Guidance and advice to customers privacy statement

The purpose of this privacy statement is to provide information on the processing of personal data in accordance with the EU General Data Protection Regulation (EU) 2016/679. The statement will be updated if necessary.

1. Register controller and the controller's contact details

Development and Administration Centre of the Centres for Economic Development, Transport and the Environment (KEHA Centre)

Guidance and advice to customers P.O. Box 1000, 50101 Mikkeli Visiting address: Jääkärinkatu 14, 50100 Mikkeli Tel. +358 295 020 000, kirjaamo.keha@ely-keskus.fi

2. Data protection officer

Data Protection Officer: tietosuoja.keha@ely-keskus.fi

3. Names of the registers

Guidance and advice to customers division at the KEHA Centre (Personal customer and official services, Enterprise Finland helpline, Talousapu helpline, Work In Finland employer advisory services for international recruitment) customer service systems’

  • telephone calls
  • chat conversations 
  • e-mails
  • electronic contact requests.

4. Purpose of personal data processing

Article 6 of the EU General Data Protection Regulation (EU) 2016/679.

Information is needed for the performance of statutory tasks, for the implementation of services and for communication, as regulated by the following laws:

  • Act on the organisation of employment services, 380/2023
  • Unemployment Security Act, 1290/2002
  • Act on the Promotion of Integration, 681/2023
  • Act on Rehabilitative Work Activities, 189/2001
  • Act on multi-sectoral joint services promoting employment, 381/2023
  • EU Regulation on a digital gateway, EU 2018/1724
  • EU Directive on preventive restructuring frameworks and discharge of debt, EU 2019/1023
  • Directive on restructuring and insolvency, EU 2017/1132

The information is used to verify the service event in case of a complaint and for the development of operations and the training of customer service personnel in order to improve the quality of the service.

5. Register’s data content and personal data groups

Data stored in the register includes data reported by the customer and the data generated in a customer service situation, such as:

personal identification data:

  • name and personal identity code
  • address and phone number, e-mail address, IP address
  • employment and work history information and unemployment security information
  • personal information that has been created in a counselling or guidance situation, brought up by the customer or the official

business information:

  • name and business ID
  • address and phone number, e-mail address, IP address
  • topics of the enquiries
  • business operations-related information created in a counselling or guidance situation, brought up by the customer or the official.

6. Data retention period

Call recordings are stored for six (6) months. For quality development projects and complaints, individual recordings may be stored for a longer period, but no longer than 12 months. Data from identifying at the suomi.fi service which was given while queuing is not stored in the system. Suomi.fi identification is displayed to the expert only for the duration of the conversation.

Chats do not contain identifying information on customers. The conversation threads are kept for six (6) months. During the conversation, the customer can choose to have the chat history be sent to them by e-mail.

Emails and electronic contact requests are stored for six (6) months. The conversation is saved in the customer's e-mail. 

The data collected in electronic service requests in the Business Finland guidance and advice service (customer’s situation citizen/company/other, customer’s country of location, topic of the enquiry) and customer satisfaction surveys will be stored in the European Commission’s data repository for a maximum of three years, after which it will be automatically removed.

7. Regular data sources

Information provided by the customer and generated during the conversation as well as the national systems of employment services, the Trade Register, the Register of Foundations and the Register of Associations, and the joint customer information system of the administrative sector of the Ministry for Economic Affairs and Employment and the Ministry for Foreign Affairs. Customer identification

information is obtained from the Digital and Population Data Services Agency through the suomi.fi identification service.

8. Regular disclosure of information

No regular disclosure.

The Guidance and advice to customers service by the KEHA Centre discloses customer information to other authorities only when disclosure is regulated by law.

9. Regular disclosure of personal data or transfer of data outside the EU or the EEA

The data shall not be disclosed or transferred outside of the EU or the EEA.

10. Principles of register protection

Article 32 of the EU General Data Protection Regulation (EU) 2016/679.

The information security and protection of personal data in the Customer and Advisory Services area of responsibility of the KEHA Centre is systematically taken into account in all data use and processing. The Guidance and advice to customers Division of the KEHA Centre processes personal data securely and in accordance with legislation.

All processors of personal data in the Guidance and advice to customers division of the KEHA Centre sign a confidentiality commitment. Register data is only used by persons who need this data in their work tasks according to their access rights. The service provider of the storage system has a duty of professional secrecy.

11. Inspection right and requesting data

Article 15 of the EU General Data Protection Regulation (EU) 2016/679.

The data subject has the right to inspect the data in the register concerning him or her.

The inspection request must always be made in writing and must be signed. The inspection request must specify the time of the communications that the request concerns as well as the contact details used for the communications. Address the inspection request to the Guidance and advice to customers division of the KEHA Centre and send it by post or e-mail to the registry of the KEHA Centre (contact details in section 1). The sender of the email must encrypt the email in order to ensure privacy. Read more about inspecting your data (tietosuoja.fi)

The recording of the call can be listened to in a separately agreed manner. The customer must be prepared to prove their identity.

12. Right to rectify data and erase data

Articles 16 and 17 of the EU General Data Protection Regulation (EU) 2016/679.

The data subject has the right to demand the correction and erasure of incorrect personal data in the register.

A request for rectification must always be made in writing and must be signed. The written request must specify which personal data file the rectification request applies to. Address the request to the Guidance and advice to customers division of the KEHA Centre and send it by post or e-mail to the

registry of the KEHA Centre (contact details in section 1). The sender of the email must encrypt the email in order to ensure privacy. Read more about making a request for rectification (tietosuoja.fi)

The right to erase data does not apply to the personal data that employment officials need for the performance of a statutory task. 

For any refusal to correct/erase data, a written report is sent to the customer indicating the reasons for the refusal.

13. Complaint or appeal concerning the processing of personal data

Article 77 of the EU General Data Protection Regulation (EU) 2016/679.

The data subject has the right to lodge a complaint with the Data Protection Ombudsman if he or she considers that the processing of personal data infringes the EU Data Protection Regulation.

-

Updated: