Privacy notice: Espoo.fi

Espoo.fi is the City of Espoo’s official website. On the website, the City of Espoo processes personal data in accordance with the General Data Protection Regulation of the European Union (GDPR).

Individuals must be informed if their personal data is entered into a personal data register. This includes their name and address.

In addition, they must be informed of the purpose of the processing of personal data, the disclosure of register data and the rights of a data subject.

The Espoo.fi website has been created using the Drupal content management system.

Date of publication of the privacy notice: 18 September 2023.

City of Espoo.

Johanna Pajakoski, Director of Communications, City of Espoo.

Johanna Pajakoski, Director of Communications, City of Espoo.

Address: P.O. Box 12, 02070 City of Espoo

Tel. 09 816 21 (switchboard)

Email address: firstname.lastname@espoo.fi

Data Protection Officer of the City of Espoo

Address: P.O. Box 12, 02070 City of Espoo

Tel. +358 9 81621 (switchboard)

Email address: tietosuoja@espoo.fi

The City of Espoo collects personal data needed for Drupal user IDs for the purposes of content production, system maintenance and administration. In addition, personal data of employees and other individuals, such as council members, is available on the Espoo.fi website.

The City of Espoo does not use the above-mentioned data for other purposes.

The processing of personal data is based on the municipality’s obligation to provide information and to publish a register of interests.

According to the Local Government Act, the municipality must provide sufficient information on the services it arranges, the municipality’s finances, matters under preparation in the municipality, plans concerning these, the processing of these matters, the decisions taken and their effects.

The municipality must provide information on how people can participate in and influence the preparation of decisions.

Article 6(1)(c) of the General Data Protection Regulation of the European Union: processing is necessary for compliance with a legal obligation to which the controller is subject.

The Drupal content management system processes both identifiable and non-identifiable personal data.

Drupal user IDs contain the following personal data: first name, last name and email address.

The Espoo.fi website contains the following personal data of elected officials: name, email address, party and roles in official bodies. Additional information on elected officials may be published if they so wish.

The Espoo.fi website contains employees’ personal data, such as names, telephone numbers, photographs and email addresses.

The Espoo.fi analytics tool does not collect data on what users, for example, enter into the forms available on the website. Data collection is based on cookies, and users can check their cookie settings in the Espoo.fi footer.

Personal data available on the Espoo.fi website is obtained from the users who need a Drupal user ID for their work. In addition, the personal data on the public website is obtained from the elected officials themselves or from the City of Espoo employees within their work roles.

Public personal data is available on the Espoo.fi website.

Personal data required for user IDs (name and email address) is not disclosed or transferred outside the city. This personal data is, however, available in the Drupal content management system and stored on the technical service provider’s servers, so they also have limited access to the personal data in question.

Data is mainly processed within the EU or the EEA.

Public personal data is available on the Espoo.fi website until it is separately deleted from the website.

Personal data required for user IDs is reviewed annually, and the register is kept up to date.

Personal data is protected on the Espoo.fi website through various technical measures. In addition, personal data is only processed by people who need it to carry out their work or official duties.

Further instructions on submitting information requests referred to in the General Data Protection Regulation. www.espoo.fi/en/city-espoo/data-protection#section-7317

You have the right to obtain from the data controller a copy of the personal data that is subject to processing. The data controller must provide the data without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

If the data controller does not take action on the request of the data subject, the data controller must inform the data subject without delay, and at the latest within one month of receipt of the request, of the reasons for not taking action and of the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Requests from the data subject and any resulting actions are free of charge. However, where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the data controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.

You have the right to have inaccurate, incomplete, outdated or unnecessary personal data that we store either rectified or completed by us.

You have the right to have the data controller erase your personal data without undue delay under certain conditions. The data subject does not have the right to erasure if the processing of data is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In these cases, the data will only be erased after the statutory time limit.

If the data concerning you is inaccurate, you have the right to request that its processing be restricted until its accuracy has been verified.

You have the right to lodge a complaint with a supervisory authority if you feel that the processing of your personal data is in infringement of data protection legislation. You can lodge a complaint with the Office of the Data Protection Ombudsman: www.tietosuoja.fi.