Processing of personal data, City of Espoo personnel register

Processing of personal data
City of Espoo personnel register
Date of publication: 6 February 2018.
Updated on 15 April 2025

City of Espoo
P.O. Box 1
02070
CITY OF ESPOO
Tel. +358 9 81621

Director of Human Resources

HR-neuvomo
Kamreerintie 5, 3rd floor
P.O. Box 650
02070 CITY OF ESPOO
Tel. +358 9 81633000
email: hr-neuvomo(at)espoo.fi

Data Protection Officer of the City of Espoo
Address: P.O. Box 12, 02070 City of Espoo
Tel. +358 9 81621 (switchboard)
Email: tietosuoja(at)espoo.fi

Personal data stored in the personnel register is processed for the purpose of carrying out duties related to the City of Espoo’s human resources administration and the city’s role as an employer.

As an employer, the City of Espoo processes the personal data of its employees/office-holders when carrying out duties that fall within its responsibilities under law, collective agreements, employment contracts, and appointments to office. This includes all the employer’s activities related to employment relationships, including recruitment; management of work; human resources administration; changes in employment relationships, including career development, internal recruitment and transfers; termination of employment relationships; and tasks related to work performance and competence management.

The City of Espoo collects and processes personal data only for the purposes referred to above and, as an employer, only processes personal data that is relevant to the employee’s/office-holder’s employment relationship and that is related to managing the rights and obligations of the parties to the employment relationship or to the benefits provided by the employer for the employee or that arises from the special nature of the work concerned (Article 5 of the General Data Protection Regulation of the European Union (GDPR); section 3, subsection 1 of the Act on the Protection of Privacy in Working Life).

Personal data of the City of Espoo’s new and existing employees/office-holders is collected in the personnel register during their employment relationship for the purpose of processing matters related to their employment relationship and career development. Personal data of persons working in some other capacity under the supervision of the City of Espoo, such as interns and persons carrying out non-military service, is also collected in the register.

The processing of personal data of employees who enter a contractual employment relationship with the City of Espoo is necessary for the performance of the employment contract (Article 6(1)(b) of the GDPR). The disclosure of personal data for this purpose is a prerequisite for the establishment of an employment relationship and the conclusion of an employment contract. If personal data is not disclosed or the data subject objects to the processing of their data, the employment contract cannot be concluded.

The processing of personal data of employees who enter a public-service employment relationship with the City of Espoo is necessary in the exercise of official authority vested in the controller (Article 6(1)(e) of the GDPR).

According to the Constitution of Finland and the Local Government Act, the exercise of public authority must be based on law, and a public office must be established for a task involving the exercise of public authority. A public-service employment relationship is thus an employment relationship governed by public law, and the disclosure of personal data is a prerequisite for appointment to office and the establishment of the public-service employment relationship. If personal data is not disclosed or if the data subject objects to the processing of their personal data, the person cannot be appointed to office and thus the public-service employment relationship cannot be established.

During the employment relationship, the processing of personal data of an employee or office-holder is necessary for compliance with a legal obligation to which the controller is subject (Article 6(1)(c) of the GDPR).

During the employment relationship, the controller, as the employer, has several statutory duties and obligations that are based on national legislation (Article 88 of the GDPR). Depending on the employment relationship, a significant amount of national legislation will apply to the processing of personal data. National legislation defines, among other things, the openness and confidentiality of personal data, the employer’s right to obtain personal data from persons other than the data subject themselves and the rights to disclose personal data to public authorities.

• Article 6(1)(b) of the General Data Protection Regulation of the European Union: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Article 6(1)(c) of the General Data Protection Regulation of the European Union: processing is necessary for compliance with a legal obligation to which the controller is subject.
• Article 6(1)(e) of the General Data Protection Regulation of the European Union: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

General Data Protection Regulation of the European Union (GDPR)
Data Protection Act
Act on the Openness of Government Activities
Act on the Protection of Privacy in Working Life
Employment Contracts Act
Act on Civil Servants in Local Government
Administrative regulations of the City of Espoo
Act on Occupational Safety and Health Enforcement and Cooperation on Occupational Safety and Health at Workplaces
Occupational Health Care Act
Occupational Safety and Health Act
Collective agreements for local government employees
Act on cooperation between municipal employers and employees
Personal File Act
Archives Act
National Pensions Act
Annual Holidays Act
Working Time Act
Workers’ Compensation Act
Health Insurance Act
Public Sector Pensions Act

At the beginning of the employment relationship, the following basic personal data and data needed for salary payment is collected in the personnel register: name, preferred first name, personal identity code, address, taxation information, personal telephone number, telephone number needed for using culture, sports and lunch benefits, and bank account number. In addition, the city collects information on the data subject’s education, qualifications and degrees, driving licence, mother tongue and, if necessary, other language skills.

