Information Security and Processing Personal Data

Information in its various forms plays a key role in the work of the Governing Body of Suomenlinna. Taking care of information security and data protection is a part of risk management and responsible working principles. This subpage describes how information security is organised by the department.

Information Security

The purpose of information security arrangements is to secure data and their processing as well as manage any related risks. We act in accordance with uniform working principles and practices to achieve a high level of information security and data protection.

In the Governing Body of Suomenlinna, information security refers to the ways of protecting information (including electronic, spoken and written information) during normal conditions, disruptions to normal conditions and in emergency conditions. Protection measures refer to administrative, technical and other measures which minimise risk factors related to the departments ‘s work or customer data.

Information security is defined through three concepts as follows:

Confidentiality: Information is only available to those authorised to access it.
Data integrity: The correctness of data and its protection has been organised so that data cannot be intentionally or unintentionally altered in a way that endangers its reliability.
Access to data: Data, information systems or services are accessible and available when they are needed.

The importance of securing confidentiality, data integrity and access to data changes on a case-by-case basis, depending on the nature of the data processed. Data processed in the department is primarily public and open, thus highlighting the measures for protecting data integrity and access.

In addition to the protection of information, the information security of the Governing Body of Suomenlinna includes implementations related to digital security, data protection and other areas of security, the most important of which are:

Measures for securing the confidentiality, integrity, access and continuity of the digital working environment.
Measures complying with data protection legislation to ensure the protection of the privacy of individuals and exercising the related rights in the processing of personal data.
Personnel security for ensuring the aptitude of persons working with the agency.
Physical security for securing equipment, premises, storage and archiving facilities, personnel, devices and other materials against physical threats and damage.
Contractual measures related to cooperation with stakeholder groups to ensure the implementation of the principles and requirements described in this policy.

Processing of Personal Data

The Governing Body of Suomenlinna processes a large amount of personal data in its work. A critical part is the personal data of our residents and tenants as well as the personal data processed in connection with the activities arranged in Suomenlinna, such as volunteer work. The processing of personal data and the data protection work of the Governing Body of Suomenlinna are guided by the EU data protection regulation, the national data protection law as well as the national and EU-level guidelines on data protection.

Ensuring the data protection of data subjects and their rights is at the heart of our data protection work. Personal data and other databases of the Governing Body of Suomenlinna are protected by various information security measures that are described above. The privacy statements on this page provide details about the personal data that we process in our work and the rights you have concerning them.

Please contact the registry if you have any questions regarding the processing of personal data by the Governing Body of Suomenlinna.

If you wish to use your rights concerning a specific personal data file, please contact the contact person designated in the privacy statements in question. Please be as specific as possible.

For more information on the subject, see the privacy statements.

Privacy Statements

Data Controller

The Governing Body of Suomenlinna
Suomenlinna C 40, 00190 Helsinki

Telephone (switchboard): 0295 336 000,
Email: tietosuoja@museovirasto.fi

Personal data processing

The Governing Body of Suomenlinna processes a great deal of personal data in its activities. The processing of personal data and the data protection measures of the Governing Body of Suomenlinna are guided by the EU’s General Data Protection Regulation, the Data Protection Act as well as national and EU-level guidelines related to data protection.

Ensuring the privacy and rights of data subjects is a key part of our data protection work. Personal data and other information resources of the Governing Body of Suomenlinna are secured by various data protection measures. This privacy statement provides information on how our activities process your personal data and what rights you have concerning your personal data.

Consepts

Personal data refers to any information relating to an identified or identifiable natural person or other personal data specified by data protection legislation.
Data controller refers to a natural or legal person, authority, office or other body responsible for the personal data processing and that determines the purpose and means thereof, either by themselves or jointly, or other data controllers specified by data protection legislation.
Data subject refers to a person whose personal data is collected, stored or processed.
Data processor refers to a natural or legal person, authority, office or other body processing personal data on behalf of the controller.
Data protection legislation refers to the European Union’s General Data Protection Regulation (GDPR, 679/2016) and other applicable data protection provisions, as well as the regulations and guidelines of the data protection authority.
Processing refers to the activities carried out by the supplier on behalf of the customer on the basis of an agreement between the parties and which are directed at personal data or sets of personal data, either by automated or manual processing or other processing of personal data as defined by data protection legislation.

