Privacy statement for the Interoperability Platform

1 Name of register

User register of the Interoperability Platform

2 Controller

Name: Digital and Population Data Services Agency

Address Lintulahdenkuja 2, 00530 Helsinki, Finland / Teknologiakatu 7, FI-67100 Kokkola, Finland

Other contact information (phone number during office hours, or email)

Telephone (switchboard) +358 295 535 001, email kirjaamo(a)dvv.fi

3 Contact person in register-related matters

Job title: Chief Specialist Riitta Alkula

Address Lintulahdenkuja 2, 00530 Helsinki, Finland / Teknologiakatu 7, FI-67100 Kokkola, Finland

Other contact information (phone number during office hours, or email)

Telephone (switchboard) +358 295 535 001, email kirjaamo(a)dvv.fi

4 Data Protection Officer

Job title Chief Specialist Noora Kallio

Address Lintulahdenkuja 2, 00530 Helsinki, Finland

Other contact information (phone number during office hours, or email)

Telephone (switchboard) +358 295 535 001, noora.kallio(a) dvv.fi

5 Retention period of the personal data contained in the personal data file

The Digital and Population Data Services Agency has determined the retention period it considers necessary and regularly assesses the need to retain the data and the retention period. The personal data kept in the personal data file is retained for one (1) year and three (3) months after the deletion of the information.

The details of the persons invited to submit comments are retained until the round of comments in question is deleted. If the organisation that opened the round of comments does not delete the round of comments within one (1) year of the end of the submission of the comments, the round of comments and all personal data related to it will be deleted automatically.

6 Purpose and legal basis for processing of personal data

Personal data is processed for the management of the user register.

The processing of personal data is based on Article 6(1)(e) of the General Data Protection Regulation (GDPR), under which the design and development of the Interoperability Platform can be considered a planning task of an authority.

7 Register data content

The interoperability toolbox consists of the following websites:

• koodistot.suomi.fi
• sanastot.suomi.fi
• tietomallit.suomi.fi

The following details of the persons registered as users of these websites are stored:

• First name
• Surname
• Email address
• Details of the organisation

The following details of the persons invited to submit comments are stored: forename, surname, and email address.

8 Standard sources of information

The information provided by the designated users and editors of the User organisations is recorded on the pages mentioned in section 7 above.

9 Standard disclosure of information

No personal data is disclosed.

10 Transferring data outside the EU or the EEA

No personal data is transferred outside the EU or EEA.

11 Principles of register protection

The data is protected by means of access control. The processing of data in the register is only possible for persons whose duties require it. Any manual material created is located in locked facilities protected by access control.

The retention, archiving and destruction of data contained in the register are based on legislation and organisation-specific guidelines derived from the legislation. There are no provisions specifying the personal data retained in the register as confidential.

12 Existence of automated decision-making

No automated decision-making or profiling is performed on the basis of the data from the personal data file.

14 Right of inspection

The data subject has a legal right to inspect their data in the register. When logged in, the data subject can see the data contained in the register.

If the data subject so wishes, they may request an inspection of their data. The request to inspect the data must be addressed to the contact person of the register in writing. The contact details can be found in section 3 of this privacy statement. The data subject must provide the information (Name and contact details) necessary for finding the required data in the request for inspecting the data.

15 Right to request the correction of data

The data subject has the right to request that their personal data should be corrected.

The request to inspect the data must be addressed to the contact person of the register in writing. The contact details can be found in section 3 of this privacy statement. The data subject must provide the information (Name and contact details) necessary for finding the required data in the request for inspecting the data.

16 Cancelling data subject’s consent

Processing of the personal data is not based on consent.

17 Other rights of the data subject related to personal data processing

The data subject does not have the right to request the erasure of their data or to request the transfer of their data to another system, as the processing takes place for the performance of a task carried out in the public interest. If the data subject wishes to object to the processing of their personal data or to restrict the use of the personal data, the data subject may make a request to that effect in the manners specified in section 14.

18 The data subject’s right of appeal to the supervisory authority

The data subject has the right to lodge a complaint to the supervisory authority on the processing of their personal data.

19 Other information

The privacy statement is available at the following addresses:

• koodistot.suomi.fi
• sanastot.suomi.fi
• tietomallit.suomi.fi
• dvv.fi