Privacy notice: Terms of use of the network

Espoo_avoin is a free wireless network intended for visitors at the City of Espoo’s premises. Visitors can use the Internet after registering as a user and accepting the terms of use and the privacy notice. After registration, the network user ID is sent to the phone number provided by the visitor.

Users of the network must follow good netiquette, which means that the network cannot be used for illegal or unethical purposes, such as sending junk mail, downloading malware, disrupting the operation of the network, or disturbing other users. The user is also responsible for ensuring that they or the devices they use do not cause disruption to the wireless network, other communication networks, the network provider, the City of Espoo or other Internet users.

The use of the Espoo_avoin network is monitored. The network administrator has the right to prevent the use of the network and respond to official information requests by disclosing information on the use of the network.

The user is liable for any damage they cause to authorities, the City of Espoo or third parties.

The user is responsible for the security and protection of their own computer, information system or other devices they use. The City of Espoo is not responsible for any viruses or malware the user may encounter while using the wireless network or for any damage caused by them.

Date of publication: 28 January 2026

Personal data is generally used in Espoo for the provision, planning and assessment of activities and services and for statistical purposes. In this service, personal data is processed for the purpose of maintaining user IDs and login information related to the wireless network intended for the City of Espoo’s staff and visitors. The processing of data ensures data security and the continuity of operations. The monitoring and supervision of processing ensures data protection, user identity protection, and the legal protection of pupils, employees and visitors. Data can be used to investigate errors and monitor the use of information systems. In addition, data is used for solving problems and collecting and monitoring IT system log data.

In this service, personal data is processed on the following legal grounds:

To comply with the data controller’s legal obligation. According to the Act on Information Management in Public Administration (906/2019, sections 15–17), security measures, verifying access rights and compilation of log data are required.

It is necessary to process the following data to provide the service:

Staff, partners and education: (Entra ID login)

User’s name

Email address

User ID

IP address

Unique address of the device connected to the network (MAC address)

Visitors: (Login via text message)

Name entered by the user

Telephone number

IP address

Unique address of the device connected to the network (MAC address)

The above-mentioned information is also stored in the service log data.

The information is provided by the users, with the exception of the IP address, which is provided by the service connected to the system, and the MAC address, which comes from the user’s device.

Personal data is stored for as long as it is necessary for the provision of the service or required by legislation. In terms of this service, data is deleted as follows:

Employees/partners: (Administration Entra ID login)

The ending of an employment relationship or an agreement with a partner and the deletion of a user ID starts the automatic deletion of data. After the deletion of a user ID, personal data is stored in the cloud service for 30 days after the use of the service has ended.

Log data is stored for a maximum of two years. In situations where a user’s activities are investigated afterwards, the data in question is kept in separate storage for the time required by the case.

Learners and teachers: (Education Entra ID login)

For learners and teachers, data is stored in a local directory service for 366 days after the pupil/employment relationship has ended. Data is deleted automatically.

Log data is stored for a maximum of two years. In situations where a user’s activities are investigated afterwards, the data in question is kept in separate storage for the time required by the case.

Visitors: (Login via text message)

Information entered by visitors is stored for one year.

Storage of log data:

Log data is stored for one year. In situations where a user’s activities are investigated afterwards, the data in question is kept in separate storage for the time required by the case.

4.1 Parties processing data on behalf of the City of Espoo

Personal data is processed by persons responsible for maintaining the network. We only select contracting partners who comply with good personal data processing practices and meet the requirements of the General Data Protection Regulation. Compliance with data protection requirements is ensured through written agreements.

4.2 Disclosure of data to other organisations

Data is disclosed to the person requesting it in accordance with the Act on the Openness of Government Activities. In this service, data may only be disclosed to other authorities, for example the police, Data Protection Ombudsman or National Cyber Security Centre, for the investigation of information security incidents and crimes based on a separate request.

City employees’ and partners’ Entra ID logins use Microsoft cloud services provided in and outside the EU. Microsoft’s services are covered by the EU-US Data Privacy Framework. Data related to visitors’ text message logins is processed entirely within the EU/EEA.

The General Data Protection Regulation of the European Union guarantees you various rights in terms of the processing of your personal data. You can read more about your rights and how to exercise these rights on the espoo.fi website. www.espoo.fi/en/city-and-decision-making/safety/data-protection#rights-of-the-data-subject-7317

City of Espoo

7.1 Contact person of the register

If you have questions or need more detailed information on the processing of personal data, you can contact the contact person of the register:

Juha Valtaharju, IT Manager

juha.valtaharju(at)espoo.fi

Tel. +358 44 5123529

Change history

28 January 2026: Privacy notice was published