Privacy notice: Low-threshold counselling and guidance services (Hello Espoo Info)

This privacy notice was published on 17 February 2025.

Client register for low-threshold counselling and guidance services (Hello Espoo Info)

City of Espoo

Tel. +358 9 81621

P.O. Box 1, 02070 City of Espoo

Teemu Haapalehto, Director of Economic Development (acting)

P.O. Box 12, 02070 City of Espoo

Tel. +358 9 81621 (switchboard)

Service Supervisor, low-threshold counselling and guidance services (Hello Espoo Info)

P.O. Box 3102, 02070 City of Espoo

Tel. +358 9 81621 (switchboard)

Data Protection Officer of the City of Espoo

Address: P.O. Box 12, 02070 City of Espoo

Tel. +358 9 81621 (switchboard)

Email: tietosuoja@espoo.fi

The City of Espoo processes clients’ personal data for the following purposes:

Hello Espoo Info processes clients’ personal data in order to carry out statutory duties assigned to the municipality (Act on the Promotion of Immigrant Integration, section 10).

Hello Espoo Info processes personal data for the booking of appointments, if necessary. An appointment must be booked for citizenship and residence permit matters, as they require more time than can be provided at Hello Espoo Info’s walk-in service.

Espoo has an obligation to provide guidance and counselling to immigrants in Espoo. The provision of services under the Act on the Promotion of Immigrant Integration requires the processing of clients’ personal data. Processing is necessary for compliance with the statutory obligations to which Espoo is subject. (Act on the Promotion of Immigrant Integration, section 10).

• General Data Protection Regulation of the EU, in particular Article 6(1)(c) and Article 9(2)(h)
• Data Protection Act (1050/2018)
• Act on the Openness of Government Activities (621/1999)
• Decree on the Openness of Government Activities and on Good Practice in Information Management (1030/1999), chapter 2
• Act on the Promotion of Immigrant Integration (681/2023)
• Administrative Procedure Act (434/2003)

Hello Espoo Info processes the client’s phone number.

Hello Espoo Info stores the following data in the register:

The client’s phone number is stored for the purpose of sending appointment information.

• The client’s identifying and contact information (phone number and service language)
• Grounds for and validity of the client’s resident permit
• The client’s family information (spouse, dependant(s), number and ages of children under 18 years, family situation, housing information and household size), if relevant to the topic discussed
• Information on service needs and appointment information
• Information and assessments concerning the client’s health and capacity to work and function, which have an impact on the integration of the client and are necessary for the provision of services
• Information produced or provided by the client.

Information regarding a client relationship with integration services is confidential pursuant to section 24 of the Act on the Openness of Government Activities (621/1999).

The regular sources of data are:

• the client or their legal representative.

Data will not be disclosed.

As a rule, Espoo does not transfer client data outside the European Union or the European Economic Area. For example, the data centres for the client data systems used by Espoo are located in EU or EEA countries.

Espoo transfers client data outside the EU or EEA countries in case of data exchange between authorities based on legislation.

Espoo transfers client data outside the EU and EEA countries only if the receiving country has been determined by a decision of the Commission to ensure an adequate level of data protection or the transfer is carried out using other appropriate safeguards specified in the General Data Protection Regulation of the EU (2016/679).

Client data is deleted once an appointment at Hello Espoo Info has been booked for the client.

Data storage, archiving, destruction and other processing are guided by records management plans and the data security and protection guidelines. Electronic data stored in the register is protected so that it can only be accessed by an authorised person. Each user accepts a commitment concerning access to and confidentiality of data and information systems when receiving access rights.

Employees who process client data are bound by an obligation of confidentiality. The obligation of confidentiality and secrecy continues even after the end of the employment relationship.

The IT equipment is located in protected and supervised premises. The equipment and programmes used by the City of Espoo are protected and secured in accordance with the city’s data security principles.

