Privacy Notice – OmaEspoo Service Portal

Publication date: 18 November 2025 (updated 28 May 2026) 

1. Purpose and legal basis of processing 

In the City of Espoo, personal data is generally used to provide, plan, evaluate and produce statistics on services and operations. 

Personal data collected through the service is processed in Espoo’s work management system, where customer contacts and requests are handled. 

The legal bases for processing are: 

• Task carried out in the public interest or exercise of official authority 

• Act on the Provision of Digital Services (306/2019, section 5) 

• Administrative Procedure Act (434/2003, section 8) 

• Basic Education Act (628/1998, chapter 8a) 

2. What data is processed and where is it obtained? 

The following personal data of customers is processed: 

• names 

• email addresses 

• phone numbers 

• IP addresses of logged-in users 

• personal identity codes (for logged-in users, required for identification) 

• personal data provided by the customer in requests 

The data varies depending on the service and form. Detailed information is available in service-specific privacy notices. 

Data is obtained from customers themselves and from the Suomi.fi service managed by the Digital and Population Data Services Agency. 

3. Data retention 

Personal data is stored only as long as necessary to provide the service or as required by law. 

Retention periods are determined according to the Information Management Act (section 21). 

For this service: 

• System log data of logged-in users is retained for five years 

Service-specific retention periods are defined separately. 

4. Data processors and recipients 

4.1 Processors acting on behalf of Espoo 

Personal data is processed by Espoo city officials and employees, and by external service providers supporting the OmaEspoo portal. 

Only processors complying with GDPR requirements are used. Compliance is ensured through written contracts. 

External provider: 

• Sofigate Oy (may use approved subcontractors) 

4.2 Disclosure to other organisations 

Data is disclosed in accordance with the Act on the Openness of Government Activities. 

Personal data may be disclosed to authorities and other entities as permitted or required by law. 

5. Transfers outside the EU/EEA 

No, data is not transferred outside the EU/EEA. 

6. Data subject rights 

Under the EU General Data Protection Regulation, you have various rights regarding your personal data. 

Further information is available on the City of Espoo website.