Privacy policy
City of Espoo
Processing of personal data through the online feedback system
Date of publication: 13 January 2023
1. Data controller
City of Espoo
Tel. 09 816 21 (switchboard)
2. Person responsible for the register
Hanna Kautto
Customer Service Manager
Tel. 09 816 21 (switchboard)
hanna.kautto@espoo.fi
3. Contact person of the register
Katariina Eskola
Senior Planning Officer
Tel. 09 816 21 (switchboard)
katariina.eskola@espoo.fi
4. Data Protection Officer
Data Protection Officer of the City of Espoo
Address: P.O. Box 12, 02070 City of Espoo
Tel. 09 816 21 (switchboard)
Email address: tietosuoja@espoo.fi
5. For what purpose is personal data processed?
The personal data collected through the online feedback system is used only for processing and responding to feedback messages.
As it is possible to provide anonymous feedback, it is not necessary to provide a name and contact details when sending feedback.
The City of Espoo does not respond to anonymous feedback, but all messages are stored in the feedback database.
If individuals enter their name and contact information on the feedback form or log in to the system, a personal data register called the ‘Online Feedback System’ is formed on the basis of the data provided.
The personal data included in the feedback can be processed and read only by those City of Espoo employees who are responsible for responding to feedback or who have been granted the right to access the system.
The city does not disclose personal data to third parties, unless it is necessary for the purpose of addressing the feedback received.
Data can be, as an exception, disclosed only for studies and surveys commissioned by the City of Espoo.
The individuals responsible for these studies and surveys are bound to secrecy concerning personal data and contact details, and no personal data is published in the reports.
The register consists of feedback provided through the online feedback system and the data of users logged in to this system.
The system is available through the city’s website (https://www.espoo.fi/fi, https://www.espoo.fi/sv, https://espoo.fi/en).
Feedback data is saved into the Online Feedback System.
The data is used for developing the city’s customer service and other activities.
The data is used for compiling analyses and statistics from which individuals cannot be identified.
Each feedback message recorded is considered a public document from the perspective of the Act on the Openness of Government Activities.
6. On what grounds is personal data processed?
Article 6(1)(e) of the General Data Protection Regulation of the European Union: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. What data is processed?
- Username
- Name
- Email address
- Telephone number
- Contact requests related to feedback processing
- Information concerning the feedback given
- Feedback processing phases and answers
- Information on the use of the website, such as browsing and search data, cookies and IP addresses
Information varies depending on the type of feedback.
The text field allows people to write their feedback freely.
It is also possible to attach files to the feedback message.
8. What are the sources of data?
The regular sources of data are the information provided by the users of the online service and the technical information concerning each session.
The service can be used without authentication. In other words, users do not have to provide their contact information.
9. Will data be disclosed or transferred outside the city?
Personal data may be disclosed to authorities and other parties defined by law to the extent permitted and required by law.
Data may be disclosed to the controller’s service providers, with whom an agreement has been concluded on the implementation of services belonging to the controller.
The publicity of information provided to the authorities is determined in accordance with the Act on the Openness of Government Activities or any special laws.
10. Will data be transferred outside the EU/EEA?
No.
11. How long will data be stored?
We store personal data for the period of time it is needed for the purpose for which they have been collected.
12. How is data protected?
IT equipment is located in protected and supervised premises.
Each user has personal user rights to client data systems and files, and their use is monitored.
User rights are given on a task-specific basis.
Each user must accept the user agreement and non-disclosure agreement concerning the data and the data systems.
13. Rights of the data subject
Further instructions on submitting information requests referred to in the General Data Protection Regulation: https://www.espoo.fi/en/city-espoo/data-protection#section-7317
13.1 How can I access my data?
You have the right to obtain from the data controller a copy of the personal data that is subject to processing.
The data controller must provide the data without undue delay and in any event within one month of receipt of the request.
That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
If the data controller does not take action on the request of the data subject, the data controller must inform the data subject without delay, and at the latest within one month of receipt of the request, of the reasons for not taking action and of the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
Requests from the data subject and any resulting actions are free of charge.
However, where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the data controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.
13.2. When can I request rectification of my data?
You have the right to have inaccurate, incomplete, outdated or unnecessary personal data that we store either rectified or completed by us.
13.3 When can I request erasure of my data?
You have the right to have the data controller erase your personal data without undue delay under certain conditions.
The data subject does not have the right to erasure if the processing of data is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
In these cases, the data will only be erased after the statutory time limit.
13.4 When can I request restriction of processing of my data?
If the data concerning you is inaccurate, you have the right to request that its processing be restricted until its accuracy has been verified.
13.5 Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority if you feel that the processing of your personal data is in infringement of data protection legislation.
You can lodge a complaint with the Office of the Data Protection Ombudsman: https://www.tietosuoja.fi
14. Cookies
The service uses cookies.
A cookie is a small text file sent to and stored on a user’s computer.
It allows a website administrator to identify frequent visitors to the website, to make logging in easier for visitors and to collect aggregate data on visitors.
This information makes it possible to continuously improve the contents of the website.
Cookies do not cause damage to the users’ devices or files. With the help of cookies, each user can be provided with information and services based on their individual needs.
If the user does not want the service to collect the above-mentioned information through cookies, most browsers allow users to disable cookies.
However, it should be noted that cookies may be required for the proper functioning of certain maintained websites and services.
