Guidance and Advice to Customers privacy statement

The purpose of this privacy statement is to provide information on the processing of personal data in accordance with the EU General Data Protection Regulation (EU 2016/679). The statement will be updated if necessary.

1. Register controller and the controller's contact details

KEHA Centre

Guidance and advice to customers

P.O. Box 1000, 50101 Mikkeli

Tel. +358 295 020 000, kirjaamo@keha-keskus.fi

2. Data protection officer

Data Protection Officer: tietosuoja@keha-keskus.fi

3. Names of the registers

Guidance and advice to customers division at the KEHA Centre (Personal customer and official services, Enterprise Finland helpline, Talousapu helpline, Work in Finland employer advisory services for international recruitment) customer service systems’

  • telephone calls,
  • chat conversations,
  • emails, and
  • electronic contact requests.

4. Purpose of personal data processing

Article 6 of the EU General Data Protection Regulation (EU 2016/679).

Information is needed for the performance of statutory tasks, for the implementation of services and for communication, as regulated by the following laws:

The information is used to verify the service event in case of a complaint and for the development of operations and the training of customer service personnel in order to improve the quality of the service.

5. Register’s data content and personal data groups

Data stored in the register includes data reported by the customer and the data generated in a customer service situation, such as:

Personal identification data

  • name and personal identity code
  • address and phone number, email address, IP address
  • employment and work history information and unemployment security information
  • personal information that has been created in a counselling or guidance situation, brought up by the customer or the official

Business information

  • name and business ID
  • address and phone number, email address, IP address
  • topics of the enquiries
  • business operations-related information created in a counselling or guidance situation, brought up by the customer or the official

6. Data retention period

Call recordings are stored for six (6) months. For quality development projects and complaints, individual recordings may be stored for a longer period, but no longer than 12 months. Data from identifying at the Suomi.fi service which was given while queuing is not stored in the system. Suomi.fi identification is displayed to the specialist only for the duration of the conversation.

Chats do not contain identifying information on customers. The conversation threads are kept for six (6) months. During the conversation, the customer can choose to have the chat history be sent to them by email.

Emails and electronic contact requests are stored for six (6) months. The conversation is saved in the customer's email. 

The data collected in electronic service requests in the Business Finland guidance and advice service (customer’s situation citizen/company/other, customer’s country of location, topic of the enquiry) and customer satisfaction surveys will be stored in the European Commission’s data repository for a maximum of three years, after which it will be automatically removed.

7. Regular data sources

Information provided by the customer and generated during the conversation as well as the national systems of employment services, the Trade Register, the Register of Foundations and the Register of Associations, and the joint customer information system of the administrative sector of the Ministry for Economic Affairs and Employment and the Ministry for Foreign Affairs. Customer identification

information is obtained from the Digital and Population Data Services Agency through the Suomi.fi identification service.

8. Regular disclosure of information

No regular disclosure.

The guidance and advice services to customers by the KEHA Centre disclose customer information to other authorities only when disclosure is regulated by law.

9. Regular disclosure of personal data or transfer of data outside the EU or the EEA

The data shall not be disclosed or transferred outside of the EU or the EEA.

10. Principles of register protection

Article 32 of the EU General Data Protection Regulation (EU 2016/679).

The information security and protection of personal data in the Customer and Advisory Services area of responsibility of the KEHA Centre is systematically taken into account in all data use and processing. The Guidance and advice to customers Division of the KEHA Centre processes personal data securely and in accordance with legislation.

All processors of personal data in the ‘Guidance and advice to customers’ division of the KEHA Centre sign a confidentiality commitment. Register data is only used by persons who need this data in their work tasks according to their access rights. The service provider of the storage system has a duty of professional secrecy.

11. Right of Access and Requesting Information

Article 15 of the EU's General Data Protection Regulation (EU) 2016/679.

The data subject has the right to inspect the data in the register concerning them

The inspection request must always be submitted in writing and must be signed. The inspection request must specify the date and time of the contact in question as well as the contact details from which the contact was made. Address the inspection request to the ‘Guidance and Advice to Customers division’ of the KEHA Centre and send it by post or email to the registry office of the KEHA Centre (contact details in section 1). The sender of the email must encrypt the email in order to ensure privacy

12. Right to Rectification and Erasure of Personal Data

Articles 16 and 17 of the EU's General Data Protection Regulation (EU) 2016/679.

The data subject has the right to request the rectification or erasure of inaccurate personal data contained in the register.

A rectification request must be submitted in writing and signed. The request must specify the personal data register to which it relates.

The request should be addressed to the Guidance and Advice to Customers division’ of the KEHA Centre and send it by post or email to the registry office of the KEHA Centre (contact details in section 1). The sender of the email must encrypt the email in order to ensure privacy

The right to erasure does not apply to personal data that an authority requires on order to carry out its statutory duties.

If a request for rectification or erasure is refused, the customer will be provided with a written statement explaining the reasons for the refusal.

13. Complaint Regarding the Processing of Personal Data

Article 77 of the EU's General Data Protection Regulation (EU) 2016/679.

The data subject has the right to lodge a complaint with the Data Protection Ombudsman if they consider that the processing of their personal data violates the EU General Data Protection Regulation.

Updated: