as decides on payment relief. 

We will never use the data for other purposes such as direct marketing or commercial purposes. 

2. What is processing of personal data based on?

Handling of personal data is necessary for arranging morning and afternoon clubs for schoolchildren, and it is based on fulfilling a legislative obligation.  

Legal basis of processing:

The EU's General Data Protection Regulation (2016/679), Article 6.1 a and c.

§29 of the Data Protection Act (1050/2018) 

§8 48a - 48f of the Basic Education Act (628/1998) 

3. What personal data is collected in the morning and afternoon club activities and who is the data received from?

The school sees from the Primus student-management system whether a student of its school participates in afternoon activities, the service provider, and the operating period. Employees use the data in the register for performing their work tasks. When making an application, guardians can, if they so wish, tick the box that indicates that they allow electronic notification as regards getting a place in a morning and afternoon club. If the guardian does not tick the box in question, the information will be sent by mail.

Processed personal data consists of:

  • child’s name, identity number, address, post code and post office, name of school and grade, information on a special diet and allergies, potential illnesses, permanent medication, and, when required, information on a decision on special support.
  • Guardians’ names, identity numbers, address, post code and post office, cellphone number, and email address. 

The identity numbers are handled for the purpose of billing.

The information is primarily gained from the guardians. The guardians notify the information on the Wilma service, on the CaseM service or on a paper form. The guardians inform of potential changes in writing either on the Wilma service or by email.

The basic information of the student and guardians, as well as, when required, information on a decision on special support, are gained from the Primus student-management system’s student register. 

4. Is it necessary to provide personal data?

It is necessary to provide personal data. Morning and afternoon club activities cannot be arranged without personal data. 

5. Will your personal data be disclosed to other parties?

We will only disclose your personal data to another party if the data transfer is based on law or if you have given your consent to disclosing of your data. You can cancel your consent to disclosing your data to outside parties at any time. The data will not be disclosed to outside parties for other purposes such as direct marketing or commercial purposes.

The guardians make a service agreement with the service provider. In the service agreement, the guardians can allow information required for arranging after-school activities to their children to be disclosed between the school principal / class teacher / special education teacher or member of the student welfare team and service organizer and counselor of after-school activities. You can cancel your consent to disclosing your data to outside parties at any time. The data will not be disclosed to outside parties for other purposes such as direct marketing or commercial purposes.

6. How are personal data protected?

Data security and data protection have been secured by various technical and organisational measures to ensure your privacy. For example, personal data may be processed only by persons who need it to perform their work or official duties and only to the extent required by an individual task. This is monitored, among other things, by using log information. Paper documents are kept in city archives in a safe place that no outsider can access.

Staff are bound by the obligation of professional confidentiality and will continue to be bound by it after the end of their employment.

7. Is personal data transferred outside the EU or EEA?

In cases where the processor of personal data handles personal data on behalf of the City of Vantaa, the appropriate level of data security and data protection has been agreed in an agreement with the processor. “Processor of personal data” means a party that processes personal data for the city, such as a service provider.

As a rule, data is only processed in the EU or EEA territory, but the processor can also transfer data outside the EU or EEA. However, such a transfer is only permitted if it meets the requirements set out in the data protection legislation and the agreement, which ensure an adequate level of protection for personal data.

As far as Microsoft is concerned, it is possible that personal data will be transferred to the United States. The transfer is based on the European Commission's 10 July 2023 decision on the adequacy of data protection level in the United States. The US companies to which data is transferred are certified companies that are committed to the safeguards agreed between the EU and the US.

8. What does the city do in case of a security breach?

Despite the protection measures, it is possible in exceptional cases that your personal data may be subject to a security breach or end up in the hands of a third party. In these cases, we will take immediate measures to rectify the situation. If the breach causes a risk to you, we will notify the Data Protection Ombudsman. The notification shall be made no later than 72 hours after discovering the breach. If the security breach poses a high risk, we will also notify you of the security breach.

