Data protection
On this website, we explain how we process personal data, how you can exercise your data protection rights, what personal data we collect, and what the processing of personal data is based on.
Processing of personal data by the Ministry of Finance
The Ministry of Finance processes personal data in order to comply with legal obligations, to perform a task carried out in the public interest, or to exercise official authority. In certain cases, the processing of personal data is based on consent.
As a rule, personal data are needed in the provision and use of services and for law drafting purposes. We do not process personal data for any purposes other than those indicated.
Personal data are processed by the persons who maintain data repositories at the Ministry of Finance and, in the case of the Government’s joint information systems, by persons in the Prime Minister’s Office. The Ministry of Finance has also agreed on the processing of personal data with partners providing data repository platforms in accordance with the requirements of the General Data Protection Regulation.
Your data protection-related rights
You have the right to know if we are processing personal data concerning you. If we process your personal data, you have the right to know what data we store about you.
You can obtain your personal data stored in the services by submitting a request for information to the Registry of the Ministry of Finance.
If you notice shortcomings or errors in your data, you may request that they be corrected. In your request for correction, please specify the error and let us know how we should change the data. If you have indicated that your data are incorrect, you have the right to request that their processing be restricted until the accuracy of the data is verified.
You have the right to request the erasure of your data, i.e., the right to object to the processing of your data if the processing of your personal data is not based on compliance with a legal obligation to which the Ministry of Finance is subject. You can submit a request for erasure when, for example, you have subscribed to the Ministry’s press releases and news.
At the Ministry of Finance, we do not make decisions based on automated decision-making. Neither do we create profiles on the basis of the personal data we process.
The Data Protection Ombudsman monitors compliance with the data protection legislation in Finland. Further information about your right to data protection is available on the website of the Data Protection Ombudsman.
Controller
Ministry of Finance
PO Box 28
FI-00023 Government, Finland
Registry: registry.vm(at)gov.fi
The Ministry of Finance and the Prime Minister’s Office are joint controllers when they process personal data in the Government’s shared information systems.
Data protection officer’s contact details
If you need more information concerning the processing of your personal data at the Ministry of Finance, please contact the Ministry’s Data Protection Officer: tietosuojavastaava.vm(at)gov.fi.
Personal data stored
Purpose and legal basis of processing
The Ministry of Finance provides the opportunity to subscribe to newsletters and other material on current issues containing information on ongoing projects and matters of current interest at the ministry.
The Ministry of Finance processes personal data on the basis of the consent given to it and, in certain cases, also for the performance of a task carried out in the public interest. (EU General Data Protection Regulation, Article 6(1)(a) and (e)).
Personal data to be processed
The personal data to be processed include the subscriber’s e-mail address and the language choice of the press release and, in certain cases, also the name of the subscriber.
Transfer and disclosure of data
The processor of personal data on behalf of the Ministry of Finance is Creamailer. No data are transferred outside the EU/EEA.
Data storage period
We store personal data for as long as is necessary for sending the subscribed newsletters and other releases, i.e., until the newsletter or release is terminated, or the subscription is cancelled. You can unsubscribe at any time according to the instructions in the newsletter or release. The e-mail address used, and any other personal data related to it, will also be deleted in this connection.
Purpose and legal basis for processing of data
You can subscribe to newsletters containing information on the work, current affairs and upcoming stakeholder events of the Coordination Group for Digitalisation.
The Coordination Group for Digitalisation processes personal data on the basis of the consent given to it and, in certain cases, also for the performance of a task carried out in the public interest. (EU General Data Protection Regulation, Article 6(1)(a) and (e)).
Personal data to be processed
The personal data to be processed is the subscriber’s email address.
Joint controllers
The Ministry of Transport and Communications, the Ministry of Education and Culture and the Ministry of Economic Affairs and Employment are joint controllers with the Ministry of Finance. The Ministry of Finance and these joint controllers use the contact information on the mailing list.
Transfer and disclosure of data
No data is transferred outside the EU/EEA.
Data storage period
We store personal data for as long as is necessary for sending the Coordination Group for Digitalisation's press releases and stakeholder invitations, i.e. until the Coordination Group for Digitalisation ceases its activities or the subscription is cancelled. You can cancel your subscription at any time by sending a cancellation request by email to digitoimisto(at)gov.fi. The e-mail address you used and any other personal data related to it will be deleted in this connection.
