1. Controller
Name: State Treasury
Address: Sörnäisten rantatie 13, P.O. Box 14, FI-00054 State Treasury
Other contact details: tel. +358 (0)295 50 2000, registry@statetreasury.fi
2. Contact person for filing system-related matters
Name: Services for Citizens / Päivi Kaukinen
Address: Services for citizens, P.O. Box 14, FI-00054 State Treasury
Other contact details: registry@statetreasury.fi
3. Contact information for the data protection officer
4. Purpose for processing of personal data
The processing is based on the Act on Compensation for Damage on State Official Journeys (530/2017).
The purpose is the processing of injury matters under the purview of the State Treasury that have occurred during official government journeys abroad.
The data in the register is used to issue decisions on the aforementioned matters, send letters of enquiry and pay compensations. They are used to harmonise the compensation policy and compensation practice. The register data is used to compile a variety of statistics. These statistics do not contain information that can be used to identify individual applicants.
5. Information content of the register
The information system is used to store the application number, application arrival date, coverage type (short official journey, long official journey, coverage of the invited person), type of the incident (luggage damage, illness during travel, accident during travel, health care), the applicant’s personal data (name, address, personal identity code, nationality, banking details), employing agency, start and end date of the journey, travel destination, information on compensation applied from other sources, date of the accident or date on which the cost was incurred as well as the circumstances of the accident (e.g. working hours/leisure), information on the damaged property, information on the expenses to be compensated, information on the disability category and compensation to be paid.
Printouts may specify the aforementioned information and the State Treasury decision, including justifications. The justifications may include information on the applicant’s health. The printouts do not list the applicant’s personal identity code.
The documents to be archived are the compensation application and its appendices, the documents ordered by the State Treasury (incl. medical certificates, medical records, accounts of compensations from other sources, accounts of the relevant expenses), essential information on the applicant’s contact with the Falck Global Assistance Oy travel assistance service, and any appeal documents.
6. Normal data sources
The State Treasury receives information from the applicants and Falck Global Assistance Oy, which handles the travel assistance service (stipulations on the State Treasury’s right to make agreements to arrange support and guidance services providing assistance abroad are laid down in Section 17 of the Act on Compensation for Damage on State Official Journeys).
The address details and personal identity code are confirmed from the Population Information System (Population Information Act 661/2009, Section 29).
If necessary, the employer agency is contacted to verify that the person in question is covered by the central government’s travel protection scheme.
Before the beginning of the travel, the authority in question must report to the State Treasury any civil servant beginning an official journey exceeding three months, including any family members who will travel with them as well as invited persons referred to in Section 18 of the Act on Compensation for Damage on State Official Journeys.
Pursuant to Section 20 of the Act on Compensation for Damage on State Official Journeys, the State Treasury has, any confidentiality statutes and regulations notwithstanding, the right to request and receive from health care authorities the information necessary to resolve compensation matters. The information can also be retrieved via an access interface without the consent of the party who the imposed obligation to secrecy is intended to protect.
7. Regular disclosures of data
Data contained by the register is disclosed to interested parties.
The provider of the travel assistance service is informed whether or not the party in question is covered by the travel protection scheme. Falck Global Assistance Oy and the State Treasury have signed a service agreement and separate security agreement. Requirements regarding data security are appended to the service agreement and security agreement.
Information required to identify the person in question (name and personal identity code) are handed over to health care authorities and facilities to obtain the information needed to resolve the compensation matter.
Information on any paid funeral allowance and death benefits is disclosed to the tax authority. The disclosure is based on Section 15 of the Act on Assessment Procedure (1558/1995).
Significant compensation sums paid to minors are reported to the local register office.
8. Regular disclosures of personal data or transfer of data outside the EU or the EEA
The details necessary for the handling of the accident proceedings (information on coverage, payment commitments to health care facilities) are also provided to parties outside the EU or EEC.
More information on the privacy policy of Falck Global Assistance Oy, which provides the travel assistance service, can be found at: https://www.falck.fi/tietosuoja
9. Principles for filing system protection
The register contains confidential materials. The information must be kept secret pursuant to Section 24(1)(23) and (25) of the Act on the Openness of Government Activities (621/1999).
Only individuals authorised by the controller, who are under obligation of secrecy, have access to the data processed within the information system. Access rights are kept up-to-date by regular inspection, and unnecessary access rights are removed. The information network and terminals containing the register are protected using technical measures. The application servers are located in the operating service provider’s protected facilities. The actions of the data system users and the authorisation of data access are monitored by means of collecting log data.
Manual data content received or printed out for the register is stored in a locked room which is only accessible by individuals who have been authorised by the controller and are bound by an obligation of secrecy. Unnecessary manual materials are destroyed in a data secure manner.
10. Data storage period / criteria for determining storage period
The stipulations of the Archives Act 831/1994 are observed with regard to the storage of documents.
If the archives service has not specified the documents for permanent storage, the following storage periods will be observed:
- 100 years for documents regarding personal injury
- 10 years for documents regarding property damage
- at least 50 years for documents related to appeals, with the exception of personal injury, in which case they are kept for 100 years
The storage period for documents regarding compensation is calculated from the date on which the proceedings were initiated.
Data storage periods are governed by what is stated on document storage in the Workers’ Compensation Act (459/2015) and Motor Liability Insurance Act (460/2016).
11. Information about automatic decision-making (e.g. profiling) and information about the logic of data processing and its impacts on the data subject
The processing of the data does not entail automated decision-making.
12. Right of access
The data subject has the right to access their data in the register. Requests should be sent to the registry office.
In the event that the data subject has exercised their right of access less than one year ago, the State Treasury may collect a fee based on the administrative costs caused by the provision of the data.
13. Rectification of data
Data subjects are entitled to request corrections to any incorrect information the register may contain on them. Requests should be sent to the registry office.
14. The right to object to processing of personal data
The State Treasury processes personal data in order to carry out its statutory duties, and the data subject does not have the right to object to the processing of their personal data.
15. Right to restriction of processing
The data subject has the right to restrict the processing of their personal data as specified in Article 18 of the GDPR.
16. Right to erasure
The State Treasury processes personal data in order to carry out its statutory duties, and the data subject does not have the right to have their personal data removed.
17. Right to lodge a complaint
The data subject has the right to lodge a complaint with a supervisory authority if the data subject believes that their rights have been infringed by the actions of the controller.
18. Other rights
Personal data is neither used nor disclosed for the purpose of direct advertising, distance marketing or other direct marketing, market and opinion research, registers of individuals, or genealogies.
19. Use of cookies
The data system does not use cookies.