The city also collects information on the data subject’s taxation and occupational licences. A personal identifier, user ID, work telephone number (if necessary) and work email address are created for the data subject, and these are stored in the register. In addition, information on the person’s duties and place of work, including their position number, are stored in the register.

In addition, information required by specific legislation, such as drug test results or information on vaccinations required for the position may be collected from a person to be employed.

The employer collects and stores information on the data subject’s employment relationship, annual income and possible enforced debt recovery for the purpose of salary calculation and to be provided to pension insurance companies and insurance companies.

During the employment relationship, additional personal data concerning the data subject will be generated through different processes carried out by the employee/office-holder, their supervisor or another representative or specialist working for the employer. These processes carried out during the employment relationship include, for example, processes related to the determination and payment of salaries and increments, working hours monitoring, and shift planning. They also include processes related to mentoring, professional development and training, ability to work, rehabilitation, relocation, occupational wellbeing and occupational safety and health.

Furthermore, these processes include different processes for solving possible problems related to the employment relationship. In addition to the basic personal data of the data subject, the following data will be handled in these processes: the data subject’s title and information concerning their salary, absences, annual holiday, education and training, employment relationship history, job descriptions, personal assessments, job performance and skills, as well as various characterisations and descriptions of events related to the above-mentioned processes.

Basic data related to the employment relationship may also be processed when it needs to be technically transferred to a new information system or when processing is necessary for the testing of information systems. Data to be transferred may include, for example, the data subject’s name, title, user ID and salary information.

The City of Espoo processes special categories of personal data (formerly sensitive data) in the following situations:

The employer processes an employee’s/office-holder’s health information provided through their own notification or through a certificate issued by a health care professional (reason/diagnosis for sickness absence) when the information is necessary for the payment of sick pay or comparable health-related benefits or for determining whether there is a justified reason for absence from work. Health information is processed confidentially and only by the supervisor and payroll professionals in accordance with the division of duties.

The employer processes the employee’s/office-holder’s health information to a limited extent and only to the extent necessary to ensure the data subject’s wellbeing and safety at work and to investigate and safeguard the prerequisites for work and the data subject’s ability to work and functional capacity (Article 9(1)(b) of the GDPR; sections 4 and 5 of the Act on the Protection of Privacy in Working Life; section 12, subsection 1, paragraph 5a and sections 13, 17 and 18 of the Occupational Health Care Act; and sections 31 and 32 of the Act on Occupational Safety and Health Enforcement, which provide for the right of the occupational safety and health representative to obtain information).

The employer has the right to refer the employee/office-holder to occupational health care for an assessment of their suitability for the work and ability to work. The occupational health care provider can only provide the employer with information on whether the employee/office-holder is suitable for the work or whether there are limitations to their suitability. The occupational health care provider must not disclose to the employer information on the employee’s/office-holder’s health without their consent. As a rule, health information is always obtained from the employee/office-holder themselves or, with their consent, from their occupational health care provider or another health care professional (Occupational Health Care Act, section 12, subsection 1, paragraph 5a; section 17, subsection 2; and section 18).

The processing of an employee’s/office-holder’s health information may also be based on legislation on occupational safety and health.

Information on the vaccination status of health care and social welfare personnel specified in the Communicable Diseases Act is also processed confidentially. The employer has the right to process information on whether or not the data subject has received the vaccinations required for the work. Information on vaccinations is obtained from the employee/office-holder or, with their consent, from a health care professional (section 48, subsection 4 of the Communicable Diseases Act).

Information on an employee’s/office-holder’s trade union membership is entered in the register when the person grants the employer the right to collect the trade union contribution in connection with salary payment (Article (9)(1)(d) of the GDPR and section 6, subsection 1, paragraph 3 of the Data Protection Act).  

A photograph of the data subject will be taken for their employee ID card. Although the photograph is used on the employee ID card for identification purposes, no database will be created of the photographs and they will not be processed through specific technical means allowing the unique identification or authentication of the person (paragraph 51 of the GDPR).