The purposes of processing

Legal bases for processing

Personal data can be processed for the following purposes:

Implementation of a customer relationship in rents for meetings and party activities.
Implementation of a customer relationship for renting apartments, premises, areas, plots and patios and for maintaining properties.
The management, implementation, development and monitoring of customer service and related communications.
Ensuring the safety of processing and investigating cases of abuse.

Legitimate interest

We will use your personal data for the pursuit of your legitimate interest, if the interests or basic rights of the data subject are not overridden by such interests. Examples of processing personal data based on legitimate interests:

Implementing the customer relationship in rental activities to ensure and secure the rights and obligations of the tenants and landlords.
Collecting and processing customer feedback.
Sending crisis and fault notices to residents.

Statutory obligation

Compliance with the obligations laid down by law, regulation or administrative decision requires the processing of personal data in the following situations:

In rental activities, to enable, implement and secure the rights and obligations of the tenants and the landlords, such as a statutory period of retention of rents.

Agreement

Rental activities are based on a joint agreement between the tenant and the landlord, in which the terms and conditions of the rent are specified.

How data is collected

Data is primarily collected from the data subject themselves in terms of the information included in the rental apartment application form and rental agreement. Personal data can be collected from the civil register in terms of the resident information of rental apartments. Credit ratings are inspected through Intrum Justitia Oy’s credit register.

What data is processed

The Governing Body of Suomenlinna may process personal data concerning people booking premises for meetings, parties and events, tenants, room mates and the parties paying rent:

Basic information, such as one’s name, personal identity code, contact details (postal addresses, telephone numbers, email addresses).
Information related to booking premises and the start of customer relationships, such as the customer number and information concerning the need for a tenancy, such as the nature of an event. Depending on the event, all or part of the following: basic information, special diets, photographs taken during the event.
Information related to a tenancy, such as the rental agreement information and payment details related to a rent and bank account details for refunds and compensation, as well as apartment-specific water and electricity consumption details.
Messages or other communication related to a customer relationship.
Rental agreement, rent payment details and payment history.
Information related to applying for an apartment and the start of a customer relationship, such as the customer number, the names and dates of birth of persons living in the same household, information concerning legal incapacity and interest representation, information related to an employment relationship and profession, information concerning the need for an apartment and credit details.

Transfers and disclosures of personal data, disclosures outside the EU/EEA

Personal data is not disclosed outside the EU/EEA. The data will not be regularly disclosed to other data controllers. In the case of the resident satisfaction survey, processing personal data will be carried out by IRO Research, which is committed to the proper processing of personal data.

Automatic decision-making and profiling

Personal data is not used for automatic decision-making or profiling.

Deletion of personal data

We keep your personal data for as long as it is necessary for the purpose for which it was collected and processed or as long as the law and regulations require it. Examples of personal data retention periods:

Tenants’ personal data shall be deleted when the data is no longer required, but no later than six years after the end of the year of termination of the agreement.
The data stored on applicants for rental apartments (excluding persons selected as residents) shall be deleted three months after the end of the apartment search cycle, when the rental agreements have been signed.
Information on other persons living in the apartment shall be deleted within six months of the data controller being informed of the person moving out.
Information on the bookers of meeting, party and event venues shall be deleted 13 months after the cancellation notice has been received if the booking is cancelled before payment of the booking fee or 13 months after the event.
The information on the tenant satisfaction survey shall be retained for 24 months.
The information on the tenant satisfaction survey shall be retained for the duration of the lottery.
Contact details for crisis and fault notices will be deleted no later than one month after the resident has moved out.

Rights of the data subject

The data subject is entitled to be informed by the data controller on whether their personal data is processed or not.
If the data controller is processing the data subject’s personal data, the data subject is entitled to receive a copy of the processed personal data.
The data subject is entitled to request the data controller to correct their erroneous personal data.
The data subject is entitled to request the data controller to delete personal data concerning them when processing it is based on consent.
The data subject is entitled to oppose the processing of personal data when it is based on legitimate interest.
In certain situations, the data subject is entitled to request the restriction of processing their personal data.
If the data subject views that their personal data is being processed in an unlawful manner, they are entitled to send a complaint to the supervisory authority.

Information security

The data shall be protected by means of access control and any other technical means generally accepted by the information security sector at the time. Manual material shall be located in locked, access-controlled spaces. Personal data shall be processed only by persons authorised to do so on behalf of their functions. The retention, archiving and deletion of the data contained in the register are regulated by legislation and the organisation-specific instructions based on it. Retention of data, archiving and deletion are regulated by legislation and the organisation-specific instructions based on it.

