Data protection in the Prime Minister's Office

The panel of experts is responsible for preparing the nomination of candidates for judges and members of international courts and the Court of Justice of the European Union. The panel is based on an Act (676/2016) and is permanent in nature. The Government appoints the panel of experts for six years at a time. On 30 March 2023, the Government appointed the panel of experts for the term 1 April 2023–31 March 2029.

The panel of experts has nine members. They represent the Prime Minister’s Office, the Ministry for Foreign Affairs, the Ministry of Justice, the Supreme Court, the Supreme Administrative Court, the Office of the Prosecutor General, the centres engaged in judicial research and instruction at universities (joint representative) and the Finnish Bar Association. Persons appointed by the Government as members of the Permanent Court of Arbitration (also known as “PCA judges”) are automatically included in the panel of experts. The secretariat of the panel of experts operates from the Prime Minister’s Office.

The legal basis for the processing of personal data concerning panel members is provided in Article 6, paragraph 1, point c of the EU General Data Protection Regulation: “processing is necessary for compliance with a legal obligation to which the controller is subject”. In addition, provisions on the panel of experts are laid down in the Act on the Nomination of Candidates for Judges and Members of International Courts and the Court of Justice of the European Union (676/2016) and in the Government Decree on the Panel of Experts. Preparing the Nomination of Candidates for Judges and Members of International Courts and the Court of Justice of the European Union (179/2017).

Personal data stored

The personal data we collect can be divided into the following categories:

Identification data of the panel of experts: the names, titles, organisations and contact details of the members and deputy members of the panel of experts (postal address, email address and telephone number).

Identification data of applicants: name, title, date of birth, postal address, email address, telephone number, nationality, mother tongue and gender.

Other personal data concerning applicants: for example, data on the applicant’s education and work experience, language skills, other information provided by the applicant in support of their application, such as a personnel record/curriculum vitae, school and degree certificates and diplomas, other necessary information related to the nomination of the candidate, and information on suitability assessments. 

As regards personal data processed by the panel of experts concerning nomination matters to be presented to the Ministry for Foreign Affairs, the Ministry for Foreign Affairs will act as the controller and will be responsible for processing personal data in accordance with its own data protection practices.

Disclosure of data

The disclosure of data may take place only within the limits of the current legislation.

The necessary data on applicants will be submitted to the panel of experts as part of the panel’s work. In addition, the opinions of the panel of experts, which contain the personal data of applicants, will be submitted to the Prime Minister’s Office or the Ministry for Foreign Affairs for the nomination procedure and to the Government for presentation. We disclose personal data, upon request, in accordance with the Act on the Openness of Government Activities. The data and documents are public, unless special provisions on their secrecy have been laid down by law.

No personal data concerning the panel of experts will be transferred outside the European Union or the European Economic Area.

Data storage period

The official documents of the panel of experts are archived in a separate section of the case management system. In addition, the competent ministry in nomination matters (the Prime Minister’s Office or the Ministry for Foreign Affairs) archives documents on each nomination in line with its archiving principles. Documents and the personal data contained therein are stored permanently in the VAHVA Case Management System.

Finnish citizens can be awarded honorary titles in public recognition of their services to society. There are about a hundred titles in use, the highest-ranking of which are valtioneuvos and vuorineuvos. Honorary titles are awarded by the President of the Republic based on statements by the Honorary Title Advisory Board. The Prime Minister’s Office is responsible for the technical preparation of the Advisory Board’s proposals. The processing of applications for honorary titles and the submission of proposals for honorary titles require the processing of personal data.

We process this data in accordance with Article 6, paragraph 1, point (c) of the General Data Protection Regulation: “processing is necessary for compliance with a legal obligation to which the controller is subject”. Provisions on honorary titles are laid down in the Act on public expressions of recognition (1215/1999) and the Decree of the President of the Republic on honorary titles (381/2000) issued thereunder.

Data stored

We store the following data on applicants: last name, first name, personal identity code (for identification in the service), title or profession, address, postal code, city/town, telephone number and email address.

We store the following data on nominees for and recipients of honorary titles: last name, first name, personal identity code, address, postal code, city/town, telephone number, email address, proposed or granted honorary title, gender, home municipality, occupation, education, date of presentation of the title, register number of the proposal, title number and any other personal data obtained from the statements.

Disclosure of data

The Honorary titles data file consists of data stored in the Government case management system VAHVA and a separate electronic and paper register.  Officials at the Prime Minister’s Office have access to the systems and data if they are responsible for tasks and case management related to honorary titles. The data in the register is also used by the President of the Republic, the Office of the President of the Republic and the Honorary Title Advisory Board. The right to access the data is restricted at the level of role, case and document. Extracts of public data from the Honorary titles data file can be obtained by request.