The tools offered by the employer, such as a telephone or tablet, may have fingerprint identification enabled by current technology, which the employee/office-holder may choose to use. The employer does not require the use of fingerprint identification and does not collect fingerprints for identification purposes. No database will be created of the fingerprints and they will not be processed through specific technical means allowing the unique identification or authentication of the person (paragraph 51 of the GDPR).

Under Article 86 of the General Data Protection Regulation of the European Union, section 28 of the Data Protection Act and the Act on the Openness of Government Activities, the data in the City of Espoo’s personnel register is public unless it has been defined as confidential for reasons of privacy or sensitivity or other justified reasons.

According to the principle of openness related to official documents, the City of Espoo’s documents are public unless otherwise provided by law (section 1 of the Act on the Openness of Government Activities). Thus, as the City of Espoo is a public authority, the data stored in the city’s personnel register is, as a rule, public, unless it has been defined as confidential for reasons of privacy or other justified reasons. According to the principle of openness related to official documents, information can, as a rule, only be obtained on request.

Personal data is only posted online on rare and carefully considered occasions, if necessary to safeguard municipal residents’ right to obtain information. However, a large part of the data in the personnel register is confidential and is not disclosed even on request.

Data accessible to the parties concerned is only disclosed from the personnel register in situations specified by law (section 11 of the Act on the Openness of Government Activities).

Those who process the personal data stored in the City of Espoo personnel register are bound by an obligation of confidentiality (section 35 of the Data Protection Act). Some data in the personnel register is confidential. Such data is handled with special caution, access rights are restricted to the processing group, and the data cannot be disclosed even on request.

An employee’s health information may only be processed by persons who, based on said information, prepare or make decisions concerning the employee’s employment relationship. The employer has designated in advance the persons entitled to process such information or defined the tasks that include the processing of such information. Persons who process such information are bound by an obligation of confidentiality, i.e. they may not disclose any of it to a third party either during or after their employment relationship (section 5, subsection 2 of the Act on the Protection of Privacy in Working Life).

Grounds for confidentiality:
The following information stored in the personnel register and documents containing such information are confidential under section 24 of the Act on the Openness of Government Activities:

• Information on the person’s annual income or total assets and information on natural persons as debtors in execution (section 24, paragraph 23 of the Act on the Openness of Government Activities).
• Information on a person’s state of health or disability or on the health care and rehabilitation services they have received (section 24, paragraph 25 of the Act on the Openness of Government Activities).
• Information on a person’s psychological test or aptitude test or the results thereof, or assessments carried out for the selection of employees or for the establishment of the basis for a salary (section 24, paragraph 29 of the Act on the Openness of Government Activities).
• Information on a secret telephone number or contact information subject to non-disclosure for personal safety reasons (municipality of residence, address, telephone number) (section 24, paragraph 31 of the Act on the Openness of Government Activities).
• Information on a person’s privately expressed views, lifestyle, participation in voluntary associations or leisure activities, family life or other comparable personal circumstances (section 24, paragraph 32 of the Act on the Openness of Government Activities).

Although, under the Act on the Openness of Government Activities, information on a person’s annual income and assets is confidential, under section 7 of the Personal File Act, information on an office-holder’s and employee’s salary is public.

Under section 29, subsection 2 of the Data Protection Act, a personal identity code may be processed in health care and social welfare services and other activities to ensure social security and in matters concerning public service employment relationships, employment relationships and other service relationships and benefits relating to these. A personal identity code is not in itself confidential information, but its unnecessary entry is avoided in documents printed or drawn up on the basis of the personnel register.

The employer must collect personal data concerning the employee primarily from the employee themselves (section 4 of the Act on the Protection of Privacy in Working Life).

Personal data is collected at the beginning of the employment relationship and updated during the employment relationship. During the employment relationship, personal data stored in the personnel register is supplemented by the person themselves and through assessments and descriptions made by the employer’s representative or an HR professional in connection with different processes. Decisions concerning the employment relationship made by decision-makers also generate new personal data that is stored in the register.

If the employer collects personal data from a person other than the employee themselves, they must obtain the employee’s consent to the collection of such data. However, this consent is not required when an authority discloses information to the employer to enable the latter to fulfil a statutory duty or when the employer acquires personal credit or criminal record data for the purpose of determining the reliability of an employee (section 4 of the Act on the Protection of Privacy in Working Life).

