Processing of personal data in the Espoo Events database

City of Espoo 
P.O. Box 1, 02070 
CITY OF ESPOO 
Tel. +358 9 81621

Johanna Pajakoski, Director of Communications, City of Espoo

Johanna Pajakoski, Director of Communications, City of Espoo 
Address: P.O. Box 12, 02070 City of Espoo 
Tel. +358 9 81621 (switchboard) 
Email: firstname.lastname@espoo.fi

Data Protection Officer of the City of Espoo 
Address: P.O. Box 12, 02070 City of Espoo 
Tel. +358 9 81621 (switchboard) 
Email: tietosuoja@espoo.fi

The City of Espoo collects the necessary personal data of the users of the Espoo Events system for the purposes of identifying the users of the event database, content creation, system maintenance and management.

The City of Espoo does not use the above-mentioned data for any purpose other than the management of the event database.

Article 6(1)(a) of the General Data Protection Regulation of the European Union: the data subject has given consent to the processing of his or her personal data for one or more specific purposes.

Article 6(1)(e) of the General Data Protection Regulation of the European Union: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The following user data is collected in the Espoo Events database: first name, last name, email address, user ID creation date, and name of the user’s organisation.

In addition, telephone numbers are collected for users outside the City of Espoo and cryptographic hashes for those using Suomi.fi e-Identification for the purpose of identifying the persons.

The names of users outside the City of Espoo are obtained from the users themselves when they request a user ID or through the Suomi.fi e-Identification service, and other information is entered into the system by the users.

The information of the City of Espoo’s employees is obtained from the city’s ID management system when requesting access to the Espoo Events system.

Persons are added to an organisation by the main users of Espoo Events.

Data will not be disclosed outside the register.

Personal data will not be transferred outside the EU or the European Economic Area (EEA).

Data is stored only for as long as the registered person uses the Espoo Events database.

The data of the City of Espoo’s employees is erased from the Espoo Events system by the main users when their access rights are removed from the ID management system or if they leave the City of Espoo organisation.

Guest users’ access rights are reviewed every six months. If a user does not renew their access rights, they will be removed from the system. Access rights can also be removed upon request.

Those using Suomi.fi e-Identification can remove their access rights themselves or their data can be erased upon request.

User data is stored in an information system that is protected against unauthorised access through personal usernames and passwords. Rights to view and manage the data are only granted to persons who need access to the system to carry out their duties.

The devices and servers used for processing data are appropriately protected through technical and physical solutions.

Further instructions on submitting information requests referred to in the General Data Protection Regulation: www.espoo.fi/en/city-espoo/data-protection

You have the right to obtain from the data controller a copy of the personal data that is subject to processing. The data controller must provide the data without undue delay and in any event within

one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

If the data controller does not take action on the request of the data subject, the data controller must inform the data subject without delay, and at the latest within one month of receipt of the request, of the reasons for not taking action and of the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Requests from the data subject and any resulting actions are free of charge. However, where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the data controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.

You have the right to have inaccurate, incomplete, outdated or unnecessary personal data that we store either rectified or completed by us.

You have the right to have the data controller erase your personal data without undue delay under certain conditions. The data subject does not have the right to erasure if the processing of data is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In these cases, the data will only be erased after the statutory time limit.

If the data concerning you is inaccurate, you have the right to request that its processing be restricted until its accuracy has been verified.

You have the right to lodge a complaint with a supervisory authority if you feel that the processing of your personal data is in infringement of data protection legislation. You can lodge a complaint with the Office of the Data Protection Ombudsman: www.tietosuoja.fi