Skip to main content

Privacy notice: Register of digital support sessions booked through the request form

Date of publication: 3 October 2022

  1. Data controller

City of Espoo

  1. Person responsible for the register

Customer Service Director
info@espoo.fi

  1. Contact person of the register

Customer Service Director
info@espoo.fi
Tel. +358 9 81621 (switchboard)

  1. Data Protection Officer

Data Protection Officer of the City of Espoo
Address: P.O. Box 12, 02070 City of Espoo
Tel. +358 9 81621 (switchboard)
Email address: tietosuoja@espoo.fi

  1. For what purpose is personal data processed?

Personal data stored in the register is processed for the purpose of allowing residents to book digital support sessions by email. Personal data is collected through a form and used when contacting people who need digital support.

The bookings do not form a permanent client register. Booking information will be deleted from the register after a session has been held between the client and an adviser or within three months of this date at the latest. Personal data will not be used for statistical purposes or for analysing the responses.

  1. On what grounds is personal data processed?

Article 6(1)(a) of the General Data Protection Regulation of the European Union: the data subject has given consent to the processing of his or her personal data for one or more specific purposes.

  1. What data is processed?

The client’s name and telephone number are required on the online form to enable a city employee to contact them. The client may voluntarily provide their email address to make communication easier.

In addition, the client needs to specify their preferred method of digital support and whether they have their own device.

  1. What are the sources of data?

Personal data is collected from clients themselves. The client’s name and telephone number as well as the topic and method of digital support are required fields on the form.

  1. Will data be disclosed or transferred outside the city?

Personal data stored in the register may be disclosed to direct partners of Espoo Info with the client’s consent for the purpose of further digital support.

The technical provider of the form and the email service is Microsoft.

  1. Will data be transferred outside the EU/EEA?

The emails sent through the email service as well as the Forms survey tool provided by Microsoft are stored within the EU. Microsoft operates and develops Office 365 services from locations outside Europe, and data is considered to be transferred outside the EU for example in a situation where an administrator establishes a remote connection from the United States to a data centre in Europe, for example to solve a technical problem. In these circumstances, standard contractual clauses of the European Union apply.

  1. How long will data be stored?

Personal data does not need to be stored after the requested support session has been held between the advisor and the client. Old bookings are deleted from the register at least every three months.

  1. How is data protected?

Personal data is protected against unauthorised access and unlawful processing, such as loss, alteration or disclosure.

Administrator rights to access the form are only granted to people who process bookings.

  1. Rights of the data subject

Further instructions on submitting information requests referred to in the General Data Protection Regulation.

    1. How can I access my data?

You have the right to obtain from the data controller a copy of the personal data that is subject to processing. The data controller must provide the data without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

If the data controller does not take action on the request of the data subject, the data controller must inform the data subject without delay, and at the latest within one month of receipt of the request, of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Requests from the data subject and any resulting actions are free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the data controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.

    1. When can I request rectification of my data?

You have the right to have inaccurate, incomplete, outdated or unnecessary personal data that we store either rectified or completed by us.

    1. When can I request erasure of my data?

You have the right to have the data controller erase your personal data without undue delay under certain conditions. The data subject shall not have the right to erasure if the processing of data is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. In these cases, the data will only be erased after the statutory time limit.

    1. When can I request restriction of processing of my data?

If the data concerning you is inaccurate, you have the right to request that its processing be restricted until its accuracy has been verified.

    1. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority if you feel that the processing of your personal data is in infringement of data protection legislation. You can lodge a complaint with the Office of the Data Protection Ombudsman: www.tietosuoja.fi(external link, opens in a new window)