The data may be disclosed to the authorities upon request in accordance with the Act on the Openness of Government Activities. The data and documents are public, unless special provisions on their secrecy have been laid down by law.

Personal data will not be disclosed for the purposes of direct marketing or opinion or market research, unless separate provisions are laid down on the disclosure of data for that purpose. No personal data is transferred outside the European Union or the European Economic Area.

Period for which the personal data is stored

The data is retained in accordance with regulations concerning the authorities and the decisions on retention periods made by the National Archives of Finland.

The Gateway to Information on Government Projects is a joint public online service for managing and publishing information about projects carried out by the Government and its ministries. 

The service contains personal data that the Prime Minister's Office handles for tasks carried out in the public interest, in accordance with Article 86 of the General Data Protection Regulation, taking into account the principle of public access to official documents. The personal data contained in the service has been obtained from Government employees who have entered information about projects into the system.

The data stored

The service contains such information as the names, email addresses and phone numbers of project coordinators, contact persons and members of working groups. 

Disclosure of data

No personal data contained in the service is transferred outside the European Union or the European Economic Area. 

Period for which the personal data is stored

After the completion of a project, the personal data of all the participants is automatically deleted from the webpages (except for the data relating to the contact person). After this, however, personal data can still be accessed through the interface to the service used by public officials within the Government. The data needs to be retained in the interface used by public officials for the compilation of reports on project participants and other tasks.

Whistleblower protection allows people to safely report breaches. A report can be submitted using an internal or external whistleblowing channel. The internal whistleblowing channel of the Prime Minister's Office is only available to people employed by the Prime Minister’s Office. Others, such as retired public officials or people employed by partners, may submit a report regarding the activities of the Prime Minister’s Office that they have observed in their work and that fall within the scope of the Whistleblower Act to the central external whistleblowing channel of the Office of the Chancellor of Justice. 

Purpose of and grounds for the processing of personal data

Personal data is processed in connection with the tasks laid down in the Act on the Protection of Persons Reporting Infringements of European Union and National Law (1171/2022, the Whistleblower Act). Under section 30 of the Whistleblower Act, the controller may process data belonging to certain special categories of personal data and data related to criminal convictions and offences only if the processing is necessary for the purpose of the Act. 

Personal data is processed in accordance with Article 6, paragraph 1, point (c) of the General Data Protection Regulation (processing is necessary for compliance with a legal obligation to which the controller is subject). 

Processed data

Reports processed in matters concerning whistleblower protection may contain any personal data that the whistleblower has appended to the report. 

In matters concerning whistleblower protection, the personal data of the whistleblower is not stored in the contact information for the matter or document as the initiator of the matter, nor is the personal data of the reported person stored in the contact information for the matter or document. However, the personal data of the whistleblower and the reported person are processed in the documents concerning the report, such as the report itself.

The personal data of the whistleblower and the reported person under the Whistleblower Act are always treated as non-disclosable in their entirety.

Situations in which information on the identity of the whistleblower can be disclosed to another authority or to the reported person

Notwithstanding the non-disclosure obligation laid down in the Whistleblower Act, the person responsible for processing the report may disclose the identity of the whistleblower and other persons mentioned in the report, as well as any other information directly or indirectly indicating the identity of the persons, to a person appointed to verify the accuracy of the report, if this disclosure is necessary to verify the accuracy of the report.

In addition, notwithstanding non-disclosure provisions, the person responsible for processing the report may provide information on the identity of the whistleblower, the reported person and other persons mentioned in the report, as well as other information directly or indirectly indicating their identity, if it is necessary to provide this information:

• to the competent authority for the purpose of verifying the accuracy of the report;
• to the criminal investigation authorities for the purpose of preventing, detecting, investigating and considering prosecution of criminal offences;
• to public prosecutors for the purpose of performing the official functions prescribed in section 9 of the Act on the National Prosecution Authority (32/2019);
• to the reported person for the purpose of establishing, presenting or defending a legal claim in a court hearing or in out-of-court judicial or administrative proceedings. 

Separate provisions on the right of a party to access non-disclosable information are laid down elsewhere in law. 

The reported person has the right to disclose the identity of the whistleblower and to obtain information on the identity of the whistleblower from the authorities if this is necessary for establishing, presenting or defending a legal claim in judicial proceedings.

The person responsible for processing the report shall inform the whistleblower in advance of the disclosure of their identity, unless such information would jeopardise the verification of the accuracy of the report or a criminal investigation or trial related to the matter. The competent authority shall also provide the whistleblower with a written explanation of the grounds for the disclosure of non-disclosable information.

