1. Data controller

City of Espoo

  1. Person responsible for the register

Jutta Takala, Director of Human Resources, firstname.lastname@espoo.fi

  1. Contact person of the register

Eija Ovaskainen, Occupational Safety and Health Manager, firstname.lastname@espoo.fi

  1. Data Protection Officer appointed by the organisation

Data Protection Officer of the City of Espoo
Address: P.O. Box 12, 02070 City of Espoo
Tel. +358 9 81621 (switchboard)
tietosuoja(at)espoo.fi

  1. Purposes of processing personal data and the legal grounds for processing

Personal data stored in the register is processed for the purpose of monitoring and developing the occupational safety of employees. According to section 8 of the Occupational Safety and Health Act, employers have a duty to take care of the safety and health of their employees while at work by taking the necessary measures. Employers must also continuously monitor the working environment, the state of the workplace community and the safety of work practices. Employers must also monitor the impact of the measures put into practice on safety and health at work. To this end, occupational safety and health staff monitor notifications and related measures and take out reports on notifications of accidents, safety observations (notifications of near miss incidents, hazards, biological exposures*, positive observations) and violent or threatening incidents that employees have submitted through the cloud service system as well as investigations and corrective measures carried out by supervisors.

*section 40(a) (14.12.2017/927) List of employees exposed to biological agents(external link, opens in a new window)

In addition, the statutory insurance company sends Occupational Safety and Health Managers monthly Excel reports on occupational and commuting accidents and occupational diseases. The insurance company also submits a twice-yearly report on prolonged absences caused by occupational accidents to the city’s Occupational Safety and Health Manager, the Director and Service Manager of Occupational Health Services, and the Work Ability Coordinator working for HR Development.

In addition, supervisors can take out reports concerning their own unit.

The cloud service also contains assessments of occupational safety risks at workplaces, which do not include personal data.

The aim is to use the above-mentioned information to prepare for and prevent accidents, increase wellbeing at work, and fulfil the statutory obligations of employers.

Based on the information gathered, reports are prepared for the management, but individual data is not disclosed outside the occupational safety and health team. Information on occupational accidents that have caused prolonged sickness absences is processed by Occupational Safety and Health Managers, the Director and Service Manager of Occupational Health Services, and the Work Ability Coordinator in charge of reassignment activities.

The City of Espoo has drawn up instructions related to the above-mentioned matters. The instructions are available to all personnel on the intranet. According to the instructions, employees must submit a notification in the above-mentioned situations, which will be processed at the workplace and sent to the Occupational Safety and Health Manager.

Key legislation:

Data protection legislation, including the General Data Protection Regulation of the European Union and the national Data Protection Act (1050/2018)

Occupational Safety and Health Act (738/2002)

Workers’ Compensation Act (459/2015)*

Health Insurance Act (1224/2004)

*Section 254: Checking information recorded in the employer’s documents

The insurance institution is entitled to inspect the employer’s documents for accuracy of the information which is held by the employer and is subject to the obligation to provide information pursuant to this Act. The insurance institution is entitled to receive from the police and other authorities executive assistance in obtaining the information referred to above.

Legal grounds for processing:

Article 6(1)(c) of the General Data Protection Regulation of the European Union: processing is necessary for compliance with a legal obligation to which the controller is subject.

Notifications of accidents and safety observations stored in the cloud service (notifications of near miss incidents, hazards and biological exposures): name of the notifier, name and job title of the injured/exposed person, name and contact information of a witness, name of the responsible person, names of participants, name of the person carrying out the investigation/measure and the person approving it.

Notifications of violent or threatening incidents stored in the cloud service: in addition to the above-mentioned information, the age of the perpetrator of the violent or threatening incident. This information is necessary for the development of preventive measures.

The insurance company’s accident report (Excel) is sent by email to the Occupational Safety and Health Managers of the city and its sectors. The report does not contain personal data.

The insurance company submits an accident report (Excel) to the city’s Occupational Safety and Health Manager and the HR Specialist of the HR Department’s Employer Policy team through an encrypted email with the name and personal identity code of the injured person. This is done for the purpose of obtaining missing information, if necessary, and assigning the accident to the correct unit. The information is stored in the files of the above-mentioned office-holders.

Public access to and confidentiality of data:

The data is confidential because it may contain information on a person’s state of health, e.g. the person has slipped and broken their leg.

Grounds for confidentiality:

Statutory provisions that define the contents as confidential.

If Information on an ongoing investigation by the occupational safety and health authority is provided too early, it may jeopardise the success of the investigation. This situation is covered by section 24, subsection 1, paragraph 15 of the Act on the Openness of Government Activities (621/1999).

Section 24, subsection 1 of the Act on the Openness of Government Activities provides that information concerning the health (paragraph 25) or the financial situation (paragraph 23) of a private person or the financial situation or professional secret of a business (paragraph 20) must be kept confidential. It may not be disclosed unless the person whose interests are protected by the non-disclosure obligation consents to the disclosure of the information. If such information arises during the investigation of an accident, it should be handled in such a way that it cannot be linked to an individual person.

