This is how your personal data is processed in the Regional State Administrative Agency’s customer service

Personal data refers to any information that can be directly or indirectly linked to a natural person.

On this page, we will outline the instructions we follow, our methods for processing and storing your data, and what rights you have. These guidelines will never limit the rights granted to you by the General Data Protection Regulation or any other legally valid decision.

How we secure your personal data

Your personal data is protected from unauthorised viewing, editing and destruction. The protection is based on user authorisation management, the technical protection of databases and servers, the physical protection of facilities, access control, the protection of data communication and the backup of data. The right to access and process data is granted based on tasks. Access to the system is based on personal usernames. We use administrative controls to monitor the appropriateness of our activities.

As a rule, we will not disclose your information to other parties.

We will not transfer your personal data outside the EU or the EEA.

We retain your personal data only as long as it is necessary for the purposes of processing personal data specified in this privacy statement. 

We keep recordings of phone calls for 6 months. In the case of quality development projects and complaints, we may keep individual recordings for longer, but for no more than 12 months.

We will retain backups of emails for 6 months.

Case management takes place in the Uspa case management system, the service provider of which is KEHA. The Vera monitoring system is in place for occupational safety and health. 

ServiceNow is provided by Valtori and their subcontractor, Sofigate.

Purpose of processing your personal data

The purpose of processing of your personal data is to manage customer relationships as part of official duties as well as other contact with customers.

The legal basis for the processing of personal data under the EU General Data Protection Regulation is the implementation of official activities, which include provision of advisory services to customers and the management of customer contacts. 

We will not use your data for automated decision-making or profiling.

Legal basis for the processing of your personal data

The legal basis for the processing of your data is Article 6(1)(e) of the GDPR (EU 2016/679), which provides that data is processed for performing tasks carried out in the public interest or in the exercise of official authority vested in the Regional State Administrative Agency. This also provided for in section 4, paragraph 2 of the Data Protection Act (1050/2018).

The organisation of customer services is based on the performance of tasks that are of public interest and are the responsibility of the Regional State Administrative Agency. This purpose is also supplemented by the Administrative Procedure Act (434/2003) and the Act on Electronic Services and Communication in the Public Sector (13/2003).

Personal data in the register

We will save the following personal data in our register: 
• a person’s identification details
• name
• address
• phone number
• email.

Regular data sources for your personal data

The information stored in our register is mostly received directly from our customers, in the form of
•    messages sent via online forms
•    emails
•    phone calls
•    message through our chat service
•    in other situations where the customer discloses information.

We also receive information from services that provide public contact information.

Your rights

Right to access to your personal data

You can request and receive a copy the your personal data that we have in our register by sending a signed information request form by letter or email to the Regional State Administrative Agency's registry. We will implement your request unless we have a legitimate reason to refuse realising your rights.

Request to access personal data

Right to request that inaccuracies be corrected and missing information be added

If you notice any omissions or inaccuracies in your personal data, you have the right to request that we update these. In such a case, we ask that you indicate which information is incorrect and how the information should be changed or which information should be supplemented and how.

Request for the correction of inaccurate personal data and to restrict the use of personal data

Restricting the use of your information

If you believe that the information we are processing that concerns you is incorrect, that it is being processed unlawfully, or you oppose the processing of your information, you may ask us to restrict the processing of your information.

Request for the correction of inaccurate personal data and to restrict the use of personal data

In that case, we can only process your data
•    with your consent
•    if we need the data for the purpose of establishing, submitting or defending a legal claim
•    in the public interest
•    to protect the rights of another person.

If we limit the processing of your data on the basis of your request, we are obligated, as far as possible, to notify all those to whom the data was previously disclosed.

Send a written data restriction request to the Regional State Administrative Agency’s registry.

Right to object to the processing of personal data

You have the right to object to us processing your personal data. You can do so at any time giving reasons related to your specific personal situation. In that case, we will no longer be allowed to process your personal data unless there is a significant and substantiated reason that supersedes your interests, rights and freedoms, or if the processing of the data is necessary to establish, present or defend a legal claim.

Send your written and justified request to the Regional State Administrative Agency's registry.

Contact information for the Data Protection Officer and further information on data protection

Office of the Data Protection Ombudsman