Processing of personal data in the Ministry of Transport and Communications

Contact

Konsta Luukka, Procurement Lawyer
PO Box 31, FI-00023 Valtioneuvosto
tel. +358 295 342 084
[email protected] 

Purpose and legal basis of the processing of personal data

The Ministry of Transport and Communications processes personal data for surveying markets and for processing tenders, participation requests and contracts in the procurement procedure, including carrying out the related exchange of information.  In separately indicated situations, personal data may be processed for the purpose of comparing tenders. The processing is necessary for compliance with legal obligations (Article 6(1)(c) of the General Data Protection Regulation). 

If the value of the procurement does not exceed the thresholds laid down in the procurement legislation, the processing is based on the performance of a task carried out in the public interest (Article 6(1)(e) of the General Data Protection Regulation and section 4, paragraph 2 of the Finnish Data Protection Act).

Data is not used for automated decision making or profiling. Personal data is not used, or disclosed for use, in direct advertising, distance selling or any other direct marketing, nor for market surveys, opinion polls, public registers or genealogical studies.

Personal data to be processed

The processing concerns personal data necessary for each procurement process. These include: 

• Forename and surname
• Personal identity code
• Role in the organisation
• Education, professional qualifications and experience
• Postal code
• Telephone number
• Email address
• E-invoice address or email address for invoicing
• Certificates and evidence on the mandatory criteria for exclusion referred to in section 80 or the discretionary criteria for exclusion referred to in section 81 of the Act on Public Procurement and Concession Contracts (1397/2016)
• Evidence required in section 5 of the Act on the Contractor's Obligations and Liability when Work is Contracted Out (1233/2006) 

Provision of data is based on a legal obligation and on the invitation to tender or on other procurement documents. Participants in the procurement procedure must provide the information specified in the invitation to tender or in other procurement documents. The contracting entity shall exclude from competitive tendering any tenders that fail to correspond to the invitation to tender or to the terms and conditions of the tendering procedure. 

Regular sources of data

Personal data is usually collected from the data subjects themselves or from those submitting a tender or a request to participate. The Ministry of Transport and Communications may also retrieve data from public registers, such as the trade register maintained by the Finnish Patent and Registration Office and the business credit information register of Suomen Asiakastieto. 

Recipients of personal data

Depending on the procurement, personal data may be received by the Ministry of Transport and Communications, Hansel, which is the central government joint procurement unit, a consultant commissioned by the Ministry or another subcontractor. They are obliged to comply with the Ministry's instructions on the processing of personal data.

As a rule, we do not disclose personal data. The data may be disclosed to the authorities upon request in accordance with the Act on the Openness of Government Activities. The data and documents are public, unless special provisions on their secrecy have been laid down by law.

Planned time limits for erasure of personal data

The Ministry of Transport and Communications retains the personal data of participants in the procurement procedure for 6 years after the contract is signed or the document published. Certain data may be retained for 10 years or permanently.

Data on criminal records will be removed immediately after the records have been checked.

Purpose of the processing of personal data 

In its stakeholder activities, the Ministry of Transport and Communications processes the personal data of stakeholder representatives, such as the personal data of participants in events organised by the Ministry and visitors to the Ministry. The Ministry processes stakeholders' personal data in order to ensure appropriate event organisation, including registration, special diets and communication, and to ensure other forms of cooperation and our common safety and security (access control and preparedness for rescue operations). Personal data is also processed for the purpose of communications, information and stakeholder engagement related to the Ministry's activities. 

Depending on the event, the Ministry of Transport and Communications may be required to store some of your personal data due to the transparency of the use of government funds.

Legal basis for the processing of personal data

The processing of personal data is usually based on the performance of a task carried out in the public interest (Article 6(1)(e) of the EU General Data Protection Regulation and section 4 of the Finnish Data Protection Act). To ensure safety and security, collecting your data before you visit the Ministry is based on compliance with a legal obligation (Article 6(1)(c) of the EU General Data Protection Regulation, section 8 of the Occupational Safety and Health Act). If your name and organisation need to be appended to the accounting records, the storage of this data is also based on a legal obligation (section 46 of the Budget Decree).