Processing of data is limited within the organisation and time-limited

In matters concerning whistleblower protection, personal data may only be processed by persons designated for the task in the ministry in question as referred to in the Whistleblower Act. 

Documents submitted to and prepared by the ministry and the personal data contained therein shall be stored in accordance with the document storage periods specified in the information management plan. The provisions of section 29, subsection 2 of the Whistleblower Act have been taken into account when determining the storage periods.

Data stored in the case management system shall not be transferred to third countries or international organisations.

Rights of data subjects

The right of a data subject to restrict the processing of their data does not apply to matters of whistleblower protection, and the right of a data subject to access their data may be restricted if this is necessary and proportionate with respect to ensuring the accuracy of the report or in order to protect the identity of the whistleblower. If only a part of the data on a data subject is such that it falls within the restriction on the right of access, the data subject shall have the right to access the remainder of the data. The data subject has the right to be informed of the reasons for the restriction and to request that this information be provided to the Data Protection Ombudsman in accordance with section 34, subsections 3 and 4 of the Data Protection Act (1050/2018).

Any requests for information concerning personal data, requests to rectify or supplement personal data and requests to restrict the processing of personal data shall be addressed to the controller.

Camera surveillance is used to ensure the legal protection and safety of the employees and visitors to the Prime Minister's Office, to protect the employer’s and employees’ property, and to prevent and solve crime. We use the information in the register to track and identify the movement of people on our premises.

We process this data in accordance with Article 6, paragraph 1, point (e) of the General Data Protection Regulation, that is, for the performance of a task carried out in the public interest.

The data stored

Images of people and vehicles moving in the camera surveillance area are stored in the register. In addition to images, the register contains information about the surveillance camera and the date and time of the recorded event.
Camera surveillance is not used in the areas or for the purposes prohibited in section 16 of the Act on the Protection of Privacy in Working Life (759/2004). 

Disclosure of data

As a rule, we do not disclose register data to other parties. However, we disclose data to the police or other competent authorities in cases specifically provided by law, such as for solving crimes. The disclosure of data is always based on a specific request from the authorities. Data in the register is not transferred or disclosed to countries outside the European Union or the European Economic Area. 

Period for which the personal data is stored

As a rule, records are retained for one (1) month.

Kampus is the Government’s common virtual desktop, where each public official has access to an individual desktop customised to their work profile. Kampus supports the user’s own work, the work of the Government as a whole, as well as networking within the Government. Kampus contains an electronic workspace called Tiimeri. Access rights to Tiimeri can also be granted to persons outside the Government. Tiimeri is a service environment for e-working and networking. It enables cooperation across organisations.

The Prime Minister's Office handles personal data in Kampus in compliance with the statutory duties of the data controller as laid down in Article 6, paragraph 1, point (c) of the General Data Protection Regulation. The Prime Minister's Office is responsible for the common administrative and service tasks of the Government and its ministries.

The data stored

The Kampus register contains data provided by the users of Kampus, data obtained through the active directory user data service (AD), and usage data collected by the system. The data supplied by the AD includes the following compulsory information: name, work phone number, department, title, supervisor, work email address, office, organisation, unit, supervisor, Kieku number and organisation chart. Public officials also have the option of adding a photo or home phone number to their profile.

The following compulsory basic user information is recorded in Tiimeri: work email address, name and employer. Users can, if they wish, add other additional information to their profile.

Disclosure of data

Data stored in Kampus and Tiimeri is not disclosed. The data in these registers is not transferred or disclosed to countries outside the European Union and the European Economic Area.

Period for which the personal data is stored

The data is stored in the service throughout its life cycle.

The Prime Minister's Office has a case management system, which is an electronic case register and a document management system. We receive letters, feedback, inquiries and information requests that private individuals, representatives of interest groups, and journalists send to ministers and ministries. All letters from citizens and other calls and comments containing contact information are registered in the case management system, which creates a register number for the material to indicate processing.

We process personal data in accordance with Article 6, paragraph 1, point (e) of the General Data Protection Regulation. The processing is necessary for the performance of a task carried out in the public interest.

Registration indicates the arrival of a document, enables the different processing phases of cases to be monitored, contributes to the fulfillment of the publicity principle of documents, and generates case directories, reports and statistics.

The data stored

The names of people are needed to identify the initiator of a case (if a private individual), the public official handling the case and possibly the case itself.

Disclosure of data

Clients can request an extract from the register.

The data is not transferred outside the European Union or the European Economic Area. The data is retained in accordance with regulations concerning the authorities and the decisions on retention periods made by the National Archives of Finland.

