Data protection

This is where we tell you how Regional State Administrative Agencies use your personal information. We also tell you about your rights as a data subject.

Frequently asked questions

We only collect and use personal information for legitimate purposes. Whether we need your information depends on the circumstances. We typically use personal information

  • to attend to our statutory duties,
  • to provide services,
  • to provide advice,
  • to plan and execute our work, and
  • for correspondence and communication.

We are a government agency with a number of statutory duties. We need personal information, for example, to process permit and licence applications. Giving us your information can therefore also help to protect your legal rights.

Our website is public, and there is no need to create an account to browse the content. Whether you wish to create an account to access our online customer service portal is up to you. We only ever use your information for the purposes specified here. For example, if you want to subscribe to our electronic newsletters and news releases, we need your email address.

Only those officers of Regional State Administrative Agencies who need your information to perform their work have access to your file. We may also give access to your information to our partners and their subcontractors. Our partners and their subcontractors have agreed to comply with the provisions of the General Data Protection Regulation (GDPR).

What kind of personal information do Regional State Administrative Agencies have about me? This depends on two things:

  • the kind of information that Regional State Administrative Agencies need in order to process your case and
  • the information that you or others acting on your behalf have provided to Regional State Administrative Agencies.

Our policy is to only hold on to the information that is relevant to your case. This minimises the risk of your personal information being misused and saves us from having to keep unnecessary information.

Depending on the circumstances, we usually need the following information:

  • first name and surname,
  • contact information,
  • nationality,
  • personal identity code or date of birth,
  • job title,
  • employer’s name, and
  • information and documents relevant to each case, such as
  • case number,
  • information about the procedural steps taken,
  • information about any decisions made,
  • details about any relevant projects,
  • payment history, and
  • any other documents submitted, which can also include sensitive information (such as information about a person’s health in the case of medical malpractice complaints).

We only keep the information that is necessary and relevant to your case. We therefore ask you to only send us information that we actually need. The easiest way to ensure that you are sending us the right information is to use our forms or online customer service portal. If you are unsure as to what information we need, ask us by contacting your nearest Regional State Administrative Agency.

See our contact information on the Customer service page.

You have the right to know what we use your information for and how. This is where we explain how you can exercise your rights. Our aim is to give you the full picture of how and why Regional State Administrative Agencies process personal data. This page is currently under construction, and new information will be added in due course.

You have the right to know whether we hold any personal information about you. You also have the right to be told if we do not hold any information about you.

If we do hold information about you, you have the right to access your file and make any necessary corrections.

  • Right to access your personal file
    • You can ask for a copy of the personal file that we hold about you. You can do this by sending a signed request by post or by email to the registry of the Regional State Administrative Agency for Southern Finland. 
       
  • Right to have inaccuracies corrected and to add missing information
    • If you notice any omissions or inaccuracies in your personal information, you can ask us to update your file. You need to tell us what information is incorrect and how. You also need to let us know how the information should be corrected. You can do this by sending a written request to the registry of the Regional State Administrative Agency for Southern Finland.
       
  • Right to restrict the use of your information
    • If you notice that your information is incorrect and tell us about the inaccuracies, you have the right to ask us to stop using the information until the mistakes have been corrected.
       
  • Right to be forgotten and to withdraw consent
    • Our policy is to delete all personal information as soon as we no longer have legal grounds to keep it.
    • In some circumstances, you can write to us and ask us to delete your information. You need to present grounds for erasure under Article 17 of the GDPR. You have the right to be forgotten if we no longer have legal grounds to keep your information or no longer need it for the performance or our duties.
    • There is a link to unsubscribe at the bottom of each of our newsletters.
    • To unsubscribe from our news releases, visit our Newsroom (in Finnish).
       
  • Right to challenge our practices
    • If for any reason you feel that we have misused your information, you can lodge a complaint with the Data Protection Ombudsman. For the Data Protection Ombudsman’s contact information, visit tietosuoja.fi.

The relevant forms are available at the bottom of this page, and our contact information is provided on the Customer service page

Should you have any more questions about personal data processing, please contact our Data Protection Officer.

We observe the principle of public access laid down in the Finnish Act on the Openness of Government Activities. The principle of public access authorises us to give members of the public access to individuals’ personal information on request. The principle also authorises us to release official records on request if the conditions laid down in the Act on the Openness of Government Activities are satisfied.

We can share your confidential personal information if

  1. you have consented to the disclosure of your confidential personal information,
  2. access is requested by a person who is an interested party to the proceedings in question (an interested party is someone whose rights, benefits or obligations may be affected), or
  3. the request is based on another law that permits the disclosure of confidential personal information.

We only keep personal information for as long as we need it. In addition, we observe any data retention periods prescribed by

  • the Finnish Archives Act,
  • regulations of the National Archives of Finland, and
  • Regional State Administrative Agencies’ Archiving Policy.

We mostly use your personal information to perform tasks in the public interest and to exercise the official authority vested in Regional State Administrative Agencies within the meaning of Article 6(1)(e) of the GDPR (EU 2016/679). We also have legitimate interests to process personal data under section 4, subsections 1 and 2 of the Finnish Data Protection Act (1050/2018). In so far as tasks mandated to Regional State Administrative Agencies by law are concerned, our right to process personal data is based on Article 6(1)(c) of the GDPR, which provides for compliance with specific legal obligations. For example, we have a duty to collect certain personal information for the Register of Alcohol Licensees under section 66 of the Finnish Alcohol Act (1102/2017).

If we need to process sensitive information in connection with your case, we do so in accordance with Article 9(2)(g) of the GDPR. The processing of sensitive information is also provided for in section 6, subsection 1, paragraph 2 of the Data Protection Act.

We may need to access your personal information in order to comply with our legal obligation to provide advice within the meaning of section 8 of the Finnish Administrative Procedure Act (434/2003). We also need some personal information from you in order to give you an option to use our online services, which we have an obligation to provide under sections 5 and 6 of the Finnish Act on Electronic Services and Communication in the Public Sector (13/2003) and the Finnish Act on the Provision of Digital Services (306/2019).

Our mandate is set out in section 4 of the Finnish Act on Regional State Administrative Agencies (896/2009) and section 2 of the Finnish Government Decree on Regional State Administrative Agencies (906/2009). More detailed provisions on our duties are also included in several special laws, which regulate our execution, coordination and enforcement responsibilities.

Contact information

Data Protection Officer
Hannele Svanström
tel. +358 (0)295 018 015
[email protected]

You can contact our Data Protection Officer if you need more information about personal data processing.

Queries relating to exercising your rights as a data subject should be addressed to the registry of the Regional State Administrative Agency for Southern Finland:

Regional State Administrative Agency for Southern Finland
Birger Jaarlin katu 15
PO Box 150, 13101 Hämeenlinna, Finland
tel. +358 (0)29 501 6000
[email protected]

Controllers

  • Regional State Administrative Agency for Southern Finland
  • Regional State Administrative Agency for Eastern Finland
  • Regional State Administrative Agency for Lapland
  • Regional State Administrative Agency for Southwestern Finland
  • Regional State Administrative Agency for Western and Inland Finland
  • Regional State Administrative Agency for Northern Finland

Each Regional State Administrative Agency is accountable for its own personal data processing procedures.

If you have a question about the use of your personal information by some other organisation, you should contact the Data Protection Officer of that organisation directly.