The visitor tracking on the Ministry of Finance’s websites does not collect any such data that would make it possible to identify individual visitors. General statistical information on the use of the site is collected for the purpose of improving the online services.
View the vm.fi website cookie policy.
Purpose and legal basis of processing
The Ministry of Finance arranges various stakeholder and other events, such as meetings, workshops, seminars and training events. Participation in such events usually requires pre-registration, in connection of which the necessary personal data are gathered from those who have registered for the event. The data are used to arrange events and ensure their safety. Contact information can also be used to send instructions for participation and to collect feedback after the event. Personal data are only requested for a well-founded reason and only to the extent necessary for the purpose.
In matters related to the security of events, the Ministry of Finance processes personal data in order to comply with a legal obligation to which it is subject (Article 6(1)(c) of the EU General Data Protection Regulation and section 8 of the Occupational Safety and Health Act (738/2002)). In other respects, the Ministry of Finance processes personal data for the performance of a task carried out in the public interest (Article 6(1)(e) of the EU General Data Protection Regulation).
Personal data to be processed
The extent of the personal data processed varies depending on the nature of the events concerned, but they typically include at least the participant’s name, e-mail address and organisation. On a case-by-case basis, other personal data necessary for arranging the event may also be processed, such as a (work) phone number, job title/position, information on a special diet, or consent to the sharing of participant information for networking purposes.
Some of the functions and events may be recorded. Participants will always be informed in advance of any recording or filming.
As a rule, the data are collected from the persons themselves in connection with the registration. However, data may also be collected from public sources or directly from stakeholders.
Transfer and disclosure of data
The data will not be disclosed to third parties, except where this is necessary according to the orders given by those responsible for the security of the venue, and they will not be transferred outside the EU/EEA.
Data storage period
The data will be stored for the duration of arranging the event and the necessary follow-up actions, after which they will be deleted. Data on one-off events are usually stored for a maximum of six months after the event. However, the lists of participants of regularly recurring events and the contact details of the participants may be stored for a longer period of time for the purpose of arranging subsequent events related to the same topic that are already known in advance.
Purpose and legal basis of processing
The Ministry of Finance may set up working groups for the preparation of various topical matters and legislation, to which representatives of other authorities, interest groups or other stakeholders significant in view of the nature of the matter may also be invited. For the purpose of setting up working groups and organising their practical work, the Ministry of Finance needs the personal data of the persons proposed and appointed to the working groups.
Depending on the case, the Ministry of Finance processes personal data either in order to comply with a legal obligation to which it is subject or for the performance of a task carried out in the public interest and in the exercise of official authority (Article 6(1)(c) and (e) of the EU General Data Protection Regulation). The duties of the Ministry of Finance are laid down in the Government Decree on the Ministry of Finance (610/2003) and the Decree of the Ministry of Finance on the Rules of Procedure of the Ministry of Finance (966/2005).
Personal data to be processed
The extent of the personal data processed may vary depending on the nature of the working group, but they typically include the person’s name, job title/position, organisation, and e-mail address. However, on a case-by-case basis, other personal data necessary for organising working group work, such as a (work) telephone number, may also be processed.
Transfer and disclosure of data
Decisions on appointing a working group are disclosed to those requesting them in accordance with the Act on the Openness of Government Activities (621/1999). The data and documents are public unless special provisions on their secrecy have been laid down by law. Personal data will not be transferred outside the EU/EEA.
Data storage period
The decisions on appointing working groups are stored permanently.
Purpose and legal basis of processing
The stakeholders of the Ministry of Finance include, for example, representatives of the media, representatives of various organisations, liaison officers of its own administrative branch and other ministries, and other authorities. In order to enable stakeholder cooperation, the Ministry of Finance maintains contact and address information of stakeholders and their individual members.
The Ministry of Finance processes personal data in order to comply with a legal obligation to which it is subject (Article 6(1)(c) of the EU General Data Protection Regulation and section 20 of the Act on the Openness of Government Activities (621/1999)).
Personal data to be processed
The extent of the personal data processed in stakeholder registers varies somewhat from case to case, but they typically include the person’s name, job title/position, place of work/employer or organisation, e-mail address and (work) telephone number. In certain cases, other data necessary for communication purposes, such as the address or location information of a stakeholder (e.g., city), may also be processed. The personal data processed are either collected from publicly available sources, such as the stakeholders’ websites, or requested from the stakeholders themselves.
Transfer and disclosure of data
The data will not be disclosed to third parties, nor will they be transferred outside the EU/EEA.
