Communications register of Western Uusimaa Transport Services
The privacy statement was published on 6 August 2019.
Updated on 30 April 2021
1. Data controller
City of Espoo
2. Person responsible for the register
3. Contact person of the register
Client Coordinator. Email: email@example.com
4. Data Protection Officer
Data Protection Officer of the City of Espoo
Address: P.O. Box 12, 02070 City of Espoo
Tel. 09 816 21 (switchboard)
Email address: firstname.lastname@example.org
5. For what purpose will personal data be processed?
The communications register is used for sending electronic information bulletins, such as newsletters, to persons interested in Western Uusimaa Transport Services and for sending information bulletins to service providers and developer clients. Newsletters and information bulletins may include brief surveys related to the operations of Transport Services.
Electronic information bulletins may also be used to convey service-related material to service providers.
The developer clients’ data is used to organise client events. Data collected from developer clients on the reason for use of transport services is used to ensure that different groups of people with disabilities have equal opportunities to attend client events.
6. On what grounds will personal data be processed?
- Article 6(1)(a) of the General Data Protection Regulation of the European Union: the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
- Article 6(1)(b) of the General Data Protection Regulation of the European Union: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
7. What data will be processed?
Name, telephone number, email address, language selection, client group, municipality of residence, age, year of birth, company name, service area and developer clients’ reason for use of transport services.
8. What are the sources of data?
Personal data is collected from clients themselves when they fill in the newsletter subscription form or sign up as a developer client. The service providers’ data is obtained from the contracts based on the contractual relationship.
9. Will data be disclosed or transferred outside the city?
Data will not be disclosed to parties external to the City of Espoo.
10. Will data be transferred outside the EU/EEA?
Data is not transferred outside the EU or the EEA.
11. How long will data be stored?
Data will be stored until the publication of the newsletter is discontinued, the data subject unsubscribes from the mailing list or their email address repeatedly sends an error notification. The developer clients’ data is stored for as long as the person or the person’s municipality of residence is involved in the developer client network or the developer client network is operational. The service providers’ data is stored for the duration of the contractual relationship.
12. How will data be protected?
Dedicated servers in Finland. The register is stored electronically and protected from third parties by appropriate firewalls and technical protection measures. The right to use and maintain the data stored in the register is only awarded to persons appointed to this task. Manual materials are stored in locked premises accessible only to persons whose duties entitle them to process the data. The users are bound to confidentiality.
13. Rights of the data subject
Further instructions on submitting information requests referred to in the General Data Protection Regulation: https://www.espoo.fi/en-US/Eservices/Data_protection/Client_rights(extrernal link)
13.1. How can I access my data?
You have the right to obtain from the controller a copy of the personal data that is subject to processing. The controller shall provide the data without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay, and at the latest within one month of receipt of the request, of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
Requests from the data subject and any resulting actions are free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.
13.2. When can I request rectification of my data?
You have the right to have inaccurate, incomplete, outdated or unnecessary personal data that we store either rectified or completed by us.
13.3. When can I request erasure of my data?
You have the right to have the controller erase your personal data without undue delay under certain conditions. The data subject does not have the right to erasure if the processing of data is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. In these cases, the data will only be erased after the statutory time limit.
13.4. When can I request restriction of processing of my data?
If the data concerning you is inaccurate, you have the right to request that its processing be restricted until its accuracy has been verified.
13.5. Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority if you feel that the processing of your personal data is in infringement of data protection legislation. You can lodge a complaint with the Office of the Data Protection Ombudsman: www.tietosuoja.fi