  1. Contents of the register

Information on the notifier and the supervisor is obtained from the HR system. Notifications can also be submitted in the role of ‘temporary agency worker’ or ‘other’, in which case the notifier adds the information on the injured person to the cloud service.

Notification of a violent or threatening incident (20 years), confidential

  • Perpetrator’s age (as a drop-down menu)
  • Perpetrator (as a drop-down menu)
  • Child attending early childhood education
  • Pupil attending general education
  • Pupil attending special education
  • Student/intern
  • Guardian
  • Client
  • Resident
  • Patient
  • Family member
  • Employee/co-worker
  • Someone else, please specify:  
  • Job title of the employee (i.e. the victim in the situation) (obtained from the HR system or may be separately entered if the victim’s information is not in the HR system) 
  • Incident categories:
  • Injuries caused by the incident (select one or more)
  • Location of incident: (drop-down menu)
  • Investigation form (to be filled in by the supervisor) 
  • Contacted as a result of the incident (select one or more)
  • Incident has been dealt with in the workplace community (yes/no)
  • Debriefing has been arranged (yes/no)

 

Notification of a near miss incident, hazard, biological exposure** or positive observation (10 years), public

  • name of the person who was in danger / was exposed / made the observation
  • location
  • type of work in question
  • **biological agent
  • **information on the exposure
  • date and time
  • place
  • **source of exposure: patient/client, co-worker, sample (no names)
  • information on accidents
  • information on hazardous incidents
  • responsible person

 

Notification of an occupational accident (20 years), confidential for 100 years

  • name of the injured person
  • personal identity code / date of birth of the injured person
  • gender
  • place of work
  • how the person got injured

 

Statistics on occupational accidents, commuting accidents and occupational diseases (2 years), public

  • name of the injured person
  • personal identity code of the injured person (disclosed to a limited group)
  • date of birth
  • age
  • gender
  • place of work
  • sick days         
  • compensation paid

 

Prolonged sickness absences due to occupational accidents (20 years), confidential

  • name of the injured person
  • date of birth
  • occupation                 
  • date of accident     
  • place of work                
  • sick days         
  • compensation paid                   
  • status at LähiTapiola (pending, accepted/rejected, decision date)
  • City of Espoo (at work, absent)
  • description of accident

 

Notification of blood-borne infection risk (20 years), confidential

  • Notification of blood-borne infection risk
  • name
  • job title
  • place of work
  • permanent employee, fixed-term employee, from Seure
  • doctor who assessed the exposure

**The list must be stored for at least 10 years and in specified cases for 40 years.

  1. Sources of personal data

Employees’ and supervisors’ information is obtained from the HR system or the individuals themselves.

  1. Disclosure of data

For notifications submitted through the cloud system, information on personnel is obtained from the HR system.

Accident notifications submitted through the cloud service and sent to the insurance company contain personal and salary data.

In connection with the investigation of a serious accident, information may be disclosed to the police and the Regional State Administrative Agency for a justified reason.

Twice a year, the insurance company sends an Excel list of employees with an occupational disease or a suspicion thereof or prolonged sickness absences due to occupational accidents to the city’s Occupational Safety and Health Manager, the Director and Service Manager of Occupational Health Services and the Work Ability Coordinator.

  1. Transfer of data outside the EU or the EEA

Data may only be transferred outside the EU/EEA in exceptional cases, such as the investigation of serious information security incidents. In these cases, the transfer of data is based on the EU’s standard contractual clauses.

  1. Data storage periods

Data storage periods are described in the records management plan of the City of Espoo. Data will be stored for the period required by law. Document-specific storage periods are described in section 7 of the plan.

  1. Register maintenance systems and principles of protection

IT equipment is located in protected and supervised premises.

Electronic maintenance systems:

A. Cloud service, occupational safety system

B. Manual materials

- notification of blood-borne infection risk in paper form

Principles of data protection:

A. Electronic materials

Personal access rights are required to access the data. Data transfer is encrypted. Version management is enabled. Responsible personnel regularly participate in information security and data protection training.

B. Manual materials

Papers (notification of blood-borne infection risk) are stored in locked cabinets, and premises are subject to access control.

Further instructions on submitting information requests referred to in the General Data Protection Regulation.

  1. Right of access to data

You have the right to obtain from the data controller a copy of the personal data that is subject to processing. The data controller must provide the data without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

If the data controller does not take action on the request of the data subject, the data controller must inform the data subject without delay, and at the latest within one month of receipt of the request, of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Requests from the data subject and any resulting actions are free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the data controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.

  1. Right to rectify data

You have the right to have inaccurate, incomplete, outdated or unnecessary personal data that we store either rectified or completed by us.

  1. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority if you feel that the processing of your personal data is in infringement of data protection legislation. You can lodge a complaint with the Office of the Data Protection Ombudsman(external link, opens in a new window).

  1. Other potential rights

Right to erasure (Article 17 of the GDPR)

You have the right to have the data controller erase your personal data without undue delay under certain conditions. The data subject does not have the right to erasure if the processing of data is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In these cases, the data will only be erased after the statutory time limit.

Right to restriction of processing (Article 18 of the GDPR)

If the data concerning you is inaccurate, you have the right to request that its processing be restricted until its accuracy has been verified.