Privacy notice Community of Western Uusimaa wellbeing services county

Data privacy policy

The community of Western Uusimaa wellbeing services county

Date of publication: 28 January 2021, updated 16 September 2022

 1. Data controller  

 The register is related to the preparation of Western Uusimaa wellbeing services county. On the platform the inhabitants of Western Uusimaa and other stakeholders can take part in the development work and share their experiences, expectations and wishes.  

As of 1 January 2023, the Western Uusimaa wellbeing services county will provide health, social and rescue services as well as the school psychologist and social services for the residents of Espoo, Hanko, Ingå, Karkkila, Kauniainen, Kirkkonummi, Lohja, Raseborg, Siuntio and Vihti.

City of Espoo serves as a data controller.   

2. Person responsible for the register  

Eliisa Anttila, preparation director, communication and participation,

3. Contact person of the register 

Anne Kettunen, Communications Manager,

4. Data Protection Officer 

City of Espoo, Data Protection Officer
Address: PL 12, 02070 Espoon kaupunki  
Tel. 09 816 21 (switchboard)  

5. For what purpose will personal data be processed 

The register is used for creating member accounts, sending invitation messages to activities (surveys, online discussions, interviews, etc.) as well as conducting any possible price draws and delivering the prices.  

6. On what grounds will personal data be processed? 

Article 6(1)(a) of the General Data Protection Regulation of the European Union: the data subject has given consent to the processing of his or her personal data for one or more specific purposes.   

7. What data will be processed?  

The register may contain following personal information:    

  • name
  • address
  • Email address
  • IP address 

8. What are the sources of data?  

Data is collected from the members when they register in the community.   

9. Will data be disclosed or transferred outside the city?  

In addition to the data controller, the personal data may be processed by selected people in the municipalities involved in the social and health services program (see chapter 1) as well as at Digitalist Finland Oy who owns and manages the community platform.   

10. Will data be transferred outside the EU/EEA?  

Data is not transferred outside the EU or the EEA. 

11. How long will data be stored?  

Personal data will be stored as long as the community is running or until the member unsubscribes from the community. When unsubscribed, all the personal information of the member will be deleted and survey answers, discussion comments and other contents anonymised.  

12. How will data be protected?  

The system, which contains personal information, can only be accessed by employees who have clearance to process personal information. The approved employees can access the register and personal information with a personal username and password. Members’ personal information is kept on cloud servers and/or on databases, which are all password and firewall protected.    

 13. Rights of the data subject 

Further instructions on submitting information requests referred to in the General Data Protection Regulation:  

13.1 How can I access my data? 

You have the right to obtain from the controller a copy of the personal data that is subject to processing. The controller shall provide the data without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. 

If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay, and at the latest within one month of receipt of the request, of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy. 

Requests from the data subject and any resulting actions are free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request. 

13.2. When can I request rectification of my data?  

You have the right to have inaccurate, incomplete, outdated or unnecessary personal data that we store either rectified or completed by us.  

13.3 When can I request erasure of my data?  

You have the right to have the controller erase your personal data without undue delay under certain conditions. The data subject does not have the right to erasure if the processing of data is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. In these cases, the data will only be erased after the statutory time limit. 

13.4 When can I request restriction of processing of my data?  

If the data concerning you is inaccurate, you have the right to request that its processing be restricted until its accuracy has been verified.   

13.5 Right to lodge a complaint  

You have the right to lodge a complaint with a supervisory authority if you feel that the processing of your personal data is in infringement of data protection legislation. You can lodge a complaint with the Office of the Data Protection Ombudsman: link)