Data storage period
The data in stakeholder registers will be stored for as long as is necessary for maintaining contact with stakeholders. The data are maintained from publicly available sources, such as the stakeholders’ websites, and based on the information and notifications received from the stakeholders themselves.
Purpose and legal basis of processing
The Ministry of Finance receives letters, feedback, questions and information requests sent to the Minister and the Ministry of Finance by private individuals, stakeholder representatives and journalists. Citizens’ letters and other inquiries containing contact information are registered in the case management system, where they are assigned a case number to indicate their processing status. Short questions or feedback can also be processed outside of the case management system.
The Ministry of Finance processes personal data in order to comply with a legal obligation to which it is subject, for the performance of a task carried out in the public interest, and in the exercise of official authority (Article 6(1)(c) and (e) of the EU General Data Protection Regulation). The duties of the ministry are laid down in the Government Decree on the Ministry of Finance (610/2003) and the Decree of the Ministry of Finance on the Rules of Procedure of the Ministry of Finance (966/2005).
Provisions on tasks related to the processing of personal data are laid down in, for example:
- the Act on Information Management in Public Administration (906/2019)
- the Administrative Procedure Act (434/2003)
- the Act on the Openness of Government Activities (621/1999).
Personal data to be processed
The personal data to be processed are identification data or contact information submitted to the Ministry of Finance by the sender of a citizen’s letter, a person giving feedback, or a person asking a question or submitting a request for information, which varies from case to case. The personal data to be processed may include name, address, date of birth, (work) telephone number, (work) e-mail address, organisation and job title, or position in the organisation. Other identification data or contact information submitted to the Ministry of Finance by the person concerned that is necessary for the processing of the matter may also be processed on a case-by-case basis.
Transfer and disclosure of data
Documents containing personal data are not disclosed to other authorities. However, if an authority has been erroneously submitted a document beyond its competence, the authority shall transfer the document without delay to the authority it considers to be competent to consider the matter. The sender of the document shall be notified of the transfer.
Data will not be disclosed or transferred outside Finland.
Data storage period
Citizens’ letters and responses given to them are stored permanently. Citizens’ letters that do not lead to any measures being taken are retained for two years and, conversely, those addressed to the Minister for two years after the end of the government term. Information and document requests are retained for ten years.
Purpose and legal basis of processing
The recording of technical data on incoming calls is carried out in order to comply with the legal obligations of the Ministry of Finance, i.e., to transmit calls and maintain liaisons (Article 6(1)(c) of the EU General Data Protection Regulation).
Personal data to be processed
Incoming calls to the Ministry of Finance are not recorded.
For incoming calls to the Ministry of Finance, the caller’s number, call time and duration of the call will be recorded. For incoming calls received through the Government’s telephone switchboard, the number to which the call is forwarded will also be recorded.
Data on incoming calls to the Ministry of Finance can also be stored in the Ministry of Finance’s case management system. This will typically be separately agreed upon with the caller. The personal data collected includes the caller’s name, telephone number and time of contact and, where necessary, any other information necessary for investigating the matter.
Transfer and disclosure of data
The telephone connections of the Ministry of Finance are provided by the Government ICT Centre Valtori and Elisa Corporation. The Ministry of Finance processes the personal data of the call participants in Elisa Corporation’s system.
No data are transferred outside the EU/EEA.
The telephony system has a statistics feature by means of which only data on the number of calls is collected. Personal data are kept separate from this data.
Data storage period
The Ministry of Finance only processes the data on incoming calls for the time that is necessary for investigating the matter. The retention periods of data stored in the Ministry’s case management system are determined in accordance with the Government’s data control plan and the Archives Act (831/1994).
Purpose and legal basis of processing
Information about job vacancies in the Ministry of Finance is published in the Valtiolle.fi service (state recruitment portal), which is also the main channel for submitting applications. Applications can also be submitted by e-mail or in paper form to the Registry of the Ministry of Finance. In the applications, information relevant to the selection process will be collected, which the applicants themselves provide to the Ministry when submitting the application.
The Ministry of Finance processes personal data in order to comply with a legal obligation to which it is subject and based on the express consent given by the applicant (Article 6(1)(c) and (a) of the EU General Data Protection Regulation). The processing of personal data in connection with recruitments is necessary for the purposes of application processing, suitability assessment, and maintaining liaisons related to the employee selection.
