1. Controller
Name: State Treasury
Address: Sörnäisten rantatie 13, P.O. Box 14, FI-00054 State Treasury
Other contact details: tel. +358 (0)295 50 2000, registry@statetreasury.fi
2. Contact person for filing system-related matters
Name: KP / Crime damages and other types of compensation / Marjo Salminen
Address: Services for citizens, P.O. Box 14, FI-00054 State Treasury
Other contact details: registry@statetreasury.fi
3. Data protection officer
4. Purpose of processing personal data
The processing is based on the Act on Compensation for Crime Damage (935/1973 and 1204/2005).
The purpose of the processing is to resolve claims for compensation based on the Act on Compensation for Crime Damage.
The data in the register is used to issue decisions on the aforementioned matters, send letters of enquiry, pay compensations and agent fees, and forward decisions to the Legal Register Centre for collection measures. The register data is used to compile a variety of statistics. These statistics do not contain information that can be used to identify individual applicants.
5. Information content of the register
The information system is used to store the application number, arrival date of the application, category of offence, time and place of the offence, court, time and place of reporting the offence, court decision, pretrial investigation decision, prosecutor’s resolution, details of the compensation applicant (name, personal identity code/business ID, nationality, language, date of death, address and banking details). If necessary, the stored information will also include the person’s tax rate and income limits as well as information on compensations from other sources (information on sickness allowance, pensions, pay remitted by the employer, annual amount of continuous compensations and possible period-specific deductions).
Information on the party who caused the damage (name, personal identity code, address) are stored to secure the State’s right of recourse. If necessary, an account of the institutional care of the offending party is prepared and stored (Act on Compensation for Crime Damage, Section 13).
The printouts specify the aforementioned information as well as the State Treasury’s decision and justifications. The justifications may include information on the applicant’s health, financial status and/or property damage caused.
The documents to be archived are the compensation application and appendices (ruling, non-prosecution decision, pretrial investigation record, medical certificates, medical records, accounts of compensations from other sources, accounts of expenses, accounts of lost income, account of the helplessness and financial circumstances of the injured party, account of any legal assistance provided or public legal aid assigned, estate inventory deed, power of attorney) and appeal documents.
6. Normal data sources
Applications are delivered to the State Treasury by the applicants or their agents, or the Social Insurance Institution.
The personal data is obtained from the applicant or their agent. If necessary, the address details and personal identity code are confirmed from the Population Information System (Population Information Act 661/2009, Section 29). Changes to the personal data of recipients of continuous compensation are received from the Population Register Centre, and they are registered once a week. The Population Register Centre reports changes to personal data (name, personal identity code, address, marital status, date of death, marriage information, spouse’s personal identity code, child’s birth, spouse’s death and spouse’s personal identity code).
By virtue of Section 47 of the Act and to the extent necessary for resolving the compensation matter, the State Treasury is entitled to receive from the court the documents that are in its possession and have been originally provided by the following parties: the police, corrections authorities, prison authorities, social welfare and health care authorities, detention units referred to in the Act on the Treatment of and Detention Facilities for Detained Foreigners (116/2002), Central Pension Security Institution, pension and insurance institutions, the applicant’s employer, unemployment fund or other provider of a benefit.
The withholding tax information of compensation recipients is received from the tax authority.
7. Regular disclosures of data
Data contained by the register is disclosed to interested parties.
The Population Register Centre is notified of new persons (personal identity code) who are receiving continuous compensation once a month.
The tax authority is informed of the previous month’s withholding information each month and the previous year’s withholding information each January, itemised by person and accrual type. The tax authority is annually notified of the compensation amounts to be provided to recipients of continuous compensations in the coming year, in order to ensure the conveyance of updated withholding tax information. The information is disclosed to the tax authority based on the Act on Assessment Procedure (1558/1995).
The Social Insurance Institution is notified of the recipients of continuous compensation and the amount of the compensation.
The local register office is notified of significant compensation amounts paid to minors.
The Legal Register Centre is provided with copies of the State Treasury’s decisions as well as other necessary documents for the performance of the collection measures by virtue of Section 47(a) of the Act on Compensation for Crime Damage.
An application resulting from an offence in another EU Member State, including its appendices, can be referred to a competent authority of the Member State in question (Sections 33–34 of the Act on Compensation for Crime Damage, Government Decree 1207/2005).
8. Regular disclosures of personal data or transfer of data outside the EU or the EEA
Data is not disclosed or transferred to recipients outside the EU or EEA.
9. Principles for filing system protection
The register contains confidential materials.
Only individuals authorised by the controller, who are under obligation of secrecy, have access to the data processed within the information system. Access rights are kept up-to-date by regular inspection, and unnecessary access rights are removed. The information network and terminals containing the register are protected using technical measures. The application servers are located in the operating service provider’s protected facilities. The actions of the data system users and the authorisation of data access are monitored by means of collecting log data.
Manual data content received or printed out for the register is stored in a locked room which is only accessible by individuals who have been authorised by the controller and are bound by an obligation of secrecy. Unnecessary manual materials are destroyed in a data secure manner.
10. Data storage period / criteria for determining storage period
The stipulations of the Archives Act 831/1994 are observed with regard to the storage of documents.
If the archives service has not specified the documents for permanent storage, the following storage periods will be observed:
- 100 years for documents regarding personal injury and suffering
- 10 years for documents regarding property damage
- at least 50 years for documents related to appeals, with the exception of personal injury, in which case they are kept for 100 years
The storage period for documents regarding compensation is calculated from the date on which the proceedings were initiated.
Data storage periods are governed by what is stated on document storage in the Workers’ Compensation Act (459/2015) and Motor Liability Insurance Act (460/2016).
11. Information about automatic decision-making (e.g. profiling) and information about the logic of data processing and its impacts on the data subject
The processing of the data does not entail automated decision-making.
12. Right of access
The data subject has the right to access their data in the register. Requests should be sent to the registry office.
In the event that the data subject has exercised their right of access less than one year ago, the State Treasury may collect a fee based on the administrative costs caused by the provision of the data.
13. Rectification of data
Data subjects are entitled to request corrections to any incorrect information the register may contain on them. Requests should be sent to the registry office.
14. The right to object to processing of personal data
The State Treasury processes personal data in order to carry out its statutory duties, and the data subject does not have the right to object to the processing of their personal data.
15. Right to restriction of processing
The data subject has the right to restrict the processing of their personal data as specified in Article 18 of the GDPR.
16. Right to erasure
The State Treasury processes personal data in order to carry out its statutory duties, and the data subject does not have the right to have their personal data removed.
17. Right to lodge a complaint
The data subject has the right to lodge a complaint with a supervisory authority if the data subject believes that their rights have been infringed by the actions of the controller.
18. Other rights
Personal data is neither used nor disclosed for the purpose of direct advertising, distance marketing or other direct marketing, market and opinion research, registers of individuals, or genealogies.
19. Use of cookies
The data system does not use cookies.