The processing of clients’ personal data is based on a client relationship or other relevant connection. Employees’ access rights are based on personal access rights, and Espoo uses log data to monitor their use. Each employee must accept the user and non-disclosure agreement concerning data and information systems. Espoo’s systems require a change of password at regular intervals. Supervisors make decisions regarding granting and removing access rights. Espoo deactivates the access rights at the end of an employee’s employment relationship.

No manual materials concerning clients are produced at Hello Espoo Info.

A data subject, i.e. the client, or their legal representative has the right to be informed of whether Espoo processes personal data concerning the client. If Espoo processes personal data concerning the client, the client or their legal representative has the right to obtain a copy of the personal data being processed.

The guardian of an incompetent person has access to the person’s information if the exercise of the right of access is included in the guardianship decision. When submitting a request for access to personal data, the guardian must also provide a copy of the guardianship decision.

A donee of a continuing power of attorney also has the right to access the information of the person in question if the exercise of the right of access is included in the continuing power of attorney. The continuing power of attorney needs to be confirmed by the Digital and Population Data Services Agency or a local register office. When submitting a request for access to personal data, the donee of a continuing power of attorney must also provide a copy of the continuing power of attorney and a copy of the decision of the Digital and Population Data Services Agency or a local register office to confirm the continuing power of attorney.

Even though the personal data of the client may contain information about a third party (i.e. a person other than the client, the client’s legal representative, or a person who has a right of access to information about a child based on an agreement or a court decision), the third party does not have a right of access to the data.

The client or their legal representative may submit a request for access in person during a visit, by a document sent by post, or by visiting the Registry Office or a Service Point. Espoo has prepared a request form that the client or their legal representative can use when requesting access to data. The form is available at the Hello Espoo Info unit and on the City of Espoo website(external link, opens in a new window). If the client or their legal representative wishes to submit a request for access to personal data using a free-form document, the request must indicate if they wish to access all personal data or data for a specific period of time, and the name, personal identity code and contact details of the person submitting the request. If the request for access concerns the personal data of a person other than the one submitting the request, the request must include the name and personal identity code of the person whose data is requested. The client or their legal representative can send the request by post to: 

Service Supervisor, low-threshold counselling and guidance services (Hello Espoo Info), P.O. Box 3102, 02070 City of Espoo 

If the client or their legal representative submits a request for access to personal data to a unit, the Registry Office or a Service Point in person, Espoo will verify the person’s identity from a photo ID.

Espoo provides the data without undue delay and in any event within one month of receipt of the request. Where necessary, Espoo may extend that period by a maximum of two months. Espoo takes into account the complexity and number of requests when extending the period. Espoo informs the person requesting the data of the extension of the period and the reasons for the extension within one month of receipt of the request. Espoo informs the person requesting the data of its refusal to provide the data no later than within one month of receipt of the request. As a rule, Espoo sends the requested data to the address of the client or their legal representative indicated in the Population Information System.

The EU General Data Protection Regulation, the Data Protection Act and specific national legislation provide for situations where the data controller may refuse to provide the data requested by the client or their legal representative. If Espoo refuses to provide the requested data to the client or their legal representative, Espoo will, without delay and no later than within one month of receipt of the request, inform the person requesting the data of the reasons for not providing the data and the possibility of lodging a complaint with the Data Protection Ombudsman and seeking a judicial remedy.

As a rule, a request for access to personal data is free of charge. Where requests from the client or their legal representative are manifestly unfounded or excessive, in particular because of their repetitive character, Espoo may either charge a reasonable fee taking into account the administrative costs of providing the data or communication or taking the action requested, or refuse to provide the requested data.

The data subject, i.e. the client, or their legal representative has the right to request Espoo without undue delay to rectify inaccurate personal data concerning the client. The client or their legal representative has the right to have incomplete data completed. Espoo makes the changes so that the register shows information regarding the rectification, the person who made it, the date of the rectification and also the original entry. Espoo is obliged to inform each recipient to whom Espoo has disclosed data concerning the client of the rectification of the data. Espoo has no obligation to inform these recipients if it proves impossible or requires unreasonable effort.

Espoo fulfils the request without undue delay and in any event within one month of receipt of the request. Where necessary, Espoo may extend that period by a maximum of two months. Espoo takes into account the complexity and number of requests when extending the period. Espoo informs the person requesting the rectification of the extension of the period and the reasons for the extension within one month of receipt of the request. Espoo informs the person requesting the rectification of its refusal to rectify the data no later than within one month of receipt of the request.

The client or their legal representative may submit a request in person during a visit or by a document sent by post. The request must indicate the data to be rectified word for word, the proposed changes word for word, the reasons for the proposed changes, and the name, personal identity code and contact details of the person submitting the request. If the request for rectification concerns the personal data of a person other than the one submitting the request, the request must include the name and personal identity code of the person whose data is to be rectified. The client or their legal representative can send the request by post to: 

Service Supervisor, low-threshold counselling and guidance services (Hello Espoo Info), P.O. Box 3102, 02070 City of Espoo

If the client or their legal representative submits the request to a unit, the Registry Office or a Service Point in person, Espoo will verify the person’s identity from a photo ID.

If Espoo refuses the client’s or their legal representative’s request for rectification of data, Espoo will inform the client or their legal representative of this in writing. Espoo will also give the reasons for the refusal and inform the client or their legal representative of the possibility of lodging a complaint with the Data Protection Ombudsman and seeking a judicial remedy.

Espoo may also rectify client data by supplementing it based on the view of the client or their legal representative.

If the conditions laid down in Article 17 of the EU General Data Protection Regulation are met, the client or their legal representative has the right to have personal data concerning the client erased without undue delay. As a rule, the client or their legal representative does not have the right to have personal data concerning the client erased in relation to social services because Espoo is legally obliged to process data (e.g. registration and filing obligation). The right of the client or their legal representative to have personal data concerning the client erased mainly applies to data that was originally unnecessary for its intended purpose. Espoo is obliged to inform each recipient to whom Espoo has disclosed data concerning the client of the erasure of the data. Espoo has no obligation to inform these recipients if it proves impossible or requires unreasonable effort.

The client or their legal representative can send the request for erasure by post to: 

Service Supervisor, low-threshold counselling and guidance services (Hello Espoo Info), P.O. Box 3102, 02070 City of Espoo.

The client or their legal representative has the right to request Espoo to restrict the processing of personal data concerning the client if the accuracy of the personal data is contested by the client or their legal representative. In this case, Espoo will, as a rule, restrict the processing of personal data concerning the client until Espoo has verified the accuracy of the personal data. The General Data Protection Regulation provides for certain exceptions to the restriction obligation, which allow Espoo to process the client’s personal data subject to restriction under certain circumstances. Espoo must inform the client or their legal representative before the restriction of processing is lifted.

The client or their legal representative can send the request for the restriction of processing by post to: 

Service Supervisor, low-threshold counselling and guidance services (Hello Espoo Info), P.O. Box 3102, 02070 City of Espoo.

The processing of the client’s personal data in connection with integration services is based on compliance with statutory obligations. Therefore, the client or their legal representative does not have the right to object to the processing of personal data.

The processing of the client’s personal data at Hello Espoo Info is based on compliance with statutory obligations. Therefore, the client or their legal representative does not have a right to data portability, i.e. a right to transfer the data to another system.

The client has the right not to be subject to decisions based solely on automated processing, which produce legal effects concerning the client or similarly significantly affect the client. Espoo does not use automated decision-making in the provision of integration services.

The client or their legal representative has the right to lodge a complaint with the Data Protection Ombudsman if the client or their legal representative considers that Espoo does not process personal data concerning the client in compliance with data protection legislation. More detailed instructions on how to lodge a complaint can be found on the website of the Office of the Data Protection Ombudsman at tietosuoja.fi/en(external link, opens in a new window).

The right to lodge a complaint with the Data Protection Ombudsman is without prejudice to any other administrative or judicial remedy available to the client or their legal representative.