The request for dietary information is based on consent (Article 6(1)(a) of the EU General Data Protection Regulation). 

Personal data to be processed

The Ministry processes data on the visitors to the Ministry and participants of events organised by the Ministry, including stakeholders and journalists. The Ministry also processes data on other stakeholders obtained from the persons themselves or from public sources.

The Ministry usually only processes the person's name, organisation and email address. In some cases, information on telephone numbers, roles or titles and special diets is also collected. 

The Ministry’s events may be recorded on video or streamed. Photos may be taken at the events. Personal data to be collected includes the photos and video and voice recordings. The material may be used for communications purposes, such as sharing information about the event. However, it will never be used for commercial purposes.

If an event is streamed online or recorded, it will be announced in the registration form or invitation or at the event itself. As a rule, the audience will not be photographed or filmed. The possibility of people, other than the presenter, appearing in a live webcast or recording will be informed of before the start of the webcasting or recording. The area to be covered by the webcast or recording will be announced, too. Recordings may be published on the Ministry's communication channels, such as the YouTube account. The place of storage is specified on the registration form or invitation for the event and announced at the event.

The Ministry will also process personal data that may appear in the course of the conversation at the event. For example, in a virtual event, the participants may ask questions, and the name, organisation and voice recording of the participant may be stored. 

Recipients of personal data

When you visit government premises, including the Ministry of Transport and Communications, your data will be processed on behalf of the government by Senate Properties Ltd and its subcontractor Avarn Oy. Other processors are also used for events organised outside government premises. These service providers have contractually agreed to process personal data in accordance with the instructions they have received and to comply with the data security requirements during the processing of data. 

When we organise events and send invitations, a third party may provide its services, such as an event management tool, through which registrations can be submitted (for example, Webropol or Lyyti).

Your data will not normally be disclosed outside the government unless the event venue needs the data for the purposes of its own security regulations. In certain training events, seminars and other similar events, the list of participants may, for the performance of a task carried out in the public interest, be shared with other participants for networking and other cooperation purposes, unless you have objected to sharing your data. In the context of projects funded by the European Union, the names can be submitted to the European Commission. 

Transfer of personal data to a third country or to an international organisation

In the case of a normal visit or another event with no international connections, your data will not be transferred outside the European Union or the European Economic Area or to international organisations. 

Planned time limits for erasure of personal data

When the event takes place on government premises, your data will be stored in the Senaattila facility booking system until the day of your visit. For regular events, the lists of participants and the participants’ contact details will be stored in a separate system until the next corresponding event with a similar topic is organised. In accordance with the Government data management plan, data on participants in certain events may be stored for ten years or permanently. These include events hosted by a minister, or any other functions organised by the Ministry that are regarded as highly important. Other information related to the communication and cooperation purposes will be stored for a period required for the particular purpose.

The Ministry of Transport and Communications also adheres to good governance and transparency in the use of government resources. If catering, such as coffee or lunch, is provided, your name and organisation may be included in our bookkeeping material, depending on the number of participants and the type of catering provided. This is the policy for official functions at least. We normally store receipts in our bookkeeping system for six years from the end of the year of the visit. For projects funded by the European Union or for other externally funded projects, the storage period may be affected by different requirements of the sponsor, which may arise from EU legislation or an obligation or agreement concerning the Ministry of Transport and Communications.

Information on dietary requirements will be erased immediately after the event. More detailed information on the processing and storage times related to each visit is available from the officials organising the event or from the Data Protection Officer of the Ministry of Transport and Communications.

Purpose and legal basis of processing of data

The Ministry of Transport and Communications receives letters, feedback, inquiries and requests for information that private individuals, stakeholders and journalists send to the ministers and the Ministry. When communications related to the Ministry's activities are delivered to the Ministry of Transport and Communications, they are recorded in the Ministry's case management system. 

The Ministry of Transport and Communications processes personal data where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Ministry (Article 6(1)(e) of the EU General Data Protection Regulation).  

Processing of personal data

In the case of written communications, the Ministry only processes the personal data that the person who contacted the Ministry has provided. Such data typically includes name and contact information.