The employer has the right to obtain from the occupational health care provider an assessment on whether the employee/office-holder is suitable for their work or whether there are limitations to their suitability (section 13 of the Occupational Health Care Act). However, the occupational health care provider can only disclose confidential information on the employee’s health with the express consent of the employee, for example when the employee wishes to have their ability to work examined on the basis of their health information (section 18 of the Occupational Health Care Act). 

The employer has the right to obtain from Keva the information necessary for financial management and the adjustment of the pension contribution, notwithstanding the obligation of confidentiality laid down in the Act on the Openness of Government Activities and other restrictions on access to information. The employer has the right to obtain from Keva a notification of the type of pension granted to a retiring person and information on the starting and ending date of the pension for the purpose of the employer’s personnel administration arrangements (section 156 of the Public Sector Pensions Act).

Personal data is disclosed to partners of the City of Espoo on the basis of the agreement in force at the time in order to provide various staff benefits and other services to employees. The City of Espoo also orders the employee ID cards required for the use of staff benefits from an external partner.

When the employee ID card is ordered, the employee’s name, title and photograph are disclosed. The employee’s telephone number is disclosed for the purpose of offering the sports benefit. The work telephone number is disclosed to the company responsible for the national directory assistance service. The person’s identifying information and information on the trade union fee collected is disclosed to the trade union on the basis of an authorisation issued by the employee/office-holder. The chief shop stewards of the main contracting organisations in the municipal sector and Tehy (Union of Health and Social Care Professionals in Finland) receive, at least twice a year, identifying personal data on the members of their own main organisation based on existing collective agreements (chapter 7, section 6 of the General collective agreement for municipal personnel (KVTES), and section 6 of the act on the cooperation between municipal employers and municipal workers).

By virtue of legislation, personal data is regularly disclosed to tax authorities, Keva and other pension insurance institutions, banks and Statistics Finland (e.g. section 16 and 18 of the Tax Assessment Procedure Act; sections 151 and 153 of the Public Sector Pensions Act; and section 15 of the Statistics Act). This information to be disclosed by virtue of legislation includes the person’s identifying information, and information on their salary, working hours, profession and place of work.

In addition, personal data is disclosed, if necessary, to Kela, insurance companies, the Employment Fund, the National Enforcement Authority Finland, the State Treasury, and the occupational safety and health authority on the basis of existing legislation (e.g. section 86 of the National Pensions Act; chapter 19, section 1 of the Health Insurance Act; sections 252–254 of the Workers’ Compensation Act; section 22 of the Act on the Financing of Unemployment Benefits; chapter 3, section 66 of the Enforcement Code; and chapter 2, section 4 of the Act on Occupational Safety and Health Enforcement and Co-operation on Safety and Health at Workplaces.)

Basic personal data is also disclosed to the Association of Finnish Local and Regional Authorities, the Regional State Administrative Agency for Southern Finland, and the Orders of the White Rose of Finland and the Lion of Finland for the purpose of applying for decorations. Personal data is disclosed to the Finnish Institute of Occupational Health for the purpose of conducting the Kunta10 survey. 

Personal data on persons carrying out their non-military service with the City of Espoo is disclosed to Sivariweb, the national register of non-military service (chapter 12 of the Non-Military Service Act). The City of Espoo discloses information on sickness absences from the personnel register to the City of Espoo’s occupational health care patient register for the purpose of assessing the employee’s ability to work and to continue working at the latest when their absence has continued for one month (section 10a of the Occupational Health Care Act).

The employer must provide occupational health care professionals and experts with information on work, work arrangements, occupational diseases, occupational accidents, personnel, working conditions and changes thereof, as well as other similar factors necessary for assessing and preventing health hazards or harm caused by work to employees (section 15 of the Occupational Health Care Act).

A health care professional’s statement concerning the employee’s ability to work or a medical certificate submitted to the employer by the employee is delivered to the occupational health care provider for the purpose of carrying out the occupational health care duties laid down in the Occupational Health Care Act, unless the employee has forbidden this (section 5, subsection 3 of the Act on the Protection of Privacy in Working Life).

As a rule, personal data is stored and processed within the EU and the EEA.

Identifiers related to O365 services are also transferred to a system with servers located in the United States. The service provider is committed to complying with the standard contractual clauses on the transfer of personal data to third countries drawn up by the European Commission. The above commitment guarantees adequate protection of user data also outside the EU. Sensitive information, such as information describing a person’s health or financial situation, is not transferred outside the EU or the EEA.

