Privacy notice City of Espoo Processing of personal data by the Cultural Unit – event notices and surveys
The purpose of the personal data processing is to process registrations for events and develop services: registration forms, surveys, questionnaires, statistics, analysis.
Date of publication: 7 October 2020
1. Data controller
Espoon kaupunki.
2. Person responsible for the register
Leena Kummu, Marketing and Communications Manager (acting)
3. Contact person of the register
Leena Kummu, Marketing and Communications Manager (acting)
4. Data Protection Officer
The Data Protection Officer of the City of Espoo.
Address: PO BOX 12, 02070 City of Espoo
Tel. +358 9 81621(external link, opens in a new window) (switchboard)
Email: tietosuoja@espoo.fi
5. For what purpose will personal data be processed?
The purpose of the personal data processing is to process registrations for events and develop services: registration forms, surveys, questionnaires, statistics, analysis.
6. On what grounds will personal data be processed?
Article 6(1)(a) of the General Data Protection Regulation of the European Union: the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
7. What data will be processed?
Relevant contact details (name, address or residential area, email address). Necessary background information (title, organisation, age, family status, gender, native language, role in the use of the relevant service).
PUBLICITY AND CONFIDENTIALITY OF DATA:
Some of the data may be confidential.
GROUNDS FOR CONFIDENTIALITY:
Act on the Openness of Government Activities, section 24, subsection 1.
8. What are the sources of data?
The customer provides this information while taking a survey or giving feedback if necessary. Some surveys are conducted anonymously, but if a customer wishes to be contacted, they must provide their email address or phone number.
9. Will data be disclosed or transferred outside the city?
As a rule, the data are not transferred outside the City of Espoo. The data will only be processed by the City of Espoo Cultural Unit. The data may only be disclosed if legislation such as the Act on the Openness of Government Activities so requires.
Webropol Oy and Vitec Roidu Oy process the personal data as the service provider.
10. Will data be transferred outside the EU/EEA?
Personal data will not be transferred outside the EU or the European Economic Area (EEA).
11. How long will data be stored?
Data will be stored only a storage period determined based on the purpose of the data. For example, for event registrations, this is the time required to organise and close out the event, up to six months after the event. When a customer deletes an individual user or survey from the system, the data is stored in a backup for one month.
12. How will data be protected?
Data stored in the registry are protected kept secure in a manner that ensures that they may only be viewed and used by City of Espoo employees who have the right to access the data. The information system can only be accessed with a user account and password granted by the City.
13. Rights of the data subject
Further instructions on submitting information requests referred to in the General Data Protection Regulation: Data protection/Clients’ rights
13.1 How can I access my data?
You have the right to obtain from the controller a copy of the personal data that is subject to processing. The controller shall provide the data without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the opportunity of lodging a complaint with the supervisory authority and seeking a judicial remedy.
Requests from the data subject and any resulting actions are free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request
13.2. When can I request rectification of my data?
You have the right to have inaccurate, incomplete, outdated or unnecessary personal data that we store either rectified or completed by us.
13.3 When can I request erasure of my data?
You have the right to have the controller erase your personal data without undue delay under certain conditions. The data subject does not have the right to erasure if the processing of data is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. In these cases, the data will only be erased after the statutory time limit.
13.4 When can I request restriction of processing of my data?
If the data concerning you is inaccurate, you have the right to request that their processing be restricted until their accuracy has been verified.
13.5 Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority if you feel that the processing of your personal data infringes data protection legislation. You can lodge a complaint with the Office of the Data Protection Ombudsman at www.tietosuoja.fi(external link, opens in a new window).