Period for which the personal data is stored

We retain the data in accordance with the data control plan of the Prime Minister's Office. What this means in practice is that the letters from citizens that we answer are retained permanently. Instead, letters that do not lead to any measures being taken are retained for two (2) years after the end of the government’s term of office. Information requests and document requests are retained for ten (10) years. Brief information requests from journalists and other interest groups, which have been answered directly by email, are retained for one (1) year.

The Citizens’ Pulse survey explores the views of 15–74-year-olds living in Finland on topics such as the activity and communication of authorities and the respondents’ state of mind and confidence in the future.

The online survey is conducted every three weeks, and respondents can complete it via smartphone in Finnish, Swedish or English. The group of respondents changes for each round. Respondents receive a text message inviting them to participate in the survey.

The Prime Minister’s Office is responsible for overseeing the Citizens’ Pulse survey. Statistics Finland is responsible for collecting and processing the data. The processing of personal data is necessary for the purpose of carrying out scientific research in the public interest pursuant to section 4, subsection 3 of the Data Protection Act.

Stored personal data

The background questions in the Citizens’ Pulse survey ask for the following information: gender, age group, region of residence, highest level of education completed, persons living with the respondent, underage children living with the respondent and respondent’s views on the financial situation of their household.

To make responding easier, the collected data is supplemented with data available from administrative registers. The data is processed in such a way that respondents cannot be identified based on the completed statistical data. The combined data includes the following: gender, age, education, region, household dwelling unit, household income data and primary occupation.

Disclosure of data

No personal data is transferred outside the EU/EEA.

Data storage period

Statistics Finland stores personal data related to the survey for a maximum of 12 months from the end of the year in which the data was collected. Identifiable personal data is not disclosed outside Statistics Finland. The personnel at Statistics Centre are bound by a non-disclosure obligation.

The final output provided by Statistics Finland to the Prime Minister’s Office for research purposes does not contain identifiable personal data. Statistics Finland and the Prime Minister’s Office store the non-identifiable personal data until further notice.

We collect the personal data needed to conduct surveys and register participants for events.

We process personal data in accordance with Article 6, paragraph 1, point (e) of the General Data Protection Regulation. The processing is necessary for the performance of a task carried out in the public interest.

The data stored 

The data collected varies depending on the case. When registering for an event, participants are typically requested to provide their name and email address. Depending on the event, other personal data may also be requested.

Disclosure of data

We may disclose data on a case-by-case basis to parties involved with the surveys, such as the security control personnel of ministries. Our subcontractors process personal data in their role as service providers.

Period for which the personal data is stored

For surveys, the appropriate storage period varies depending on the case.

In the case of registrations, the storage period is the time required for arranging the event and carrying out follow-up activities, but no lon

The Prime Minister’s Office provides advice on central government terminology on its website and by telephone.

Systems

Glossaries, models and instructions for preparing texts and using expressions in different languages are available on the translation and language services website. The multilingual Valter termbank contains glossaries compiled by the Prime Minister’s Office and other government agencies.

Personal data stored

No personal data is stored in the service.

Other data stored

Terminology lists, glossaries, expressions

Disclosure of data and data retention period

The data is openly available online.

The Government media service is meant for media representatives only and requires users to register to use the online service.

The Government media service publishes documents related to decisions made by plenary sessions that contain personal data and are therefore not published on the Government website for data protection reasons. Such documents include appointments to public office, petitions for pardons and requests for the transfer of property inherited by the Government.

The media accreditation register contains information on media representatives who have been granted annual access (accreditation) to events organised on Government premises, with the exception of high-security events. The register is created annually based on the information provided by the media regarding the individuals who need accreditation.

We collect this data to ensure that those applying for membership of the media service and accreditation are representatives of the media and, thus, are entitled to use the service.

We process personal data in accordance with Article 6, paragraph 1, point (e) of the General Data Protection Regulation. The processing is necessary for the performance of a task carried out in the public interest.

The data stored

Persons registering for the media service are requested to provide their first name, last name, nationality, date of birth, email address, mobile phone number, address, organisation information, position or title and, in the case of freelancers, more specific details.

In the case of the media accreditation register, we request the organisation information, first and last name of the media representative, date of birth, position or title, email address, mobile phone number and photo. We also require the delivery address and name of the contact person for the purpose of delivering the access control card.

Disclosure of data

We do not transfer personal data outside the European Union or the European Economic Area. We also do not disclose personal data for purposes such as direct marketing, market surveys and opinion polls, yearbooks or genealogical studies.

Period for which the personal data is stored

We retain the data regarding Government media service membership until the media representative indicates that they no longer require the user ID.

The media accreditation register is renewed annually based on the previous year’s information. We retain the previous year’s information for no longer than one year.

The information service on Finnish Governments and Ministers is managed by the Prime Minister's Office and contains data on the ministers, advisers to ministers, and state secretaries who have served since Finland’s independence in 1917. 

The personal data and other information related to ministerial duties have been collected to determine the seniority of ministers, to satisfy the communication needs of the Government’s information and communications department, and for the purposes of historical research. The data has been published online at https://valtioneuvosto.fi/en/governments-and-ministers.

We process personal data in accordance with Article 6, paragraph 1, point (e) of the General Data Protection Regulation, that is, for the performance of a task carried out in the public interest.

The data stored

We store the following personal data in the information service on Finnish Governments and Ministers: last name, first name, gender, date and place of birth, profession, domicile, home province, membership of parliament, electoral district, former name, education, date of death, description of adviser’s task, date of appointment and date of resignation.

Disclosure of data

We do not transfer personal data outside the European Union or the European Economic Area. 

Period for which the personal data is stored

The personal data contained in the information service on Finnish Governments and Ministers is stored permanently.

The Truth and Reconciliation Commission Concerning the Sámi People operates in conjunction with the Prime Minister's Office. The Commission organises consultations to gather experiences from Sámi individuals and communities regarding their lives as Sámi people in Finland. When processing personal data related to the consultations, the Commission is the controller as referred to in the General Data Protection Regulation.

Read more about the consultations on the Commission’s website (available in Finnish and the Sámi languages):
https://sdtsk.fi/kuulemiset/ 
https://sdtsk.fi/app/uploads/2023/06/Tietosuojaseloste.pdf 

Data Protection Officer
Aslak Uula Länsman
Truth and Reconciliation Commission Concerning the Sámi People
[email protected]
+358 29 516 1040

The invitation to tender for the funding of government analysis, assessment and research activities is based on the Government’s annual plan for analysis, assessment and research. All analysis, assessment and research projects are put out to open tender. Invitations to tender are intended for organisations, such as universities and universities of applied sciences, research institutes, companies and organisations, or consortia formed by these, including international organisations.

Systems

All materials related to invitations to tender are published on the tietokayttoon.fi website. The submission and processing of applications and the monitoring and steering of projects take place in the VN-TEAS electronic services system. Submitting an application requires registration. All documents related to the Government’s analysis, assessment and research activities are stored in the VAHVA case management system.

Personal data stored

Name and contact information of the project contact person and the manager in charge of the project, CVs of project participants.

We process personal data in accordance with Article 6, paragraph 1, point (e) of the General Data Protection Regulation. The processing of data is necessary in order to perform a task carried out in the public interest.

Other data stored

Funding application documents and their appendices, statements on the applications, payment information and project reports.

Disclosure of data

The disclosure of data may take place only within the limits of the current legislation. Provisions on the openness of official documents and information are laid down in the Act on the Openness of Government Activities (621/1999). Documents in the public domain are disclosed upon request in line with the requirements of sections 13 and 16 of the Act on the Openness of Government Activities. Documents in the public domain may also contain confidential information or information for which disclosure has been restricted (usually personal data).

Confidential information may be provided at sight and disclosed to a party or by virtue of a right based in law only with the consent of the person concerned.

The data is not transferred outside the European Union or the European Economic Area.

Data storage period

The data is retained in accordance with regulations concerning the authorities and the decisions on retention periods made by the National Archives of Finland.

Skype is a communication platform produced for the Government by the Government ICT Centre Valtori as an on-premises service. When using Skype, users’ data is processed in Finland in a data centre run by Tietoevry, a subcontractor selected by Valtori through competitive tendering. Skype enables users to make and receive audio and video calls, send and receive quick messages and organise audio and video conferences with several participants, among other functions.

The co-controllers for Skype are the Prime Minister’s Office and Microsoft. Your personal data will be processed in Skype by the Prime Minister’s Office because this is necessary for the performance of a task carried out in the public interest. When you attend a government Skype meeting, please turn off your camera and microphone before joining the meeting.

The personal data stored

The following personal data is collected during government Skype meetings: your profile picture, if you have one; your video, if you have your camera on and the meeting is being recorded; your sound, if your microphone is unmuted; any comments you may have entered in the chat column; and your IP address.

Transfer of data outside the EU/EEA

It is possible that data related to your participation in a meeting (the name you have given, your IP address, etc.) and any information discussed in the meeting will also be transferred outside the EU/EEA through Microsoft and its subcontractors. As Microsoft is a global operator, the protection of personal data in Skype may not necessarily be carried out as required under Finnish and EU legislation.

Time limits for data deletion

The meeting organiser may decide to record the meeting for a special reason of public interest, such as the need for the training or press conference to be viewed after it is over. Not all meetings are recorded. The organiser will inform the participants of any recording, the purpose of the recording and the data storage period of the recording at the beginning of the meeting.

