File description and data protection
The City of Vantaa is committed to protecting the privacy of the users of its electronic services according to the EU General Data Protection Regulation, the Finnish Information Society Code (917/2014) and other applicable legislation. This Privacy Statement explains how users’ personal data is used in the provided services.
By using the service, the user accepts the terms and conditions set forth by this Privacy Statement. If the user does not want to accept the terms and conditions in question, the user has no right to use the services described in these terms and conditions. We kindly ask you to carefully familiarise yourself with these terms and conditions.
The user has the right to cancel their approval at any time. You can request to have your user ID created for this service to be removed by email from the system administrator (osallisuuskoordinaattorit@vantaa.fi).
These conditions refer to the participatory platform that can be used at osallistu.vantaa.fi.
1. Controller
Controller: City of Vantaa, 0124610-9
Address of the Controller: Asematie 6 A, FI-01300 Vantaa
Controller Henry Westlin, City Engineer and Laura Lettenmeier, Participation Coordinator
Contact person of the Controller: Data Protection Officer at the City of Vantaa tietosuojavastaava@vantaa.fi
We ask you to contact the above-mentioned address by post or the contact people by email if you have questions related to personal data or the Privacy Statement. Email addresses are as follows: firstname.lastname(at)vantaa.fi.
2. The purpose of processing personal data
We collect personal data from users of the participatory platform. Personal data is needed to provide the service and to contact the service users. We can also collect monitoring data of the service users, which helps us track the user activity of the service and improve the service.
3. Data content of the register
We collect the following data from private users of the service:
- Email address
- Name
- Username
We collect the following data from organisational users of the service:
- Email address
- Name
- Name of organisation
- Document number or Business ID of the organisation
- Telephone number of organisation
In addition, users can store other information in their profile in the service, such as:
- Profile description
- Personal URL
If it’s important to receive more information of the users in order to provide the service, the users can later be requested to complete their data in the service. In these situations, we will update our Privacy Statement and notify the users.
4. Data collection method
We collect information from users when they register to the service. The user enters their personal data to our service during registration. At this point, it can be clearly seen which data is collected of the user.
Users can register and log in to the service via third-party services. In this case, the user must confirm the right of access to the data that we want to collect of the user in the third-party service. It’s possible to log in to the service with the following third-party services:
5. Data storage and protection
The data provided by the user is stored in a server environment administered by our service provider Mainio Tech Oy. The service provider in question or its representatives are the only parties with technical access to this server environment. The service provider is committed to taking good care of its customers’ data protection and making sure that third parties cannot access the data in the system’s database.
Access to the server environment’s physical location where the servers are located is restricted to people authorised by the server environment’s service provider. The server environment in question is located in a protected and monitored environment in order to prevent non-authorised access.
Contact details to the service’s service provider are available on their website at www.mainiotech.fi.
The data can also be accessed via the service’s administrative user interface. Access to the administrative user interface requires credentials to a system which is monitored in collaboration between the Controller and service provider. We make sure that administrative credentials are protected with strong passwords according to basic requirements of data protection. We also maintain internal information of whom administrative credentials have been granted to.
Data between the users’ browsers and the service is transferred via a telecommunications link protected with a TLS protocol, which guarantees a reliable transfer of data over the data network to the service. Similar technology that protects telecommunications is used in, for example, online banks.
6. Disclosing and transferring data
Your personal data may be transferred to other services and to the possession of other companies under the following conditions:
If justified for the production of the service, service users’ data may be transferred to other service providers’ systems to produce the service. These systems include, for example, software used to send emails.
Data may be transferred to other companies if this is necessary in order to produce the service. In this case, personal data may be transferred to, for example, the possession of a company offering data protection services.
The service’s service provider may transfer your personal data to another service provider’s server or another physical location if justified for the maintenance of the service and agreed upon with the Controller.
If the Controller makes a change in their service provider, the data in the register is transferred to be processed by the new company. In this case, responsibility for the maintenance of the system is transferred to the other company, of which we will inform the users.
In the connection of a merger or sale of the service provider’s business operations, data entered into the register will be transferred to be processed by another company. In this case, responsibility for the maintenance of the system is transferred to the other company, of which we will inform the users.
We make sure that all companies whose possession personal data is transferred to are committed to protecting and processing the personal data according to this Privacy Statement. When transferring data to the possession of another company, we grant the companies in question the right to process the data only for the purpose of producing the provided service. Third parties’ data processing is also restricted to producing the service, i.e. the ownership of the data will not be transferred to other companies or service providers in these cases.
Users’ personal data is not transferred outside the EU or EEA areas to produce the service. However, it’s possible that, for example, for network technical reasons, user data will temporarily be located outside the EU or EEA.
7. Cookies
Cookies are small text files which your browser stores on your computer and which are sent to the service in the connection of each visit. The service utilises cookies to identify the user’s session. Different users are identified from each other with the help of the sessions. Using the services requires that you allow cookies in the browser.
Third parties can also place cookies in the user’s browser through the service. These services can be utilised to, for example, track users in the service in an unspecified manner.
8. Rights
An individual who has provided their data according to the EU General Data Protection Regulation has the right to control which information of them has been stored in the register, to demand the correction of incorrect data of them and to request to have their data removed from the service. An individual who has provided their data according to the Finnish Personal Data Act (523/1999) also has the right to deny the Controller from processing their data for direct marketing, distance selling and other direct advertising, opinion polling and market research as well as public register and genealogical research purposes.
9. Amendments
We reserve the right to amend this Privacy Statement if necessary. We will notify the users of any amendments. If the amendments significantly impact the collected data or the processing of the collected data, we will notify the users of the amendments that concern them by email.