The Ministry of Finance and the Government Shared Services Centre for Finance and HR (Palkeet) serve as joint controllers of personal data in the Valtiolle.fi information system. Palkeet is responsible for the technical operation of the information system as well as for the integrity, protection and storage of data. The Ministry of Finance is responsible for the other duties vested with the controller and serves as the data subject’s contact point when the data subject wishes to exercise their rights.
Provisions on tasks related to the processing of personal data are laid down in, for example:
- the State Civil Servants Act (750/1994) and Decree (971/1994)
- the Personal Data Files in the Administration Act (1010/1989) and Decree (1322/1989)
- the Act on the Protection of Privacy in Working Life (759/2004)
- the Act on the Knowledge of Languages Required of Personnel in Public Bodies (424/2003)
- the Security Clearance Act (726/2014)
- the Act on the Government’s Shared Services Centre for Finance and HR (179/2019).
Personal data to be processed
The personal data of job applicants processed in connection with recruitment include:
- the applicant’s identification data (name, address, telephone number, date of birth, gender, other identification data provided by the applicant)
- personal information provided by the applicant in their application (information on education and work experience, language skills, photograph and other necessary information related to the job search and filling of the post, such as an extract from staff records, CV, school and study certificates)
- the names of potential references and their contact details.
If suitability assessment is used in the search, we also process information concerning the person’s suitability for the position: strengths, areas of development, capabilities, motivation, career ambitions and recommendations for the position being applied for. At the end of the application process, we compile an appointment memo in which we compare the applicants’ merits in accordance with the legislation on public officials in central government and the instructions and recommendations issued by the Office for the Government as Employer.
With the applicant’s consent, a personal security clearance may be carried out regarding the person to be selected for the post. More information on the security clearance procedure and the rights of the subject of the clearance can be found on the Finnish Security and Intelligence Service website.
Transfer and disclosure of data
Data on the applicants are disclosed to those requesting them in accordance with the Act on the Openness of Government Activities (621/1999). The data and documents are public unless special provisions on their secrecy have been laid down by law.
In carrying out the suitability assessments, the Ministry of Finance uses a service provider with whom the processing of personal data has been agreed upon in accordance with the General Data Protection Regulation.
In connection with societally significant recruitments, we will disclose inform about the applicants publicly on the website of the Ministry of Finance. Personal data will not be transferred outside the EU/EEA.
Data storage period
After the closing of the recruitment process, the recruitment documents will remain in the Valtiolle.fi system for three (3) months, after which they will be permanently deleted. In other regards, the retention periods of data related to the recruitment process of the Ministry of Finance are determined in accordance with the Government’s data control plan and the Archives Act (831/1994). The application documents of an appointed public official are retained for 50 years. The other applicants’ application documents are retained for two years. By way of derogation from the above, documents related to public posts or public-service employment relationships within the appointment authority of the Government or the President of the Republic are stored permanently.
The data related to suitability assessment are stored for the duration of the appointment process and will be destroyed immediately upon termination of such purpose of use.
Purpose and legal basis of processing
The Ministry of Finance receives taxation datasets from the Finnish Tax Administration. We use this data in support of the drafting of tax legislation and preparation of the Budget.
The Ministry of Finance process personal data in order to comply with a legal obligation to which we are subject (Article 6(1)(c) of the EU General Data Protection Regulation). The data are only processed by the persons specifically assigned to do so, and they are appropriately protected. Provisions on the right of the Ministry of Finance to obtain information from the Finnish Tax Administration are laid down in section 16 of the Act on the public disclosure and confidentiality of tax information (1346/1999).
Personal data to be processed
The income taxation datasets contain data on the annual amounts of earned and capital income received by persons and the taxes levied based on them. The inheritance and gift taxation datasets contain data on the inheritances and gifts received by persons and the amounts of inheritance and gift taxes levied based on them. The real estate taxation datasets contain information on the properties of real estate that affect the amount of real estate tax and on the amounts of real estate tax levied on the annual level. We process taxation datasets without the taxpayers’ direct identification data, i.e., the taxpayer’s name, personal identity code or address.
Transfer and disclosure of data
The data are only used by the Ministry of Finance and is not disclosed to other authorities or transferred outside Finland.
Data storage period
The information contained in the tax datasets is stored permanently at the Ministry of Finance.
Hilma is the official public procurement notification channel. In the service, contracting entities may announce their public contracts and receive tenders. The Ministry of Finance serves as Hilma’s controller. Hansel Oy is responsible for the technical implementation of the service and any necessary maintenance and development measures of a technical nature.
