Skip to main content
SearchServices

Processing of personal data in connection with the Future Workshop for Sustainable Development (TUPA) project

The privacy notice was published on 1.8.2022

Data controller

City of Espoo

P.O. Box 1, 02070 CITY OF ESPOO

Person responsible for the register

Suvi Jäntti, Coordinator, suvi.jantti@espoo.fi

Contact person of the register

Suvi Jäntti, Coordinator, suvi.jantti@espoo.fi

Data Protection Officer 

Data Protection Officer of the City of Espoo

Address: P.O. Box 12, 02070 City of Espoo

Tel. +358 9 81621 (switchboard)

Email address: tietosuoja@espoo.fi

For what purpose will personal data be processed?

Personal data is collected for the selection of a group of residents for the Future Workshop for Sustainable Development (TUPA) project. Data is collected to put together a group of people with varied backgrounds. After selecting the group members, their contact information will be used to contact them.

Key legislation:

  • General Data Protection Regulation of the European Union (2016/679).
  • Data Protection Act (1050/2018).
  • Local Government Act (410/2015).
  • Act on the Openness of Government Activities (621/1999).

On what grounds will personal data be processed?

  • Article 6(1)(a) of the General Data Protection Regulation of the European Union: the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
  • Article 6(1)(e) of the General Data Protection Regulation of the European Union: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. 

What data will be processed?

During the application process, we will process data related to persons who have filled in the application form (name, age group, family situation, gender, native language, education, employment situation, greater area where one lives, minority status (incl. disability), participation in organisations’ activities, membership in a city body). Contact information will be collected, to the extent necessary, to contact the persons (email address and telephone number).

PUBLIC ACCESS TO AND CONFIDENTIALITY OF DATA:

The data is confidential.

What are the sources of data?

Data is received directly from the data subject. They will provide their data when filling in the application form. The provision of personal data is based on the person’s consent.

Will data be disclosed or transferred outside the city?

Data will not be disclosed to parties external to the City of Espoo.

Will data be transferred outside the EU/EEA?

Personal data will not be transferred outside the EU or the European Economic Area (EEA).

How long will data be stored?

Data will be stored for the duration of the project, until 31 May 2023 at the latest. Data will, however, be erased as soon as it is not needed.

How will data be protected?

A survey tool provided by a contracted supplier of the City of Espoo. Access to the data is limited to certain designated employees involved in the project. User rights are given on a task-specific basis. Each user must accept the user agreement and non-disclosure agreement concerning the data and the data systems. The users regularly participate in data protection and data security training.

Each user must accept the data and data system user agreement and non-disclosure agreement of the City of Espoo.

Rights of the data subject

Further instructions on submitting information requests referred to in the General Data Protection Regulation: https://www.espoo.fi/en/city-espoo/data-protection#section-7317

1. How can I access my data?

You have the right to obtain from the data controller a copy of the personal data that is subject to processing. The data controller must provide the data without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

If the data controller does not take action on the request of the data subject, the data controller must inform the data subject without delay, and at the latest within one month of receipt of the request, of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Requests from the data subject and any resulting actions are free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the data controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.

2. When can I request rectification of my data?

You have the right to have inaccurate, incomplete, outdated or unnecessary personal data that we store either rectified or completed by us.

3. When can I request erasure of my data?

You have the right to have the data controller erase your personal data without undue delay under certain conditions. The data subject does not have the right to erasure if the processing of data is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In these cases, the data will only be erased after the statutory time limit.

4. When can I request restriction of processing of my data?

If the data concerning you is inaccurate, you have the right to request that its processing be restricted until its accuracy has been verified.

5. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority if you feel that the processing of your personal data is in infringement of data protection legislation. You can lodge a complaint with the Office of the Data Protection Ombudsman: www.tietosuoja.fi