Data protection

Privacy statement, treasuryfinland.fi

Drafted on 13 April 2018, updated on 10 March 2022.

1. Controller

Name: State Treasury
Address: Sörnäisten rantatie 13, PO Box 14, FI-00054 State Treasury
Other contact details: tel. +358 (0)295 50 2000, kirjaamo(at)statetreasury.fi

2. Contact person in matters related to the register

Name: Tiina Heinilä, Finance Division
Address: Sörnäisten rantatie 13, PO Box 14, FI-00054 State Treasury
Other contact details: +358 (0)295 50 2229, tiina.heinila(at)statetreasury.fi

3. Data protection officer

Heikki Kangas, tel. +358 (0) 295 50 2156, dpo(at)statetreasury.fi

4. Legal basis and purpose for processing of personal data

1. Delivering mailing list subscriptions (the State Treasury’s various press releases, newsletters and order forms): The contact details provided by the customer are used only for delivering the subscription. The State Treasury maintains a separate customer register in Emaileri for the purpose of distributing publications (not linked to the website). The customer gives their consent by writing their contact details on the subscription form.

2. Responding to customer feedback (feedback form): The contact details provided by the customer are used only for responding to feedback. The giving of contact details is voluntary. The customer gives their consent by writing their contact details on the feedback form.

3. Visitor monitoring: To support website development, we use cookies to collect statistical data about the use of the website. However, the user cannot be identified based on the data collected. We use Siteimprove Analytics visitor monitoring

4. Call recordings: Some of the incoming and outgoing calls at the State Treasury’s Finance division are recorded. State Treasury follows general financial sector practices in the recording of telephone calls and listening to recordings. Recordings allow telephone conversations to be verified and the terms and conditions of transactions and contracts to be ascertained after the fact in the event that any disputes arise between the parties.

The recoding of telephone calls is based on Article 6(1)(b;c;e) of the EU’s General Data Protection Regulation. The recording is necessary in order to be able to fulfil agreements or carry out statutory duties and tasks related to the public interest.

5. Siteimprove feedback function: The State Treasury uses the Siteimprove feedback function on its website to collect information about user experiences on the site. Cookies are used in the service. Cookies do not allow users to be identified.

5. Information content of the register

1. Subscriptions / subscription cancellations for newsletter mailing lists(* = required information): first name*, last name*, email address*, organisation and the mailing list subscribed*.

2. Feedback: data provided by feedback giver (not compulsory), generally email address and name. The State Treasury responds to the feedback using the data.

3. Visitor monitoring (Siteimprove Analytics): User IP address without the identifying final section (= anonymised IP), in which case Siteimprove Analytics only uses part of the IP address collected instead of the entire address. The user is able to select the ‘do not track’ setting on their browser, in which case Siteimprove Analytics does not even collect the above data. Using the IP address, data is collected for the purpose of visitor monitoring on the actions carried out by the user on the website. This data includes e.g. navigation within the site, clicking on links, length of visit and information about where the visitor connected to the service from and where they transferred to afterwards. Further information about the anonymisation of an IP address is available at https://help.siteimprove.com/support/solutions/articles/80000863889

4. Call recordings: Calls made to and from numbers to be recorded are recorded in their entirety. In addition, the following identifying information is stored: 1) the start and end times of the call; 2) the number of the caller; 3) the number called; 4) name and telephone number of the officer.

5. Siteimprove feedback function: Siteimprove stores a random-generated string in the browser to identify transactions from the same browser. The following information can be combined with the cookie: the time of day, the pages visited, what reactions the customer has given on each page and what feedback the client has given on each page. Cookies do not allow users to be identified.

6. Ordinary information sources

Steps 1-2 and 4: The data is collected from the customer themselves

Step 3 and 5: The data is collected using cookies.

7. Regular disclosures of data

Steps 1–5: The data is not disclosed to others.

8. Regular disclosures of personal data or transfer of data to outside the EU or the EEA

The data is not disclosed to others.

9. Principles of register protection

Steps 1-3 and 5: The register does not contain confidential material.

Only individuals authorised by the controller have access to the data processed within the information system. Access rights are kept up-to-date by regular inspection, and unnecessary access rights are removed. The information network and terminals containing the filing system are protected using technical measures.

Step 4: The register contains confidential materials.

Only individuals authorised by the controller, who are under obligation of secrecy, have access to the data processed within the information system. Access rights are kept up-to-date by regular inspection, and unnecessary access rights are removed. The information network and terminals containing the register are protected using technical measures.

10. Data storage period / criteria for determining storage period

Step 1 (subscriptions): The data is saved into the State Treasury’s customer register for newsletter subscriptions in Emaileri and it is stored there for the duration of service’s life cycle or until the customer cancels their subscription. A link for cancellation of subscription is included in every email message sent.

Step 2 (feedback): The data is stored only for the period required for processing the customer’s affairs. It is not saved into the register.

Step 3 (visitor monitoring): The data collected using cookies is stored in the Siteimprove Analytics, where data is stored for 1000 days. When the cookie storage period ends, expired data is automatically removed.

Step 4 (call recordings): Call recordings are stored for no longer than 2 months, after which period they are removed automatically.

Step 5 (React & Share feedback function): React & Share cookies are saved for 30 days, after which they automatically exit.

11. Information about automatic decision-making (e.g. profiling) and information about the logic of data processing and its impacts on the data subject

No automatic decisions or profiling are carried out using the data.

12. Right of access

The data subject has the right to access his or her data in the register. Requests should be sent to the registry office.

13. Rectification of data

The data subject has the right to access his or her data in the register. Requests should be sent to the registry office.

14. The right to object to processing of personal data

Steps 1-3 and 5: The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of their personal data, such as profiling.

Step 4 (call recordings): Calls are recorded in order to carry out statutory duties and tasks related to the public interest. The data subject does not have the right to object to the processing of their personal data.

15. Right to restriction of processing

The data subject has the right to restrict the processing of his or her personal data as specified in Article 18 of the GDPR.

16. Right to erasure

Steps 1-3 and 5: The data subject has the right to request that the controller erase their personal data from the person register. Requests should be sent to the registry office.

Step 4 (call recordings): Calls are recorded in order to carry out statutory duties and tasks related to the public interest. The data subject does not have the right to have their personal data removed.

17. Right to lodge a complaint

The data subject has the right to lodge a complaint with a supervisory authority if the data subject believes that his or her rights have been infringed by the actions of the controller.

18. Other rights

Personal data is neither used nor disclosed for the purpose of direct advertising, distance marketing or other directing marketing, market and opinion research, registers of individuals, or genealogies.

19. Use of cookies

We use cookies on our webpages. The only purpose of the cookies is to technically facilitate the use of the service. A cookie is a small text file which is sent to the user’s computer and stored there, and which enables the website administrator to recognise regular visitors to the website and to facilitate their use of the webpages.

Cookies do not cause damage to a user’s computer or files. If a user visiting our webpages does not want us to obtain the information mentioned above through the use of cookies, most web browsers have functions for disabling cookies. On ChromeTM, for example, this can be done by selecting “Settings”, then “Privacy and security”, and then “Site settings” and ”Cookies and Site Information”.

It is nevertheless good to take note that the cookies may be needed for the correct functioning of some of the services we offer and some of the websites available.

For more information on cookies in Siteimprove Analytics, see page Siteimprove Analytics cookies >

, Updated 10.3.2022 at 09:40