Privacy statement, planning survey register – resident survey response data
Processing of personal data
Planning survey register – resident survey response data
Date of publication: 23 September 2020 (updated 17 December 2025)
1. Data controller
City of Espoo
2. Person responsible for the register
City Planning Director
3. Contact person of the register
Saku Saarimaa, Specialist Planner
City Planning Department, Tekniikantie 15, PO Box 43, 02150 CITY OF ESPOO
4. Data Protection Officer
The Data Protection Officer of the City of Espoo.
Address: PO BOX 12, 02070 City of Espoo
Tel. +358 9 81621 (switchboard)
Email: tietosuoja@espoo.fi
5. For what purpose will personal data be processed?
The purpose of the processing of personal data in the register is to implement interaction in land use planning and to compile a knowledge base needed for land use planning. Survey results will be used in land use planning.
The processing of personal data in the register is necessary for the performance of a task carried out in the public interest and for the exercise of public authority vested in the controller. (Land Use and Building Decree 132/1999).
6. On what grounds will personal data be processed?
Article 6(1)(e) of the EU General Data Protection Regulation: processing is necessary for the purposes of performing a task carried out in the public interest or for the exercise of public authority vested in the controller.
7. What data will be processed?
Respondents to resident surveys and users of the plan feedback system may be asked to provide information on such matters as contact details and matters related to the respondent’s age, family and mobility or service use.
PUBLICITY AND CONFIDENTIALITY OF DATA: Data are generally public.
GROUNDS FOR CONFIDENTIALITY: According to the Act on the Openness of Government Activities if the data are confidential.
8. What are the sources of data?
Any personal data in the register are obtained from the data subjects themselves. Responding to the survey is voluntary and may require you to provide personal data.
9. Will data be disclosed or transferred outside the city?
The response material collected using the Kartalla application may be disclosed to partners for analysis.
10. Will data be transferred outside the EU/EEA?
Response material will not be transferred to areas outside the EU or EEA.
11. How long will data be stored?
Data storage periods are specified in the City of Espoo’s information management plan.
12. How will data be protected?
A. Electronic material
IT equipment is located in secure and controlled facilities. Access rights to information systems and files are based on personal access rights, and their use is monitored. Access rights are granted on a task-specific basis. Each user accepts an agreement on the use and non-disclosure of data and information systems.
Data are also located on a server managed by Ubigu Oy, which can be accessed using a user ID and a password. The server is appropriately protected. Ubigu’s servers are located in Ireland and comply with the data protection legislation valid in the EU and Finland. The servers are maintained by Microsoft, which in turn complies with EU data protection legislation.
B. Manual material
Archives and units have access control and locked doors. All documents are stored in controlled facilities and/or locked cabinets.
13. Rights of the data subject
Further instructions on submitting information requests referred to in the General Data Protection Regulation: Data protection/Clients’ rights
13.1 How can I access my data?
You have the right to obtain from the controller a copy of the personal data that are subject to processing. The controller shall provide the data without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the opportunity of lodging a complaint with the supervisory authority and seeking a judicial remedy.
Requests from the data subject and any resulting actions are free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.
13.2. When can I request rectification of my data?
You have the right to have inaccurate, incomplete, outdated or unnecessary personal data that we store either rectified or completed by us.
13.3 When can I request erasure of my data?
You have the right to have the controller erase your personal data without undue delay under certain conditions. The data subject does not have the right to erasure if the processing of data is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. In these cases, the data will only be erased after the statutory time limit.
13.4 When can I request restriction of processing of my data?
If the data concerning you are inaccurate, you have the right to request that their processing be restricted until their accuracy has been verified.
13.5 Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority if you feel that the processing of your personal data infringes data protection legislation. You can lodge a complaint with the Office of the Data Protection Ombudsman at www.tietosuoja.fi(external link, opens in a new window)