When you join a Skype meeting, your personal data will be stored in the platform. The general, obligatory personal data of government employees (name, organisation, title, email address, IP address, address of workplace) will be stored in the system for the duration of the employment relationship. This data is used in the identification of users, to manage authorisations, to provide the service and to troubleshoot errors.

Log data on the logins and activities of users is stored in the system for at least six months and at most two years, depending on the type of data. If you wish to have your messages or personal data deleted, you can contact the Registry of the Prime Minister’s Office, who will forward your request to the controllers.

We communicate across multiple channels. We use social media services to ensure that our communications reach as many members of the public as possible. Important matters are always announced in press releases, which are published on the Government website.

Each service has its own data protection policy. The Prime Minister’s Office uses the following social media channels and services:

• X(Twitter)
• Facebook
• Instagram
• YouTube
• LinkedIn

In matters pertaining to contracts, HR and financial administration, the Prime Minister's Office functions as the controller. We store data related to the processing of salary payments, travel and travel expenses, activities and work carried out in the Prime Minister's Office, invoicing and invoice payments, contract management and public procurement.

In accordance with Article 6, paragraph 1, point (c) of the General Data Protection Regulation, we store data in our registers that is necessary for compliance with our statutory rights and obligations.

The data stored

We only collect personal data to the extent necessary for processing. The personal data we collect can be divided into the following categories: identification data (e.g. a person's name, bank details), payment data (e.g. travel expenses), data relating to contracts (e.g. public procurement) and any other required data.

Disclosure of data

The disclosure or outsourcing of data can only take place within the limits of current legislation. We regularly disclose data to financial institutions for payment purposes, to Keva for pensions, to the Tax Administration for taxation purposes and to the Finnish Security Intelligence Service for security clearance purposes. Data processing has also been outsourced to the Finnish Government Shared Services Centre for Finance and HR and to system providers. Travel agencies may transfer personal data to third countries, in which case they, in the role of controllers, are responsible for processing the personal data in accordance with the General Data Protection Regulation.

Period for which the personal data is stored

Personal data related to contracts, HR and financial administration is stored in accordance with the relevant legislation governing the matter concerned. We provide more detailed information, upon request, regarding the retention periods of personal data in specific systems.

Microsoft Teams is a single communications and collaboration platform that combines continuous workplace discussion, video meetings, file storage (including file collaboration) and application integration. Teams is part of the cloud service package produced by Microsoft. The Prime Minister’s Office uses Teams to hold meetings with persons outside the Government, for example.

The co-controllers for Teams are the Prime Minister’s Office and Microsoft. Learn more about how Microsoft processes personal data. Your personal data will be processed in Teams by the Prime Minister’s Office because it is necessary for the performance of a task carried out in the public interest.

Stored personal data

The following personal data will be collected during the Government’s Teams meetings: your name or the username you provide; your profile picture, if you have one; any comments you enter in the chat; and your IP address.

Transfers of data to third countries

It is possible that data related to your participation in a meeting (the name you have given, your IP address, etc.) and any information discussed during the meeting will be transferred even outside the EU/EEA through Microsoft and its subcontractors. As Microsoft is a global operator, the protection of personal data in Teams will not necessarily be carried out as required under Finnish and EU legislation. During a Teams meeting, you should neither discuss, post or present information that is to be kept secret, nor anything related to someone’s private life or use of services provided by the Government.

Time limits for data deletion

When you join a Teams meeting, personal data will be stored in the platform. Messages and other input you send to the service will be stored until you or the administrator deletes them. If you wish to have your messages deleted, you can contact the Registry of the Prime Minister’s Office, who will forward your request to the controllers. Read more about data processing in and data deletion from Microsoft systems.

Job vacancies are published in the Valtiolle.fi (state recruitment portal) service, which is also the main channel for submitting applications for employment.

In the Valtiolle.fi service, we collect data which is essential for the selection process and which applicants themselves provide when submitting an application. At the end of the application process, we compile a memo in which we compare the applicants’ merits in accordance with the Public Servants Act and the instructions and recommendations issued by the Office for the Government as Employer. A list of applicants and a summary of merits are appended to the memorandum.

We process the data of applicants in accordance with Article 6, paragraph 1, point (c) of the General Data Protection Regulation, as well as with the Public Servants Act (750/1994), the Decree on Public Servants (971/1994) and the Act on the Protection of Privacy in Working Life (759/2004). 

The security clearance data of the appointed person is processed in accordance with sections 45 and 58–59 of the Security Clearance Act.