Amendments to the Privacy Notice and Contact Channel

The data controller reserves the right to make changes to this notice if changes in the processing of personal data or legislation require it.

For any questions related to the processing of personal data and in situations concerning the exercise of your rights, the data subject may contact tietosuoja@museovirasto.fi. Upon request, the data subject must verify their identity during the handling of the matter.

Information requests should primarily be made by email to tietosuoja@museovirasto.fi. If necessary, the request can also be made by letter to: Finnish Heritage Agency, postal address: P.O. Box 913, FI-00101 Helsinki.

More information on information requests: Data Protection – Finnish Heritage Agency.

Data Controller

Finnish Heritage Agency
Hakaniemenranta 6, FIN-00530 Helsinki

Telephone: 0295 336 080,
Email: tietosuoja@museovirasto.fi

Personal data processing

Concepts

Personal data refers to any information relating to an identified or identifiable natural person or other personal data specified by data protection legislation.
Data controller refers to a natural or legal person, authority, office or other body responsible for the personal data processing and that determines the purpose and means thereof, either by themselves or jointly, or other data controllers specified by data protection legislation.
Data subject refers to a person whose personal data is collected, stored or processed.
Data processor refers to a natural or legal person, authority, office or other body processing personal data on behalf of the controller.
Data protection legislation refers to the European Union’s General Data Protection Regulation (GDPR, 679/2016) and other applicable data protection provisions, as well as the regulations and guidelines of the data protection authority.
Processing refers to the activities carried out by the supplier on behalf of the customer on the basis of an agreement between the parties and which are directed at personal data or sets of personal data, either by automated or manual processing or other processing of personal data as defined by data protection legislation.

Purpose of and bases for processing data

Personal data can be used for the following purposes:

HR data is processed for the purpose of executing an employment contract or pre-contractual measures and for the purpose of exercising the employer’s statutory rights and obligations in relation to the management of the employment relationship.
We work with the government financial and HR administration as a joint controller on part of the personal data stored in the Kieku and M2 systems. Responsibilities related to joint controllership are defined by the Act on the government financial and HR administration (Laki Valtion talous- ja henkilöstöhallinnon palvelukeskuksesta), which states that:
- The service centre shall be responsible for the technical operation and related matters of the information systems necessary for the production of the tasks and services, including availability, data integrity, protection and preservation.
- As an employer, we are responsible for other responsibilities of the controller, such as informing the data subject and acting as a contact point for exercising the rights of the data subject, such as data rectification.
To maintain and submit to the Finnish Tax Administration the necessary identification and contact details of the persons working on the site, collected for the purposes of tax control by the main contractor or other contractor of the construction site.
To ensure the safety of processing personal data and investigating cases of abuse.

Legal bases for processing

Agreement

The purpose of processing personal data is to collect and verify personal data before signing an agreement. We also process personal data so that we can document and fulfil our contractual obligation towards the data subjects.

We process data to implement the employment contract and to take pre -contract measures.

Statutory obligation

Compliance with the obligations laid down by law, regulation or administrative decision requires the processing of personal data in the following situations:

Implementation of the employer’s rights and obligations in relation to the management of the employment relationship.
Palkeet processes personal data as a joint controller when providing services to the Governing Body of Suomenlinna.
Personal data shall be processed to the extent necessary for the purpose of reporting to the Finnish Tax Administration the statutory information of workers, self-employed persons, employers and contractors working on a joint construction site in order to enable, implement and safeguard reporting obligations.

What data is collected

Personal data: Data is provided by the supervisor and the person themselves.
Data related to the management of the service relationship: Data is provided by the supervisor and the person themselves.
Register data: The register data generated in the course of the agency’s service shall be entered into register data by the agency’s HR department. The agency’s HR department shall receive penalty data recorded in the register from the court.
Salary-related data: Pension decision data shall be provided by Keva. The tax collector shall submit personal tax data to the system by machine. Enforcement data shall be provided by the enforcement official.
Travel-related data: Personal data and information on a person’s organisation shall be provided by the HR department’s data system. Data relating to payment periods and travel documents is obtained from the banking system. Access authorisation data, other than those relating to the civil servant’s passenger rights, shall be collected on the basis of a request for access by a registered supervisor.
Recruitment-related data: Data is obtained through the Valtiolle.fi system, in which the employee has submitted the information while applying for work.
Data on illnesses and accidents: Data is provided by the employee themselves.
Reference-related data: The data shall be obtained through the Kieku system.
Data related to development discussions: Some of the data is obtained from supervisors and some from the employee themselves.
Data on persons working on construction sites may also be collected from their employers and from self-employed persons.

