Processing of personal data: Participate and Contribute
Personal data is used for activities that increase residents’ participation in the development of the City of Espoo as well as for marketing purposes, for sending newsletters and client bulletins and for other similar purposes.
Date of publishing: 14.07.2022
City of Espoo
P.O. Box 1, 02070 CITY OF ESPOO
2. Person responsible for the register
Marianne Julkunen, Development Manager, Mayor’s Office
3. Contact person of the register
Marianne Julkunen, Development Manager, Mayor’s Office
4. Data Protection Officer
Data Protection Officer of the City of Espoo
Address: P.O. Box 12, 02070 City of Espoo
Tel. +358 9 81621 (switchboard)
5. For what purpose will personal data be processed?
Personal data is processed to organise and promote participation in the City of Espoo’s development work. An individual provides the information while registering for an event or subscribing to the newsletter.
6. On what grounds will personal data be processed?
Article 6(1)(a) of the General Data Protection Regulation of the European Union: the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
Article 6(1)(c) of the General Data Protection Regulation of the European Union: processing is necessary for compliance with a legal obligation to which the controller is subject.
(Local Government Act, section 22)
Article 6(1)(e) of the General Data Protection Regulation of the European Union: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. What data will be processed?
The person’s name, age group, municipality of residence, area of residence, mother tongue, language skills, special dietary needs, need for assistance, email address, job title, education, permission to use photos and videos from events, and information on how long the person has lived in Finland. People are asked to provide one or more of the above-mentioned details, depending on the situation.
8. What are the sources of data?
Data is collected from the data subjects themselves.
9. Will data be disclosed or transferred outside the city?
Data will not be disclosed or transferred.
10. Will data be transferred outside the EU/EEA?
Personal data will not be transferred outside the EU or the European Economic Area (EEA).
11. How long will data be stored?
Newsletter-related information will be stored until the publication of the newsletter is discontinued, the data subject unsubscribes from the newsletter or their email address repeatedly sends an error notification when sending newsletters.
Information collected at various events will only be stored for as long as it is needed.
12. How will data be protected?
Electronic maintenance systems: Dedicated servers in Finland.
All employees who process data are bound by an obligation of secrecy and confidentiality.
Principles of data protection: The register is stored electronically and protected from third parties by appropriate firewalls and technical protection measures. The right to use and maintain the data stored in the register is only awarded to persons appointed to this task. The users are bound by an obligation of confidentiality.
13. Rights of the data subject
If the collection of data is based on the client’s consent, the client may withdraw their consent at any time and ask for their data to be erased. The client can withdraw their consent by sending an email to the contact person of the register.
Further instructions on submitting information requests referred to in the General Data Protection Regulation:
13.1 How can I access my data?
You have the right to obtain from the data controller a copy of the personal data that is subject to processing. The data controller must provide the data without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
If the data controller does not take action on the request of the data subject, the data controller must inform the data subject without delay, and at the latest within one month of receipt of the request, of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
Requests from the data subject and any resulting actions are free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the data controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.
13.2 When can I request rectification of my data?
You have the right to have inaccurate, incomplete, outdated or unnecessary personal data that we store either rectified or completed by us.
13.3 When can I request erasure of my data?
You have the right to have the data controller erase your personal data without undue delay under certain conditions. The data subject does not have the right to erasure if the processing of data is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In these cases, the data will only be erased after the statutory time limit.
13.4 When can I request restriction of processing of my data?
If the data concerning you is inaccurate, you have the right to request that its processing be restricted until its accuracy has been verified.
13.5 Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority if you feel that the processing of your personal data is in infringement of data protection legislation. You can lodge a complaint with the Office of the Data Protection Ombudsman: www.tietosuoja.fi