Processing of personal data at the School Action Day 2023 event

Data controllers include the City of Espoo, the City of Vantaa and the City of Helsinki. The City of Espoo acts as the processor of personal data on behalf of the cities of Vantaa and Helsinki.

Kirsti Blomqvist, sports and exercise planner, Sports and Exercise. Email: kirsti.blomqvist(at)espoo.fi

Lotta Salmi, sports and exercise service coordinator, Sports and Exercise. Email: lotta.salmi@espoo.fi

Paula Pernilä, data protection officer

Address: PO Box 12, 02070 City of Espoo

Tel. +358 9 81621 (exchange)

Email: Tietosuoja(at)espoo.fi

The City of Espoo will organise a School Action Day event in cooperation with the cities of Helsinki and Vantaa. Teachers in the Helsinki Metropolitan Area will be sent an email about the registration.

At the event, classes engage in physical activities at activity points implemented by the partners.

Personal data are processed to enable registration for the event and to send a confirmation message and a feedback survey. The purpose of the processing of personal data is to enable the organisation and implementation of physical activity that promotes well-being and health in accordance with the Sports Act.

Teachers are in an employment relationship with the controllers and are subject to a non-disclosure agreement.

·       Article 6(1)(a) of the General Data Protection Regulation of the European Union: the data subject has given consent to the processing of his or her personal data for one or more specific purposes

·       Article 6(1)(e) of the General Data Protection Regulation of the European Union: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

The data controller only processes data provided by the teachers. When registering for the event, the teachers are asked for the following information: the teacher’s name, email address, city and telephone number, the name of the school and class, the number of pupils, and any special needs of the pupils. Special needs may include, for example, information about the language in which the class should be guided or whether there are children with special support needs in the class. The pupils’ personal data is not requested, or special needs specified.

The personal data source is the data subject. Data subjects give their consent to the processing of personal data when completing the Webropol form. The address to the Webropol form is: https://link.webropolsurveys.com/S/6F41A8ACDFAD9235(external link, opens in a new window)

The cities’ information officers will send a message about the registration to the principals’ work emails, who in turn will forward the message to the registered teachers’ work emails.

The technical producer of the registration service is Webropol. The technical provider of the email service is Microsoft.

After the closing of the school registration, the activity point instructors are provided with the name of the school and class by email and information on any special needs required to guide the activities on the site according to the schedule. Special needs are not specified. Other data, such as personal data, will not be disclosed to third parties.

All the data contained in the Webropol service is stored inside the EU and is not transferred or processed outside the EU under any circumstances.

Emails in the email service provided by Microsoft are stored within the EU. Microsoft operates and develops its Office 365 services from outside of Europe, and the data is regarded to transfer outside the EU if, for example, the administrator is given remote access to a European server room, for example, to clear up a fault situation. In this case, EU Standard Contractual Clauses apply.

The data will be deleted after a feedback form has been sent to the teachers, i.e., by 30 November 2023.

IT equipment is located in protected and supervised premises. The registration is implemented using the web-based Webropol survey tool. Responses submitted through the web form can only be viewed through the Webropol form maintenance view by those whose tasks include managing event registrations. The data is processed only through a secure connection using two ways to identify the data recipient, i.e., the computer and email passwords.

Each user accepts the access and confidentiality undertaking regarding information and information systems. 

Further instructions on submitting information requests referred to in the General Data Protection Regulation: https://www.espoo.fi/en/city-espoo/data-protection#section-7317

You have the right to obtain from the controller a copy of the personal data that is subject to processing. The controller shall provide the data without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay, and at the latest within one month of receipt of the request, of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Requests from the data subject and any resulting actions are free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.

You have the right to have inaccurate, incomplete, outdated or unnecessary personal data that we store either rectified or completed by us.

You have the right to have the controller erase your personal data without undue delay under certain conditions. You can withdraw your consent at any time by emailing lotta.salmi(at)espoo.fi.

The data subject does not have the right to erasure if the processing of data is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. In these cases, the data will only be erased after the statutory time limit.

If the data concerning you is inaccurate, you have the right to request that its processing be restricted until its accuracy has been verified.

You have the right to lodge a complaint with a supervisory authority if you feel that the processing of your personal data is in infringement of data protection legislation. You can lodge a complaint with the Office of the Data Protection Ombudsman: www.tietosuoja.fi.