Systems

• Applications are submitted and processed in the valtiolle.fi service provided by Palkeet, the Finnish Government Shared Services Centre for Finance and HR.

• We conduct video interviews using the Recright video interview tool.

• Applications, interview videos, proposals for appointments and decisions on appointments are archived in the Government’s VAHVA case management system.

• Appointment-related matters decided on in the government plenary session and the presidential presentation are processed using the electronic decision support system.

The data stored

We collect the following personal data: identification data (name, gender, address, phone number, email address, and other contact information); personal information that the applicant has included in their application, such as education and work experience; other information supplied by the applicant in support of their application, such as a personal record or CV, school and study certificates, certificates of employment and testimonials, and references supplied by the applicant, video material recorded during the application process; as well as other necessary information relating to the application for employment and the filling of the position.

Other information stored

Descriptions of the positions/tasks to be applied for

Disclosure of data

As a rule, we do not disclose the data. However, we disclose personal data, upon request, in accordance with the Act on the Openness of Government Activities. The data and documents are public, unless special provisions on their secrecy have been laid down by law. We do not disclose data to countries outside the European Union or the European Economic Area. 

Period for which the personal data is stored

Applications for vacancies are removed from the profile created by the applicant in the valtiolle.fi system twelve (12) months after the end of the recruitment process. Applications are removed from the section of the valtiolle.fi service visible to the employer three (3) months after the end of the recruitment process.

In the Prime Minister's Office, the storage periods for data related to the recruitment process are determined specifically in accordance with the Archives Act (831/1994), the regulation of the National Archives (AL 16465/07.01.01.03.02/2016) and the office’s data management plan. The general retention period for recruitment documents (application documents) is two (2) years, unless otherwise provided. The general retention period is based on the Non-Discrimination Act (1325/2014) and the Act on Equality between Women and Men (609/1986). We provide more detailed information about processing times upon request.

Newsletters and other material on current issues can be ordered via our website. Personal data given when ordering are processed by the Prime Minister’s Office’s staff and our service provider Emaileri, with whom we have agreed on how personal data is to be processed.

We process your personal data to comply with the statutory obligation of the Prime Minister’s Office (Article 6(1)(c) of the General Data Protection Regulation and section 20 of the Act on the Openness of Government Activities) and based on your consent.

The data stored

At the subscription service for newsletters and material on current issues we store the email address provided when ordering.

Disclosure of data

We transfer no personal data outside the EU or the EEA except for the email addresses of subscribers to the internal EU Presidency newsletter. We also do not disclose personal data for purposes such as direct marketing, market surveys and opinion polls, yearbooks or genealogical studies.

Period for which the personal data is stored

Data are stored in the subscription service for material on current issues and subscription system for the newsletter until the subscriber terminates the subscription or the material is no longer published.

Data submitted via a feedback form are removed one year after the feedback was submitted.

In the Government image bank, registered users can download and share communication material, such as photos and videos.

The purpose of the personal data file is to identify the users of the image bank that is intended for employees of the Prime Minister's Office and other ministries, as well as to grant access to the material.

The personal data file, or register, contains data about ministry employees who use the image bank to download and share photos, videos and other files. Access to the image bank may also be granted to individuals outside the ministries. 

We process personal data in accordance with Article 6, paragraph 1, point (e) of the General Data Protection Regulation. The processing is necessary for the performance of a task carried out in the public interest.

The data stored

During the registration process, we collect the person’s name, email address, phone number, position and organisation. In addition, we request users to select Finnish, Swedish or English as their preferred language.

Disclosure of data

No personal data is transferred outside the European Union or the European Economic Area.

Period for which the personal data is stored

We remove personal data from the system when we detect that the service is no longer needed, for example, on completion of a project, when we remove all the users involved in the project. A user's personal data is also removed when the user has not used the service in over a year, or no longer works at the Ministry.

The website feedback form can be used to submit questions and feedback. Visitors can also comment on our blogs.
We process personal data in accordance with Article 6, paragraph 1, point (e) of the General Data Protection Regulation. The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The data stored

When submitting feedback via the feedback form, users are requested to provide their name. If the person submitting the feedback wishes to receive an answer to their question, we will require an email address. Users have the option to provide the name of their organisation, if they wish.

For comments on blogs, users are requested to provide both their email address and a name that will be shown on the website next to the comment. 

Disclosure of data

We do not transfer personal data outside the European Union or the European Economic Area. We also do not disclose personal data for purposes such as direct marketing, market surveys and opinion polls, yearbooks or genealogical studies.

Period for which the personal data is stored

Information submitted via a feedback form is removed one year after the feedback was submitted. Comments on blogs are stored throughout the life cycle of the blog text.