By agreement, personal data related to telephone calls may be registered in the Ministry of Transport and Communications case management system for the purpose of examining the matter and responding to the call. The personal data to be collected includes the caller’s name and telephone number and, if necessary, other information necessary for dealing with the matter. 

Planned time limits for erasure of personal data

Letters from citizens to which a reply has been given are stored permanently, whereas letters from citizens that do not lead to any measures are stored for 2 years. Information requests and document requests are retained for 10 years.

The Ministry only processes the data related to phone calls and call-back requests for the time it takes to deal with the matter.

Contact person

Paula Rinne, Communications Specialist
PL 31, 00023 Valtioneuvosto
[email protected] 

Purposes for processing personal data 

The purpose of the processing is to transmit press releases to subscribers, and to process personal data for purposes associated with web services and for research.

Legal basis for the processing of personal data

The legal basis for the processing of personal data is the consent for data processing collected from the subscriber. Giving personal data is a precondition for the provision of press releases.

The data are not used for automated decision making or profiling. Personal data are not used, or disclosed for use, in direct advertising, distance selling or any other direct marketing, nor for market surveys, opinion polls, public registers or genealogical studies.

Personal data to be processed

The Ministry of Transport and Communications processes the subscriber's email address, material they wish to receive, their choice of language and subscription history. In addition, the confirmation date of the subscription is saved. Data are collected for the provision of subscriptions.

Regular sources of data

Personal data are received from the subscriber. 

Recipients of personal data

Ambientia, the service provider on Government ICT Centre Valtori’s website, participates in the processing of press release subscriptions in the role of data processor. Valtori is the processor of personal data and the Ministry of Transport and Communications is the controller.

Planned time limits for erasure of personal data

The data are stored in the press release service until the subscriber cancels the subscription. When the subscriber terminates the subscription, the personal data will be anonymised.

Purpose and legal basis of processing of data

The Ministry of Transport and Communications processes information on job applications in accordance with Article 6(1)(c) of the General Data Protection Regulation in order to comply with the controller's legal rights and obligations. With the consent of the person selected for the role, a personnel security clearance may be carried out on the person (Security Clearance Act 726/2014). In addition, the Ministry complies with the Act (750/1994) and Decree (971/1994) on Public Officials in Central Government and the Act on the Protection of Privacy in Working Life (759/2004) in the processing of personal data.

Personal data to be processed

The groups of data subjects include the applicants for jobs at the Ministry. The Ministry processes the applicant's identification data, education and work experience data and other data on competence (e.g. curriculum vitae, work and study certificates and aptitude assessment), other information given in the application, and information needed for conducting a security clearance.

Recipients or categories of recipients of personal data

Information is disclosed regularly to the Finnish Security Intelligence Service for security clearances.

Planned time limits for erasure of categories of personal data

The Ministry of Transport and Communications stores the data in accordance with the Archives Act (831/1994), the National Archives Service Screening Decision (AL/12327/07.01.01.03.01/2015) and the Government's data management plan.

Purpose and legal basis of processing of data

The Ministry of Transport and Communications annually prepares proposals for decoration conferrals in its administrative branch and submits them to the Orders. The Ministry of Transport and Communications processes personal data in order to comply with a legal obligation to which it is subject (Article 6(1)(c) of the EU General Data Protection Regulation). The data processing is based on the Act on Public Expressions of Recognition, the statutes of the Order of the White Rose of Finland, the Decree on the Establishment of the Order of the Lion of Finland, and regulations of the Orders concerning decoration conferral. 

Personal data to be processed

The Ministry of Transport and Communications processes the proposals received on the form provided for the purpose by the Order, on which the name, position, salary, municipality of residence, military rank, education, work and other service history data of the proposed persons, as well as the decoration proposed, are stated. 

Disclosure of personal data

The minister's proposal for the Ministry of Transport and Communications proposal for decorations and the approved decoration proposals are submitted to the respective Orders.

Period for which the personal data is stored

The decoration proposals in the administrative branch are stored at the Ministry for the duration of the processing of the award of decorations. Rejected proposals are destroyed as soon as there is no longer any operational need to retain them. We will retain the list for compiling proposals and preparing the minister’s proposal for 10 years. The minister's proposal for the Ministry of Transport and Communications proposal for decorations will be retained permanently.