What data is processed

The following data on the data subjects shall be processed:

Personal data (SLHK-Palkeet): The person’s current name, previous names, date of birth, personal identification number, personal identification number under the previous system, postal address, business e-mail address, business telephone number, bank details, nationality, mother tongue, gender, next of kin, contacts of next of kin, degree details, user ID, loaned items such as keys/calling numbers, personal identification numbers, protective clothing and other loaned items
Register data (SLHK-Palkeet): Data on military/civilian service, military rank, pension decision, language skills, decorations and titles, duties of trust, exemptions granted, penalties, secondary licences, oath of office and insurance data, career, interruption of service or work
Data on the management of a service relationship (SLHK-Palkeet): Details on employment, pay, absence, working time, termination of employment, leave, length of service Information on wages and salaries (SLHK Palkeet) Pension service relationship, membership fee details, tax and withdrawal details.
Travel-related data (SLK-Palkeet) Personal number, first names and surnames, social security number, street address and number, e-mail address, country, bank details, telephone number, date of start and termination of employment, organisational details of the person for the accounting of travel expenses, M2 or Virtu user ID, travel, travel and driving details of the person, details of the person’s payment card and travel accounts, user role, type of annual declaration.
Recruitment-related data and documents: work application with appendices, appointment decision, explanatory report
Data on illnesses and accidents: Medical certificate (date of birth, name, diagnosis), form for an accident (date of birth, name, occurrence of the accident, gender).
Data related to the employment certificate: name, date of birth, length of service, job duties, evaluation on request
Information related to development discussions: name of person, name of supervisor, content of discussion, evaluation (Osaava)
Identification and contact details of persons working on construction sites.
Data generated by the transfer of data, such as technical identification data.

Transfers and disclosures of personal data, disclosures outside the EU/EEA

Personal data is not disclosed outside the EU/EEA.
Information on sick leaves shall be submitted to Terveystalo or, if necessary, to Kela.
Information shall be regularly provided to the enforcement authorities, trade associations, the incoming register and Tahti (Office for the Government as Employer) and to financial institutions in the form of remuneration and payroll data to the Finnish Tax Administration and the payroll registry.
Travel-related data shall be transferred to the payer’s and the payee’s bank, payment systems or other payer. Tax-free allowances paid to individuals shall be reported to the taxpayer once a year. Personal data shall be transferred to the travel agency.
In the context of the suitability assessment, information may be disclosed to the company carrying out the assessment.
Information on accidents shall be disclosed to the State Treasury.
Data on persons working on construction sites are transmitted monthly to the Finnish Tax Administration.

Retention periods for personal data

The retention periods for personal data in the Personnel Administration are based on legislation and are 5–50 years from the end of the employment relationship or the date of creation of the document. In addition, some of the data is retained permanently.

Data on persons working on construction sites shall be deleted when the data are no longer required, but no later than six years after the end of the year of completion of the construction site.

Rights of the data subject

The data subject is entitled to be informed by the data controller on whether their personal data is processed or not.
If the data controller is processing the data subject’s personal data, the data subject is entitled to receive a copy of the processed personal data.
The data subject is entitled to request the data controller to correct their erroneous personal data.
The data subject is entitled to request the data controller to delete personal data concerning them when processing it is based on consent.
The data subject is entitled to oppose the processing of personal data when it is based on legitimate interest.
In certain situations, the data subject is entitled to request the restriction of processing their personal data.
If the data subject views that their personal data is being processed in an unlawful manner, they are entitled to send a complaint to the supervisory authority.

Information security

Amendments to the Privacy Notice and Contact Channel

The data controller reserves the right to make changes to this notice if changes in the processing of personal data or legislation require it.

More information on information requests: Data Protection – Finnish Heritage Agency.