Technical log data is collected on the use of the website and the telecommunications connections used to access it. This data is necessary for the provision of the online service and for ensuring information security. The log data includes information relating to an identified or identifiable natural person, such as their IP address and time stamp. This log data is used only to enable the provision of the service via the telecommunications network and to investigate any disruptions and information security incidents.

Some pages of the website embed an external application, such as a social media feed, video or podcast. These applications use cookies that transmit data on the pages viewed to third parties.

We do not directly collect data that would make it possible to identify individual visitors.  However, in some cases, an IP address can be considered personal data.

In addition to the IP address, general statistical information on the use of the site is collected for the purpose of improving the online services. The data collected includes details of the pages viewed, time of visit, IP address, web browser and operating system.

We collect participant information in advance for events organised by ministries or organised in premises of the ministries. Personal data are processed for the purposes of organising the events and to ensure our collective security.

Visitors will need to show proof of identity when arriving at the premises of the ministries. Advance collection of data and proof of identity are based on a statutory obligation that the ministries must comply with (Article 6(1)(c) of the Data Protection Regulation, section 8 of the Occupational Safety and Health Act).

The storage of data ex post is based on the performance of the public interest task of the ministries (section 4 of the Data Protection Act). Where information on a visitor's name and organisation must be included in the accounting records, the storage of such information is based on section 46 of the Budget Decree.

Data storage

The visitor's name, organisation, email address and telephone number (in some cases) are recorded during the visit. In some cases a job title or position is also recorded and, if necessary, information on possible dietary requirements is stored.

Disclosure of data

The personal data of visitors are processed by Senate Properties Ltd and its subcontractor Avarn Oy. Other personal data processors are also used for events organised outside government premises.

The data are not disclosed to anyone outside  the Government except when the data are needed by the venue due to its own security regulations. In some training events, seminars and similar events, the list of participants may be distributed to other participants for networking and other cooperation in order to carry out a public interest task, unless the participant has expressly prohibited the sharing of information.

If data on visitors form a participant list or other document of the public authority, as a rule, it is a public document. Everyone has the right to obtain information on public documents as laid down in the Act on the Openness of Authorities.

Where a visit or event does not include international connections, the data are not transferred outside the EU or the EEA or to international organisations.

Data storage period

Visitor data will be removed daily from the Senaatti booking system for meeting rooms. The participant lists and contact details of regularly recurring events are stored in a separate system until the next corresponding event is organised. In accordance with the Government Information Steering Plan, the data on participants in some events may be stored for ten years or permanently. Such events include events hosted by a minister, which are recorded as government material, or other events of particular importance organised by a ministry.

If the visit includes catering, such as coffee or lunch and depending on the type of catering and number of participants, personal data may also be entered in our accounting records. As a rule, data in the form of receipts is stored in the accounts records for six years after the end of the year of the visit.

Visitor data are stored for such period of time that is required for arranging the event and carrying out follow-up activities, but no longer than 6 months after the event; except in certain cases where the data are stored for as long as  is required for financial administration, archiving, or the retention of technical backup copies. For example, in visits involving coffee or lunch, personal data may be incorporated into the ministry's accounting records. As a rule, data in the form of receipts is stored in the accounts records for six years after the end of the year of the visit.

Virkku is a shared service management system of the Government, which is used by all government employees. The Virkku service consists of a client portal available to all government officials, through which requests for shared services can be made to the Government, and a user interface for service providers, where experts from different services can handle service requests. In some cases, the Virkku service stores the personal data of contact persons outside the Government if the data is necessary in order to process the service request (e.g. delivery of letters and materials).

We process personal data in accordance with Article 6, paragraph 1, point (c) of the General Data Protection Regulation (GDPR). Such processing is necessary for the fulfilment of the statutory duties of the Prime Minister’s Office. Further grounds for processing the data are provided in section 2, subsection 3 of the Act on the Government (175/2003): The Prime Minister’s Office is responsible for the common administrative and service tasks of the Government and its ministries. The Prime Minister’s Office also directs and coordinates processes related to the common administrative and service functions.

The data stored

Services ordered through Virkku may require the contact details of persons outside the Government. The data is stored in the system when the service request is sent. Such services include letter and material delivery services and printing and copying services. In these cases, the details stored are the contact person’s name, address (email and/or postal address) and, in some cases, telephone number.

Disclosure of data

Officials working at the Prime Minister’s Office process personal data stored in the Virkku system in their official duties. Personal data may also be processed by external suppliers involved in the implementation of the service. The data in the Virkku system is processed in the EU/EEA.

Period for which the personal data is stored

The contact details of persons outside the Government will be removed from the system within six months of resolving the service request unless there is a specific reason to retain the details thereafter.