Processing of personal data in the vantaa.fi online service

The City of Vantaa collects data for the publication of the online service, the maintenance of the system and the administration of the aforementioned entities.

1. When content is published, the data of the persons related to the content is also published e.g. contact details of additional information providers or contact persons..
2. Information on trustees and city officials is published on the website. is published on the website.
3. Personal data is collected from the staff for the management of credentials. Credentials management data is not published on the site.
4. Anonymised statistical data is collected on non-logged-in users of the site according to the cookie settings accepted by the user. The data is available to vantaa.fi administrators for statistical monitoring of the number of visitors and for improving the content, user interface and user experience of the site.

The city will never use this data for any other purposes, such as direct marketing or commercial aims. 

The processing of data is based on the fulfilment of a statutory obligation or the cookie consent given by the user. 

According to the Local Government Act, a municipality must provide sufficient information on the services provided by the municipality, the municipality’s finances, matters under preparation in the municipality and the plans concerning them, the processing of matters, the decisions made and the effects of those decisions.  

For example, the municipality must provide information about how people can contribute to the preparation of decisions and influence things. Furthermore, the municipality must ensure that, once an agenda has been drawn up, necessary information about the preparation of matters to be discussed by the different bodies is provided in a public information network.

In its online communications, the municipality must ensure that confidential information is not added to the public information network and that privacy protection is implemented in the processing of personal data.

According to the Local Government Act (410/2015, Section 84), certain municipal trustees and office-holders must declare their interests to an audit committee, which takes the declarations to the council for information. The declarations will be published on the website.

The members of the body carrying out the duties referred to in the Land Use and Building Act (132/1999), the chairs and vice-chairs of the council and the committee, the mayor and deputy mayor, as well as the rapporteur of the municipal government and the committee, must submit a declaration of interest concerning their managerial duties and positions of trust in enterprises engaged in business activities and in other communities, their significant assets, as well as other interests that may be of significance in carrying out official duties and duties related to a position of trust. 

The municipality must keep a register of interests in the public information network, unless the provisions on confidentiality require otherwise. At the end of a position of trust or position subject to the declaration obligation, the data concerning the person must be deleted from the register and information network. 

Legal basis for the processing:

• Article 6 (1) (a) and (c) of the EU General Data Protection Regulation (2016/679) 
• Section 6 of the Data Protection Act (2018/1050)
• The Land Use and Building Act (132/1999)
• Local Government Act (410/2015)
• Administrative Procedure Act (434/2003)
• Act on the Openness of Government Activities (621/1999)
• Act on Information Management in Public Administration (906/2019)

Persons related to published content

The contact details of providers and/or contact persons related to the matter due to their work duties are published on the site in the context of individual pieces of content. Part of the data is transferred from the interface registers.

The content will publish pictures and/or other personal information about the subjects of or people related to the stories, e.g. news stories.

Consents and permissions for publication will be obtained in accordance with each content production process.

Data to be imported from Vantaa’s other registers

This data is managed in the register to be sent in accordance with its administration model and processes. 

Azure AAD

• System user names: first name, last name, email address (data not published)
• Basic information of trustees and office-holders: name, email address, party and institutional roles. In addition, people may publish on their own pages their phone number, major region and picture as well as other information about themselves.

Matti system

• Providers of additional information for city planning projects: Name and contact information.
• Register family of offices and service descriptions

Data collected about site users 

Statistical data about users is collected using the Google Analytics and Siteimprove tools if the user has accepted the optional cookie settings. The data collected through cookies is described at vantaa.fi on the page Information on website. The user can at any time check the cookie settings and adjust them as desired through the Cookie Settings in the footer of the site.

The aforementioned tools are used to collect general, statistical data about the use of the site, if the user has accepted the optional cookies. In some cases, the user can be identified based on their IP address (unique visitors), but the data is anonymised and cannot be linked to a natural person. 

Cookie management is carried out by the CookieHub service. CookieHub does not collect or store sensitive or personal information about end users of the website.

The content of the Vantaa.fi service cannot be produced without personal data, i.e. the data is necessary for the provision of the service.

The processing of personal data is based on compliance with a legal obligation or the consent of the user.

The public information is available on the website.

Non-public personal data within the system will not be disclosed.