9. How long is the data kept?

The data is kept and destroyed in accordance with the City of Vantaa’s information management plan. The storing times of documents defined in the data management plan are based on legislation, the National Archives of Finland’s provisions concerning permanently stored documents and the Association of Finnish Municipalities’ recommendations concerning documents stored for a definite period of time. 

The applications, decisions, attendance lists, applications for customer-payment relief and decisions will be kept for ten years. The service agreement will be kept for ten years. Units—where the city itself arranges activities—keep the Tietoja lapsesta (“Information on the child”) form for two(2) years after the termination of the operating period.  

10. Will the data be used for profiling or automatic decision-making?

Your data will not be used for profiling or automatic decision-making.

11. What rights does a data subject have, and how can these rights be exercised? How long does processing a case take?

Data subject means the person whose personal data are being processed. If we process your personal data, you have the right to:

  • check what data of yours are being processed
  • demand the correction of incorrect or inaccurate data
  • demand the restriction of the processing of your data

You can make a personal data review request via the e-service, in person at Vantaa Info or by posting the review request form to the City of Vantaa Registry Office. More detailed instructions can be found on the City’s Data Protection page.

If you wish to enforce other rights to which you are entitled as a data subject or request additional information on the processing of personal data, please contact the person specified under section 14 below. The legal basis for the enforcement of your rights is verified on a case-by-case basis. In order to enforce your rights, you may have to prove your identity.

We will fulfil the requests without undue delay, but no later than within one month of receiving each request. If necessary, the deadline may be postponed by a maximum of two months based on the complexity of the request and the quantity of the data. If the deadline is postponed, you will be notified.

12. Is there a fee for the exercise of one’s rights?

As a general rule, exercising one’s rights is free of charge. However, we may collect a reasonable fee corresponding to the administrative costs or refuse a request if the request in question is clearly unfounded, unreasonable or recurrent. We will contact you if we intend to collect a fee for completing your request. If we refuse to complete your requested measure, you will be informed in writing of the grounds for the refusal and your right to refer the matter to the Data Protection Ombudsman or resort to other legal remedies.

13. How can I submit an appeal to a supervisory authority?

If you suspect that your personal data are being processed unlawfully, you can submit an appeal to the Data Protection Ombudsman. More information and instructions on submitting an appeal are available from the contact person specified in section 14, the city’s data protection officer and on the website of the Office of the Data Protection Ombudsman and the office’s telephone guidance service:

Office of the Data Protection Ombudsman/www.tietosuoja.fi
Street address: Lintulahdenkuja 4, FI-00530 Helsinki Postal address: PO Box 800, FI-00531 Helsinki
Email: tietosuoja(at)om.fi
Telephone (exchange): +358 29 566 6700
Telephone (helpline for private individuals): +358 29 566 6777

14. Where can I request more information, and who is the controller?

More information on the processing of personal data is available from the contact person specified below. Please note that email is not a safe medium for processing personal data. As such, please do not send sensitive information, such as your personal identity code, via email.

Contact person

The controller is the City of Vantaa’s Education and Learning Committee. Contact details of the controller and the City of Vantaa data protection officer can be found below:

Virva Kela-Piironen

firstname.lastname(at)vantaa.fi

tel. puh. 040 724 5399

Controller                                                                                                       
City of Vantaa                                                                                                                           
Business ID 0124610-9A
Asematie 7, FI-01300 Vantaa                                            

Data Protection Officer
tietosuojavastaava@vantaa.fi

Registry office  

 Education and Learning Committee    
Postal address: PO Box 1100, FI-01030 City of Vantaa
Street address: Vantaa Info Centre Tikkurila, Dixi, Ratatie 11, 2nd floor, FI-01300 Vantaa.
Tel. (exchange): +358 9 839 11
Fax +358 9 8392 4163, email: kirjaamo(at)vantaa.fi

We also recommend you

Descriptions, rights and data protection

Data protection and processing personal data