Data Controller

Finnish Heritage Agency
Hakaniemenranta 6, FIN-00530 Helsinki

Telephone: 0295 336 080,
Email: tietosuoja@museovirasto.fi

Personal data processing

Consepts

Personal data refers to any information relating to an identified or identifiable natural person or other personal data specified by data protection legislation.
Data controller refers to a natural or legal person, authority, office or other body responsible for the personal data processing and that determines the purpose and means thereof, either by themselves or jointly, or other data controllers specified by data protection legislation.
Data subject refers to a person whose personal data is collected, stored or processed.
Data processor refers to a natural or legal person, authority, office or other body processing personal data on behalf of the controller.
Data protection legislation refers to the European Union’s General Data Protection Regulation (GDPR, 679/2016) and other applicable data protection provisions, as well as the regulations and guidelines of the data protection authority.
Processing refers to the activities carried out by the supplier on behalf of the customer on the basis of an agreement between the parties and which are directed at personal data or sets of personal data, either by automated or manual processing or other processing of personal data as defined by data protection legislation.

Purpose of and bases for processing data

Personal data may be used for the following purposes:

Managing, implementing, developing, and monitoring the customer relationship, customer service, and related communications.
Collecting and processing customer feedback.
Fulfilling obligations based on law and complying with authorities’ regulations and instructions.
In communication materials produced by the Governing Body of Suomenlinna.
Managing events and organizing volunteer work.
Communication and marketing.
Use of image material in communication materials produced by the Governing Body of Suomenlinna. Other personal data is used to verify the granting of permission for the use and publication of image material.
Managing, monitoring, analyzing, compiling statistics, developing, and segmenting relationships related to voluntary and other relevant contacts.
Stakeholder communication and managing, analyzing, and improving stakeholder cooperation.
Processing applicants’ applications related to the recruitment process of the Governing Body of Suomenlinna, as well as managing access rights of applicants and persons using the recruitment system. The joint controller is the Valtiolle.fi system. The Valtiolle.fi system processes data of employees of the Governing Body of Suomenlinna and persons who have applied for positions at the Governing Body of Suomenlinna.

Legal basis for processing

Legitimate interest

Collecting and processing customer feedback.
In the management of communication and cooperation with stakeholder groups

Consent

In certain situations, the data subject will be requested to provide consent for processing personal data. For example:

The use of image material.

Statutory obligation

Compliance with the obligations laid down by law, regulation or administrative decision requires the processing of personal data in the following situations:

Processing of applications related to the recruitment process and management of the access rights of applicants and persons using the recruitment system.

How data is collected

Data is primarily collected from the data subject themselves. With the separate consent of the jobseeker, information necessary for the job search can be obtained from other data sources, such as the credit register, and stored in the Valtiolle.fi system.

What data is processed

The following data on the data subjects shall be processed:

Basic information, such as one’s name, personal identity code, contact details (postal addresses, telephone numbers, email addresses).
When communicating with stakeholders, in addition to basic information and contact details, the organisation and job title
Information related to the archiving of photographs, such as the photograph and the time and place it was taken
Information related to volunteering: start and end times, participation in activities and training.
Social media user account details to enable the linking of volunteering activities to closed groups. The joint controller here is Facebook Ireland, which is primarily responsible for data protection compliance and data security and the exercise of the rights of the data subject in the service. More information is available at www.facebook.com/privacy/s
Information related to job applications, such as identification data, information provided by the applicant in the application, such as education and employment history, other information provided by the applicant in support of the application, such as name/resume, school and educational certificates, employment certificates, references provided by the applicant, and other necessary information related to the job application and the terms and conditions of employment. Nationality must be indicated when Article 7 of the Act on Public Officials in Central Government applies to recruitment.
User details of the applicant: first name, surname, gender, date of birth, address, postal code, post office, e-mail address, country, province, municipality. The user details of the person using the recruitment system are identical. In addition, the person’s personal number in Kieku is stored in the user data, if necessary.

Transfers and disclosures of personal data, disclosures outside the EU/EEA

Personal data is not disclosed outside the EU/EEA. Data may be disclosed to third parties only to the extent required and permitted by the applicable law or with the consent of the data subject.

Cookies and analytics

The public online services (www.suomenlinna.fi) owned by the Governing Body of Suomenlinna’s follow the guidelines of the Finnish Communications Regulatory Authority on reporting the use of cookies. In addition, the terms of use of the analytics services used at any time (Snoobi Analytics) shall be respected. Some of the online services we use include so-called social plug-ins, the use of which must also be reported (read more on the Facebook page of the community link).

Cookies

The online services of the Governing Body of Suomenlinna uses cookies. Cookies allow us to collect general statistics regarding the use of our website, provide the online service and make the use of the service easier. Cookies are small text files sent to the user’s device that do not cause any harm to the device.