Data security and data protection have been secured by various technical and organisational measures to ensure your privacy. For example, personal data may be processed only by persons who need them to perform their work or official duties and only to the extent required by an individual task. The system has a log that can be used to monitor the processing of data.

Staff are bound by the obligation of professional confidentiality and will continue to be bound by it after the end of their employment. 
 

In cases where the processor of personal data handles personal data on behalf of the City of Vantaa, the appropriate level of data security and data protection has been agreed in an agreement with the processor. “Processor of personal data” means a party that processes personal data for the city, such as a service provider.

As a rule, data is only processed in the EU or EEA territory, but the processor can also transfer data outside the EU or EEA. However, such a transfer is only permitted if it meets the requirements set out in the data protection legislation and the agreement, which ensure an adequate level of protection for personal data.

Personal data will be transferred to the United States. The transfer is based on the 10 July 2023 decision of the European Commission on the adequacy of data protection level in the United States. The US companies to which data is transferred are certified companies committed to the safeguards agreed between the EU and the US.
 

Despite the protection measures, it is possible in exceptional cases that your personal data may be subject to a security breach or end up in the hands of a third party. In these cases, we will take immediate measures to rectify the situation. If the breach causes a risk to you, we will notify the Data Protection Ombudsman. The notification shall be made no later than 72 hours after discovering the breach. 

If the security breach poses a high risk, we will also notify you of the security breach.
 

The data is kept and destroyed in accordance with the City of Vantaa’s information management plan. The storing times of documents defined in the data management plan are based on legislation, the National Archives of Finland’s provisions concerning permanently stored documents and the Association of Finnish Municipalities’ recommendations concerning documents stored for a definite period of time. At the end of the period, the data will be destroyed.

The data in the interface registers is managed in the output registers. When the data in the output register change to a non-public state or is deleted, the data record is archived when the interface is updated in Drupal.

Non-public data in Drupal’s system management will be permanently deleted when the data no longer needs to be retained for traceability or operational verification purposes. As a rule, deletions are carried out no later than 2–5 years after the inactivation/archiving of the record containing personal data.

Your personal data will not be used for profiling or automated decision-making.

Data subject means the person whose personal data is being processed. 

If we process your personal data, you have the right to: 

• check the information processed by the application
• request the rectification of erroneous or inaccurate information
• request the erasure of personal data
• request the restriction of the data processing
• object to the processing of the data
• the right to receive the data and transfer it to another controller 
• withdraw your consent at any time if the processing is based on consent.

You can make a personal data review request using the form on the website: Request to review personal data, communications department of Urban Strategy and Management Department (514953). 

You can submit your review request in person at Vantaa Info. Bring along a passport, driving licence or ID card with a photo to prove your identity. The form can also be delivered by post to the address Kirjaamo, PL 1100, 01030 Vantaan kaupunki. In this case, we will check your identity in some other reliable way.

If you wish to enforce other rights to which you are entitled as a data subject or request additional information on the processing of personal data, please contact the person specified under section 14 below. The legal basis for the enforcement of your rights is verified on a case-by-case basis. In order to enforce your rights, you may have to prove your identity.

We will fulfil the requests without undue delay, but no later than within one month of receiving each request. If necessary, the deadline may be postponed by a maximum of two months based on the complexity of the request and the quantity of the information. If the deadline is postponed, you will be notified.
 

As a general rule, exercising your rights is free of charge. 

However, we may collect a reasonable fee corresponding to the administrative costs or refuse a request if the request in question is clearly unfounded, unreasonable or recurrent. We will contact you if we intend to collect a fee for completing your request. 

If we refuse to complete your requested measure, you will be informed in writing of the grounds for the refusal and your right to refer the matter to the Data Protection Ombudsman or resort to other legal remedies.
 

If you suspect that your personal data is being processed unlawfully, you can appeal to a supervisory authority in the EU member state of your permanent residence or employment or the member state where you consider the violation to have taken place. In Finland, the relevant supervisory authority is the Data Protection Ombudsman. 

More information and instructions on submitting an appeal are available on the website of the Office of the Data Protection Ombudsman and the office’s telephone guidance service.

More information on the processing of personal data is available from the contact person specified below. Please note that e-mail is not a safe medium for processing personal data. As such, please do not send sensitive information, such as your personal identity code, via e-mail. 

viestinta@vantaa.fi

Data controller 
City of Vantaa 
Business ID 0124610-9 
tel. +358 9 839 11