Purpose and legal basis of processing
The insignia of merit for public service are awarded in recognition of long-term service in a government office. They are awarded by the President of the Republic. The Ministry of Finance coordinates the application process for the insignia of merit for public service of government agencies and institutions, submits applications to the Committee on Insignia of Merit for Public Service, and presents the applications to the President of the Republic.
We use the stored personal data and employment relationship data when we check that the conditions for awarding the insignia of merit for public service are met.
The Ministry of Finance processes personal data in order to comply with a legal obligation to which it is subject (Article 6(1)(c) of the EU General Data Protection Regulation). The processing of personal data is based on the Act on Public Expressions of Recognition (1215/1999) and the Decree on Central Government Medals of Merit for Public Officials (166/1961). The applicant for the insignia of merit for public service must ensure the consent of the person to whom the insignia is proposed to be awarded before submitting the application.
Personal data to be processed
The Central Government Register of Insignia of Merit for Public Service contains annual lists of insignia recipients proposed to the Committee on Insignia of Merit for Public Service, as well as lists of approved and rejected insignia recipients. The data needed for conferring the insignia of merit for public service are retrieved from the registers concerning central government employees and from the staff records. The personal data processed in this connection include the name, personal identity code, career history and suspensions from duty of, as well as data on any penalties imposed on, the person concerned. In connection with the process, extracts from staff records will be processed that may also contain other information.
Transfer and disclosure of data
The applications for insignia of merit for public service and the lists of proposed recipients are archived in the National Archives.
No data are transferred outside Finland.
Data storage period
The data retention periods are determined in accordance with the Government’s data control plan and the Archives Act (831/1994).
Purpose and legal basis of processing
Annually, the Ministry of Finance gathers proposals for decoration conferrals in its administrative branch and submits them to the Orders. The Ministry of Finance processes personal data in order to comply with a legal obligation to which it is subject (Article 6(1)(c) of the EU General Data Protection Regulation). The processing of personal data is based on the Act on Public Expressions of Recognition (1215/1999), the statutes of the Order of the White Rose of Finland, the Decree on the establishment of the Order of the Lion of Finland (747/1942), and regulations of the Orders concerning decoration conferral.
Personal data to be processed
The Ministry of Finance processes the proposals received on the form provided for the purpose by the Order, on which the name, position, home municipality, military rank, education, work and other service history data of the proposed persons, as well as the decoration proposed, are stated.
Transfer and disclosure of data
The ministers’ proposal for the Ministry of Finance’s proposal for decorations and the approved decoration proposals are submitted to the respective Orders after the processing of the decoration has been completed.
No data are transferred outside Finland.
Data storage period
The decoration proposals in the administrative branch are stored at the Ministry for the duration of the processing of the award of decorations. Rejected proposals are destroyed as soon as there is no longer any operational need to retain them. We will retain the list for compiling proposals and preparing the minister’s proposal for 10 years. The ministers’ motion for the Ministry of Finance’s proposal for decorations is stored permanently.
Purpose and legal basis of processing
The Ministry of Finance prepares the central government’s personnel accounts and personnel report, prepares personnel statistics, salary comparisons and analyses of senior management, and monitors competing interests. We process the data on central government personnel in order to carry out the central government development task and the central government human resources management task, as well as to duly fulfil the central government’s employer obligations. The data are needed for planning, decision-making and reporting on the state’s human resources, as well as for contract-related and negotiation activities.
The Ministry of Finance processes personal data in order to comply with a legal obligation to which it is subject (Article 6(1)(c) of the EU General Data Protection Regulation). The processing of personal data is based on the Administrative Procedure Act (434/2003), the Act on Public Officials in Central Government (750/1994) and the Decree of the Ministry of Finance on the Rules of Procedure of the Ministry of Finance (966/2005).
Personal data to be processed
The Ministry of Finance processes data on the service relationships of central government personnel and data describing the posts of senior public officials.
Transfer and disclosure of data
The data are disclosed to the Statistics Finland for the compilation of statistics. On the basis of the EU membership agreements, central government payroll statistics are handed over to Eurostat for the purpose of adjusting the salaries and pensions of EU public officials.
No data are transferred outside the EU/EEA.
Data storage period
The data are stored in accordance with the Ministry of Finance’s data control plan. Some of the data are stored permanently.