Data in the personnel register is archived and destroyed in line with applicable provisions defined in the City of Espoo’s records management plan. The storage periods of personal data entered in the personnel register vary a great deal, depending on the context. The City of Espoo will store personal data entered in the personnel register or documents containing such data either for a specified period of time or in accordance with the need for information, as specified in applicable legislation or in the records management plan. The records management plan is available on the City of Espoo’s intranet Essi.

As a rule, the storage period of employment contracts and appointments to office is 50 years when they contain a recruitment decision. As a rule, microfilms concerning pay sheets and directories containing employees’ personal and salary data are stored for 50 years, as are documents containing salary corrections.

Otherwise, documents related to the establishment and termination of an employment relationship are, as a rule, stored for 10 years. Basic information forms are also stored for 10 years when they are used to notify the recipient of changes or when they do not serve as recruitment decisions. Otherwise, they are also stored for 50 years.

Many of the documents related to the employment relationship are stored for 10 years. Such documents include work orders, decisions on educational and work-related trips, travel expenses forms, mileage allowances, various applications concerning holidays and leaves and decisions thereof, and decisions on various increments. The same applies to decisions on length-of-service increments. Work schedules are stored for 5 years.

Reprimands and warnings related to breaches of the employment relationship are stored for 3 years and 5 years respectively. Other documents related to breaches of the employment relationship, such as decisions on termination of employment, are stored for 10 years. Medical certificates submitted by the employee are stored for 2 years, as are decisions on sickness insurance payments and maternity allowance.

As a rule, information concerning internships and non-military service is stored for 2 years.  Information concerning performance and competence, such as performance assessments and discussions related to goals and skills, is stored, as a rule, for 2 years or as necessary. Many documents related to career development are stored as necessary. 

The data subject’s photograph is only used when their employee ID card is ordered, after which it will be deleted. The photograph will only remain on the employee ID card used by the data subject. With regard to the storage periods of special categories of personal data, the City of Espoo complies with applicable legislation.

The majority of the personal data contained in the personnel register is stored in the electronic Sarastia system. In addition, the data is stored in the Dynasty Asianhallinta system (incl. office-holder decisions, decisions on salaries and increments), the Hektori, Efecte, ERP, X-Archive, Linkity and Primus systems, the Microsoft Office 365, OneDrive for Business and SharePoint applications, and the network drive. Information on working hours is stored in the working hours monitoring system. 

Information on training is partly stored in the training registration system and information on interns is also stored in its own system. Primus is used in the organisation and monitoring of basic and general upper secondary education, the performance of duties related to the pupil or student relationship, and the maintenance of basic information on teachers and other staff.

The personnel register is also partly formed of archived paper documents that are also stored electronically in the City of Espoo information network. Paper documents include contracts, appointments and decisions related to the employment relationships (such as employment contracts, appointments to office and decisions). Paper documents are also produced during the employment relationship in processes related to performance assessment, possible disciplinary measures, mentoring, occupational safety and health, early intervention and addressing issues.

IT equipment is located in protected and supervised premises. At Espoo’s workstations, the HR system is used observing appropriate technical protection measures and user management measures. Each user has personal access rights to the HR systems and files, and their use is monitored. Access rights are granted on a task-specific basis and removed when the person no longer works with the tasks for which the rights have been granted. Each user must accept the City of Espoo’s information security commitment, including a usage and confidentiality commitment. The personnel are introduced to data protection and appropriate processing of personal data.

The archives and units have access control and locked doors. Documents are stored in supervised premises and/or locked cabinets.

Further instructions on submitting information requests referred to in the General Data Protection Regulation. 

You have the right to obtain from the data controller a copy of the personal data that is subject to processing. The data controller must provide the data without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

If the data controller does not take action on the request of the data subject, the data controller must inform the data subject without delay, and at the latest within one month of receipt of the request, of the reasons for not taking action and of the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Requests from the data subject and any resulting actions are free of charge. However, where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the data controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.

You have the right to have inaccurate, incomplete, outdated or unnecessary personal data that we store either rectified or completed by us. 

You have the right to have the data controller erase your personal data without undue delay under certain conditions. The data subject does not have the right to erasure if the processing of data is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In these cases, the data will only be erased after the statutory time limit.

If the data concerning you is inaccurate, you have the right to request that its processing be restricted until its accuracy has been verified.

You have the right to lodge a complaint with a supervisory authority if you feel that the processing of your personal data is in infringement of data protection legislation. You can lodge a complaint with the Office of the Data Protection Ombudsman(external link, opens in a new window).