If you wish, you can reject the use of cookies. Most browsers allow for disabling cookies. However, disabling cookies may interfere with the operation of our online services on your device.

Analytics

The Governing Body of Suomenlinna uses the Snoobi Analytics service for the statistical monitoring of visitor numbers in order to be able to analyse and thus develop websites. Snoobi is made to comply with the GDPR and other similar laws and does not store cookies or other data. The entire traffic can be analysed without additional storage.

Data related to the use of our online service are not processed or stored in a manner that permits the monitoring of an individual user’s usage.

Social plug-ins

Our online services use social plug-ins, such as the Facebook like button. The third-party social plug-ins on the service may set cookies on their own services in accordance with their own terms of use and other terms and conditions. Our sites do not send information about their visitors through social plug-ins.

Customers can prevent the visibility of their personally identifiable information to social plug-ins by using the sites without being simultaneously logged in to community services.

Deletion of personal data

Personal data relating to the images shall be retained for as long as the material is used by the Governing Body.
Data relating to the event communication shall be deleted at the latest one month after the end of the event.
Personal data relating to the volunteering activity shall be deleted seven (7) months after the end of the volunteering activity.
For the duration of the stakeholder relationship.
Applications for recruitment shall be deleted from the applicant’s profile twelve (12) months after the end of the recruitment process.
Open job applications will be deleted from the applicant’s profile twelve (12) months after the last recording.
The user data of an applicant or a user of the recruitment system shall be deleted after one year of inactivity. The applicant shall be informed of the withdrawal before it takes place. https://valtiolle.fi/en/data-protection-policies/

Rights of the data subject

The data subject is entitled to be informed by the data controller on whether their personal data is processed or not.
If the data controller is processing the data subject’s personal data, the data subject is entitled to receive a copy of the processed personal data.
The data subject is entitled to request the data controller to correct their erroneous personal data.
The data subject is entitled to request the data controller to delete personal data concerning them when processing it is based on consent.
The data subject is entitled to oppose the processing of personal data when it is based on legitimate interest.
In certain situations, the data subject is entitled to request the restriction of processing their personal data.
If the data subject views that their personal data is being processed in an unlawful manner, they are entitled to send a complaint to the supervisory authority.

Information security

Amendments to the Privacy Notice and Contact Channel

The data controller reserves the right to make changes to this notice if changes in the processing of personal data or legislation require it.

More information on information requests: Data Protection – Finnish Heritage Agency.

Data Controller

Finnish Heritage Agency
Hakaniemenranta 6, 00530 Helsinki
Tel. +358 295 336 080
tietosuoja@museovirasto.fi

Further information and instructions for reporting: Misconduct Report – Finnish Heritage Agency
You can find the privacy notice on the Finnish Heritage Agency’s website: Data Protection – Finnish Heritage Agency

Finnish Heritage Agency Record Office

+358 295 336 080

kirjaamo@museovirasto.fi

Information Security and Processing Personal Data

Information Security

Processing of Personal Data

Privacy Statements

Rental Activities

Data Controller

Personal data processing

Consepts

The purposes of processing

Legal bases for processing

Legitimate interest

Statutory obligation

Agreement

How data is collected

What data is processed

Transfers and disclosures of personal data, disclosures outside the EU/EEA

Automatic decision-making and profiling

Deletion of personal data

Rights of the data subject

Information security

Amendments to the Privacy Notice and Contact Channel

Personnel and external contractors

Data Controller

Personal data processing

Concepts

Purpose of and bases for processing data

Legal bases for processing

Agreement

Statutory obligation

What data is collected

What data is processed

Transfers and disclosures of personal data, disclosures outside the EU/EEA

Retention periods for personal data

Rights of the data subject

Information security

Amendments to the Privacy Notice and Contact Channel

The personal register of communications stakeholders

Data Controller

Personal data processing

Consepts

Purpose of and bases for processing data

Legal basis for processing

Legitimate interest

Consent

Statutory obligation

How data is collected

What data is processed

Transfers and disclosures of personal data, disclosures outside the EU/EEA

Cookies and analytics

Cookies

Analytics

Social plug-ins

Deletion of personal data

Rights of the data subject

Information security

Amendments to the Privacy Notice and Contact Channel

Whistleblowing channel

Data Controller

Finnish Heritage Agency Record Office