1. Controller
Name: State Treasury
Address: Sörnäisten rantatie 13, P.O. Box 14, FI-00054 State Treasury
Other contact details: tel. +358 (0)295 50 2000, registry@statetreasury.fi
2. Contact person for filing system-related matters
Name: Services for citizens / Crime damages and other types of compensation / Anne Matilainen
Address: Services for citizens, P.O. Box 14, FI-00054 State Treasury
Other contact details: registry@statetreasury.fi
3. Data protection officer
4. Purpose for processing of personal data
The processing is based on the Game Animal Damages Act (105/2009) and the Government Decree on Compensation for Damages Caused by Predatory Animals (277/2000).
The purpose of the processing is to resolve claims for compensation based on the aforementioned statutes.
Compensation of damage caused to vehicles has been discontinued since the entry into force of the Game Animal Damages Act on 1 December 2009, which means that vehicle information has not been collected thereafter.
The data in the register is used to issue decisions on the aforementioned matters, send letters of enquiry and pay compensations. Various statistics are also compiled based on the register data.
5. Information content of the register
Accident and application information: application number, time and place of the incident, type of damage (personal or vehicular), type of predatory animal, nature of damage (injury or illness), name of primary compensating party, compensation solution, date of death, start date of pension phase, number of beneficiaries, vehicle’s registration number and ownership information.
Information of the injured party and beneficiary: name, personal identity code or business ID, nationality, language, date of death, address and bank account number.
If the person receives compensation for the loss of earnings or maintenance income, the person’s tax rate and applicable income limits will also be stored.
In the event that the person receives continuous compensation for loss of earnings or maintenance income, the annual amount of the continuous compensation, including any applicable period-specific deductions, is recorded in the system.
Printouts may contain the aforementioned and following details on a case-by-case basis: compensation amount, information on the injured person’s health and financial status, account of the accident.
Identifying information for the claim.
The stored documents are the compensation application and its appendices (accounts of expenses, compensation decisions from the insurance company or the Social Insurance Institution, medical certificates, account of lost income, register extract specifying the deceased person’s familial relationships, clarifications of the deceased person’s and widow’s earnings before the accident and the widow’s earnings thereafter, and a certificate from the educational institute with regard to the studies of a child between 18 and 21 years of age).
6. Normal data sources
The information of the application and its appendices are received primarily from the applicant.
The personal data is obtained from the applicant. If necessary, the address details and personal identity code are confirmed from the Population Information System (Population Information Act 661/2009, Section 29).
In the application form, the applicant authorises the State Treasury to obtain the medical certificates and other clarifications necessary to resolve the compensation matter.
7. Regular disclosures of data
Data contained by the register is disclosed to interested parties.
Withholding information for the previous month is reported to the tax authorities on a monthly basis. The disclosure is based on the Tax Administration’s decision. The tax authority is informed of the previous year’s withholding amounts by person and accrual type in January. The disclosure is based on the Tax Administration’s decision.
8. Regular disclosures of personal data or transfer of data outside the EU or the EEA
Data is not disclosed or transferred to recipients outside the EU or EEA.
9. Principles for filing system protection
The register contains confidential materials.
Only individuals authorised by the controller, who are under obligation of secrecy, have access to the data processed within the information system. Access rights are kept up-to-date by regular inspection, and unnecessary access rights are removed. The information network and terminals containing the register are protected using technical measures. The application servers are located in the operating service provider’s protected facilities. The actions of the data system users and the authorisation of data access are monitored by means of collecting log data.
Manual data content received or printed out for the register is stored in a locked room which is only accessible by individuals who have been authorised by the controller and are bound by an obligation of secrecy. Unnecessary manual materials are destroyed in a data secure manner.
10. Data storage period / criteria for determining storage period
The stipulations of the Archives Act 831/1994 are observed with regard to the storage of documents.
If the archives service has not specified the documents for permanent storage, the following storage periods will be observed:
- 100 years for documents regarding personal injury
- 10 years for documents regarding property damage
- at least 50 years for documents related to appeals, with the exception of personal injury, in which case they are kept for 100 years
The storage period for documents regarding compensation is calculated from the date on which the proceedings were initiated.
Data storage periods are governed by what is stated on document storage in the Workers’ Compensation Act (459/2015) and Motor Liability Insurance Act (460/2016).
11. Information about automatic decision-making and information about the logic of data processing and its impacts on the data subject
The processing of the data does not entail automated decision-making.
12. Right of access
The data subject has the right to access their data in the register. Requests should be sent to the registry office.
In the event that the data subject has exercised their right of access less than one year ago, the controller may collect a fee based on the administrative costs caused by the provision of the data.
13. Rectification of data
Data subjects are entitled to request corrections to any incorrect information the register may contain on them. Requests should be sent to the registry office.
14. The right to object to processing of personal data
The State Treasury processes personal data in order to carry out its statutory duties, and the data subject does not have the right to object to the processing of their personal data.
15. Right to restriction of processing
The data subject has the right to restrict the processing of their personal data as specified in Article 18 of the GDPR.
16. Right to erasure
The State Treasury processes personal data in order to carry out its statutory duties, and the data subject does not have the right to have their personal data removed.
17. Right to lodge a complaint
The data subject has the right to lodge a complaint with a supervisory authority if the data subject believes that their rights have been infringed by the actions of the controller.
18. Other rights
Personal data is neither used nor disclosed for the purpose of direct advertising, distance marketing or other direct marketing, market and opinion research, registers of individuals, or genealogies.
19. Use of cookies
The data system does not use cookies.