Whistleblower protection allows people to safely report breaches. A report can be submit-ted using an internal or external whistleblowing channel. The internal whistleblowing channel of the Ministry of Finance is only available to people employed by the Ministry of Finance. Others, such as retired public officials or people employed by partners, may submit a report regarding the activities of the Ministry of Finance that they have observed in their work and that fall within the scope of the Whistleblower Act to the central external whistleblowing channel of the Office of the Chancellor of Justice.
Purpose of and grounds for the processing of personal data
Personal data is processed in connection with the tasks laid down in the Act on the Pro-tection of Persons Reporting Infringements of European Union and National Law (1171/2022, the Whistleblower Act). Under section 30 of the Whistleblower Act, the con-troller may process data belonging to certain special categories of personal data and data related to criminal convictions and offences only if the processing is necessary for the purpose of the Act.
Personal data is processed in accordance with Article 6, paragraph 1, point (c) of the General Data Protection Regulation (processing is necessary for compliance with a legal obligation to which the controller is subject).
Processed data
Reports processed in matters concerning whistleblower protection may contain any per-sonal data that the whistleblower has appended to the report.
In matters concerning whistleblower protection, the personal data of the whistleblower is not stored in the contact information for the matter or document as the initiator of the mat-ter, nor is the personal data of the reported person stored in the contact information for the matter or document. However, the personal data of the whistleblower and the reported person are processed in the documents concerning the report, such as the report itself.
The personal data of the whistleblower and the reported person under the Whistleblower Act are always treated as non-disclosable in their entirety.
Situations in which information on the identity of the whistleblower can be disclosed to another authority or to the reported person
Notwithstanding the non-disclosure obligation laid down in the Whistleblower Act, the person responsible for processing the report may disclose the identity of the whistleblow-er and other persons mentioned in the report, as well as any other information directly or indirectly indicating the identity of the persons, to a person appointed to verify the accura-cy of the report, if this disclosure is necessary to verify the accuracy of the report.
In addition, notwithstanding non-disclosure provisions, the person responsible for pro-cessing the report may provide information on the identity of the whistleblower, the re-ported person and other persons mentioned in the report, as well as other information di-rectly or indirectly indicating their identity, if it is necessary to provide this information:
- to the competent authority for the purpose of verifying the accuracy of the report;
- to the criminal investigation authorities for the purpose of preventing, detecting, in-vestigating and considering prosecution of criminal offences;
- to public prosecutors for the purpose of performing the official functions prescribed in section 9 of the Act on the National Prosecution Authority (32/2019);
- to the reported person for the purpose of establishing, presenting or defending a legal claim in a court hearing or in out-of-court judicial or administrative proceed-ings.
Separate provisions on the right of a party to access non-disclosable information are laid down elsewhere in law.
The reported person has the right to disclose the identity of the whistleblower and to ob-tain information on the identity of the whistleblower from the authorities if this is neces-sary for establishing, presenting or defending a legal claim in judicial proceedings.
The person responsible for processing the report shall inform the whistleblower in ad-vance of the disclosure of their identity, unless such information would jeopardise the verification of the accuracy of the report or a criminal investigation or trial related to the matter. The competent authority shall also provide the whistleblower with a written expla-nation of the grounds for the disclosure of non-disclosable information.
Processing of data is limited within the organisation and time-limited
In matters concerning whistleblower protection, personal data may only be processed by persons designated for the task in the ministry in question as referred to in the Whistle-blower Act.
Documents submitted to and prepared by the ministry and the personal data contained therein shall be stored in accordance with the document storage periods specified in the information management plan. The provisions of section 29, subsection 2 of the Whistle-blower Act have been taken into account when determining the storage periods.
Data stored in the case management system shall not be transferred to third countries or international organisations.
Rights of data subjects
The right of a data subject to restrict the processing of their data does not apply to matters of whistleblower protection, and the right of a data subject to access their data may be re-stricted if this is necessary and proportionate with respect to ensuring the accuracy of the report or in order to protect the identity of the whistleblower. If only a part of the data on a data subject is such that it falls within the restriction on the right of access, the data sub-ject shall have the right to access the remainder of the data. The data subject has the right to be informed of the reasons for the restriction and to request that this information be provided to the Data Protection Ombudsman in accordance with section 34, subsections 3 and 4 of the Data Protection Act (1050/2018).
Any requests for information concerning personal data, requests to rectify or supplement personal data and requests to restrict the processing of personal data shall be addressed to the controller.