Processing of personal data, Surveys of Espoo's Communication

Date of publication: 30 January 2020

1. Data controller

City of Espoo.

2. Person responsible for the register

Director of Communications.

3. Contact person of the register

Communications Unit, Mayor's Office, info@espoo.fi

4. Data Protection Officer

tietosuoja@espoo.fi

5. For what purpose will personal data be processed?

The personal data stored in this register will be processed for the purposes of feedback collection and service development: questionnaires, surveys, compilation of statistics, analyses.

6. On what grounds will personal data be processed?

  • Article 6(1)(a) of the General Data Protection Regulation of the European Union: the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
  • Article 6(1)(b) of the General Data Protection Regulation of the European Union: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Article 6(1)(c) of the General Data Protection Regulation of the European Union: processing is necessary for compliance with a legal obligation to which the controller is subject.

Key legislation:

  • General Data Protection Regulation of the European Union (679/2016) Data Protection Act (1050/2018)
  • Local Government Act (410/2015)
  • Act on the Openness of Government Activities (621/1999).

7. What data will be processed?

Contact information to the extent that is necessary for the organisation (email or telephone number). The required background information (age, profession, family situation, gender, mother tongue, the role in which the person uses the service in question).

Clients may submit feedback for example as free-form text or in numerical form (rating scales or multiple choice questions). The client feedback contains information about the realisation of the service. Clients take surveys and provide feedback anonymously, but should a client wish to participate in the development of the services, they need to provide their email address or telephone number. Such contact information cannot be linked to the survey responses, and the contact information will be deleted immediately after the prize draw.

Confidential data.

8. What are the sources of data?

The customer provides this information while taking a survey or giving feedback.

9. Will data be disclosed or transferred outside the city?

Data will not be disclosed to parties external to the City of Espoo. The data will only be processed by Espoo Customer Service.

10. Will data be transferred outside the EU/EEA?

Personal data will not be transferred outside the EU or the European Economic Area (EEA).

11. How long will data be stored?

If contact information has been collected, it will be immediately deleted after unnecessary. Individual survey responses will be deleted within a year.

12. How will data be protected?

A survey tool provided by a contracted supplier of the City of Espoo. Access to the data is limited to certain Commmunication department employees appointed for this task. User rights are given on a task-specific basis. Each user must accept a data and data system user agreement and non-disclosure agreement.

Each user must accept the data and data system user agreement and non-disclosure agreement of the City of Espoo.

13. Rights of the data subject

Further instructions on submitting information requests referred to in the General Data Protection Regulation: https://www.espoo.fi/en/city-espoo/data-protection#section-7317(extrernal link)

13.1 How can I access my data?

You have the right to obtain from the controller a copy of the personal data that is subject to processing. The controller shall provide the data without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay, and at the latest within one month of receipt of the request, of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Requests from the data subject and any resulting actions are free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.

13.2 When can I request rectification of my data?

You have the right to have inaccurate, incomplete, outdated or unnecessary personal data that we store either rectified or completed by us.

13.3 When can I request erasure of my data?

You have the right to have the controller erase your personal data without undue delay under certain conditions. The data subject does not have the right to erasure if the processing of data is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. In these cases, the data will only be erased after the statutory time limit.

13.4 When can I request restriction of processing of my data?

If the data concerning you is inaccurate, you have the right to request that its processing be restricted until its accuracy has been verified.

13.5 Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority if you feel that the processing of your personal data is in infringement of data protection legislation. You can lodge a complaint with the Office of the Data Protection Ombudsman: www.tietosuoja.fi.