Purpose and legal basis of processing of data

The Ministry of Transport and Communications awards discretionary government grants and government support. The processing of personal data is based on compliance with a legal obligation. 

Personal data to be processed

For this task, the Ministry processes personal data of persons who have submitted a government grant application and personal data of representatives of businesses and associations, typically their name, email address and telephone number.

Period for which the personal data is stored

Applications for discretionary government grants and government support will be stored permanently.

Contact person

Pasi Ovaska
PL 31, 00023 Valtioneuvosto
[email protected] 

Purposes for processing personal data 

Whistleblower protection allows people to safely report breaches. A report can be submitted using an internal or external whistleblowing channel. The internal whistleblowing channel of the Prime Minister's Office is only available to people employed by the Prime Minister’s Office. Others, such as retired public officials or people employed by partners, may submit a report regarding the activities of the Prime Minister’s Office that they have observed in their work and that fall within the scope of the Whistleblower Act to the central external whistleblowing channel of the Office of the Chancellor of Justice. 

Legal basis for the processing of personal data

Personal data is processed in connection with the tasks laid down in the Act on the Protection of Persons Reporting Infringements of European Union and National Law (1171/2022, the Whistleblower Act). Under section 30 of the Whistleblower Act, the controller may process data belonging to certain special categories of personal data and data related to criminal convictions and offences only if the processing is necessary for the purpose of the Act. 

Personal data is processed in accordance with Article 6, paragraph 1, point (c) of the General Data Protection Regulation (processing is necessary for compliance with a legal obligation to which the controller is subject). 

Personal data to be processed

The Ministry of Transport and Communications processes the name and contact details of the whistleblower, the time of submitting the report and the processing data of the report.  It will also process other personal data included in the report as well as personal data necessary to verify the accuracy of the report, such as the name and contact details of the persons mentioned in the report.
The personal data of the whistleblower, the reported person and other person mentioned in the report under the Whistleblower Act are always treated as non-disclosable in their entirety.

Regular sources of data

The personal data are mainly received from the report submitted in the reporting channel by the reporting person.  To verify the accuracy of the report, other personal data, such as documents related to the matter, may be collected for example from the reporting or the reported person. 

Recipients of personal data

In matters concerning whistleblower protection, personal data may only be processed by persons designated for the task in the ministry in question as referred to in the Whistleblower Act. Notwithstanding the non-disclosure obligation laid down in the Whistleblower Act, the persons responsible for processing the report may disclose the identity of the whistleblower and other persons mentioned in the report, as well as any other information directly or indirectly indicating the identity of the persons, to a person appointed to verify the accuracy of the report, if this disclosure is necessary to verify the accuracy of the report.

In addition, notwithstanding non-disclosure provisions, the person responsible for processing the report may provide information on the identity of the whistleblower, the reported person and other persons mentioned in the report, as well as other information directly or indirectly indicating their identity, if it is necessary to provide this information:

• to the competent authority for the purpose of verifying the accuracy of the report;
• to the criminal investigation authorities for the purpose of preventing, detecting, investigating and considering prosecution of criminal offences;
• to public prosecutors for the purpose of performing the official functions prescribed in section 9 of the Act on the National Prosecution Authority (32/2019);
• to the reported person for the purpose of establishing, presenting or defending a legal claim in a court hearing or in out-of-court judicial or administrative proceedings. 

Separate provisions on the right of a party to access non-disclosable information are laid down elsewhere in law. 

The reported person has the right to disclose the identity of the whistleblower and to obtain information on the identity of the whistleblower from the authorities if this is necessary for establishing, presenting or defending a legal claim in judicial proceedings.

The person responsible for processing the report shall inform the whistleblower in advance of the disclosure of their identity, unless such information would jeopardise the verification of the accuracy of the report or a criminal investigation or trial related to the matter. The competent authority shall also provide the whistleblower with a written explanation of the grounds for the disclosure of non-disclosable information.

Planned time limits for erasure of personal data

Documents submitted to and prepared by the ministry and the personal data contained therein shall be stored in accordance with the document storage periods specified in the information management plan. The provisions of section 29, subsection 2 of the Whistleblower Act have been taken into account when determining the storage periods.