Skip to main content
SearchServices

Processing of personal data – City of Espoo customer services (Espoo-info)

Date of publication of the privacy notice: 12 June 2026 

1. Purpose and legal basis for processing personal data 

Personal data in Espoo is generally used for producing, planning, evaluating services and operations, and for statistical purposes. Espoo-info can be contacted in person, by phone, or online. Customers may contact Espoo-info via the OmaEspoo service portal, by email, via chat, or through a video call. In-person service is available at Espoo-info service points or at mobile Espoo-info events. 

Your data is processed in Espoo-info on the following legal grounds: 

Espoo-info processes personal data concerning customers to perform statutory duties assigned to the municipality. Act on Joint Services in Public Administration 223/2007. 

Processing based on a task carried out in the public interest or the exercise of official authority. Act on the Provision of Digital Services 306/2019, Section 5; Administrative Procedure Act 434/2003, Section 8. 

2. What data is processed and where is it obtained? 

Espoo-info processes the following personal data of customers: 

  • names, email addresses, phone numbers 
  • personal identity numbers 
  • other personal data provided by customers in face-to-face or online interactions 

The data varies depending on the type of service. Only data necessary for handling the customer’s case is processed. The data is obtained from customers themselves during service interactions and partly, for users logged into OmaEspoo, from the Suomi.fi service managed by the Digital and Population Data Services Agency (DVV). 

3. How long is the data retained? 

Personal data is retained only as long as necessary for providing the service or as required by law. The retention periods are determined in accordance with Section 21 of the Information Management Act. 

Contacts and responses in digital guidance and other general advisory services, as well as related service data, are stored for five years after the request has been resolved. 

Payment transaction data related to purchase permits is stored for ten years. 

4. Parties processing or receiving the data 

4.1 Parties processing data on behalf of Espoo 

Personal data is processed by officials and employees of the City of Espoo and by external service providers contracted by the city. Only processors who comply with good data processing practices and meet GDPR requirements are selected. Compliance is ensured through written agreements. 

The following external provider is used in OmaEspoo and Espoo-info’s case management system: Sofigate Oy. The contractor may use subcontractors approved by Espoo. 

4.2 Disclosure to other organisations 

Data is disclosed in accordance with the Act on the Openness of Government Activities. Personal data may be disclosed to authorities and other parties as permitted or required by law. Data may also be disclosed to service providers that deliver services for the controller. 

5. Is data transferred outside the EU/EEA? 

Data is not transferred outside the EU/EEA. 

6. Rights of the data subject 

The EU General Data Protection Regulation provides you with various rights regarding the processing of your personal data. You can find more information about your rights on the City of Espoo website: Data Protection | City of Espoo

7. Data controller 

The data controller is the City of Espoo. 

7.1 Contact person for the register 

For questions or further information, please contact: 

Tuija Wikström, Customer Service Manager 
Tel. +358 9 81621 (switchboard) 
tuija.wikstrom@espoo.fi 

7.2 Data Protection Officer 

Data Protection Officer of the City of Espoo 

Address: P.O. Box 12, 02070 City of Espoo 
Tel. +358 9 81621 (switchboard) 
Email: tietosuoja@espoo.fi 

Change history 
1.0 12 June 2026