11 December 2020
Name: State Treasury
Address: Sörnäisten rantatie 13, Helsinki. Box 14, 00054 State Treasury
Other contact details (e.g. tel. no. during office hours, email address): tel. +358 (0)295 50 2000, firstname.lastname@example.org
2. Contact person for filing system-related matters
Name: Services for Citizens Division / Tuomo Yliluoma
Address: State Treasury, Services for citizens, PL 14, 00054 State Treasury
Other contact details (e.g. tel. no. during office hours, email address): email@example.com
3. Contact information of the data protection officer
4. Purpose for processing of personal data
The processing of personal data is based on the act on fixed-term cost support to companies (laki yritysten määräaikaisesta kustannustuesta) (508/2020) and the Act on Discretionary Government Transfers (688/2001).
The purpose of processing is to grant fixed-term state aid to companies operating in Finland under the conditions laid down in the act in order to facilitate the general difficulties for business caused by the COVID19 pandemic.
The State Treasury makes its aid decisions mainly on the basis of the infor-mation provided by companies in their applications and on the information on the financial position of the companies that it receives from the Tax Administration.
The processing of personal data is in accordance with Article 6 (1) (c) and (e) of the EU General Data Protection Regulation (EU 2016/679) (processing is necessary in order to comply with the controller’s legal obligations and to use the public authority belonging to the controller).
5. Information content of the register
Details stored in the register
- Name, telephone number and e-mail address of the person preparing the support application
- Company name, business ID, sector, postal address and e-mail address
- Information provided in the application on the company’s turnover, inflexible business expenses and losses, wage expenses for business name entrepreneurs, as well as on any subsidies and insurance compensations received from other sources.
- Information obtained from the tax administration, consisting of:
- identification information of the company and the account number given by the company for the payment of tax refunds
- information on sales reported by the company for VAT purposes
- salary information reported by the company
- information on non-compliance with the tax reporting obligation
- information on the entry in the prepayment tax withholding register
- information from the tax debt register and information on any tax debt sent for recovery by enforcement
- other information necessary for the granting, payment and control of aid
Personal data stored in the register includes information on individuals engaged in business activities as private persons as well as information on those acting on behalf of a company. The information disclosed by the tax administration and the information obtained from other sources contain personal data to the extent that it is directed at an identifiable natural person.
6. Normal data sources
In addition to the applicant, the State Treasury receives information from the tax administration and other authorities that grant aid on the basis of the corona crisis.
Notwithstanding the secrecy provisions, the State Treasury has the right to obtain from other authorities information necessary for the processing and auditing of aid applications under section 31 of the Discretionary Government Transfers Act.
7. Regular disclosures of data
As a general rule, personal data is not disclosed to third parties.
The State Treasury discloses business information and information on applied and granted aid to the Ministry of Economic Affairs and Employment and the Ministry of Finance for the purpose of assessing the impacts of cost support and any needs for change.
Information on companies applying for aid and the aid granted or refused will be published on the State Treasury’s website.
8. Regular disclosures of personal data or transfer of data outside the EU or the EEA
Information is not disclosed or transferred to recipients outside the EU or EEA.
9. Principles for filing system protection
The register contains confidential materials. In accordance with sections 1 and 4 of the act on the public disclosure and confidentiality of tax information (“laki verotustietojen julkisuudesta ja salassapidosta”) (1346/1999), tax information is confidential in accordance with section 29 of the Act on the Openness of Government Activities (621/1999). Confidential information is also classified as business secrets of companies applying for aid.
Only individuals authorised by the controller, who are under obligation of secrecy, have access to the data processed within the information system Access rights are kept up-to-date by regular inspection, and unnecessary access rights are removed. The information network and terminals containing the register are protected using technical measures. The application servers are located in the secure facilities of the operating service provider. The actions of the data sys-tem users and the authorisation of data access are monitored by means of collecting log data.
Manual data is stored in a locked room which is only accessible by individuals who have been authorised by the controller and are bound by an obligation of secrecy. Manual material is converted to digital format and is disposed of in a secure manner after the prescribed storage period has expired.
10. Data storage period / criteria for determining storage period
The provisions laid down in the Archives Act (831/1994) shall apply to the storage of documents.
If the archives service has not specified the documents for permanent storage, they will be retained for 10 years from the date of the decision.
11. Information about automatic decision-making (e.g. profiling) and information about the logic of data processing and its impacts on the data subject
The processing of the data does not entail automated decision-making.
12. Right of access
The data subject has the right to access their data in the register. Requests should be sent to the registry office.
In the event that the data subject has exercised their right of access less than one year ago, the State Treasury may collect a fee based on the administrative costs caused by the provision of the data.
13. Rectification of data
Data subjects are entitled to request corrections to any incorrect information the register may contain on them. Requests should be sent to the State Treasury’s registry office.
14. The right to object to processing of personal data
The State Treasury processes personal data in order to carry out its statutory duties, and the data subject does not have the right to object to the processing of their personal data.
15. Right to restriction of processing
The data subject has the right to restrict the processing of their personal data as specified in Article 18 of the GDPR.
16. Right to erasure
The State Treasury processes personal data in order to carry out its statutory duties, and the data subject does not have the right to have their personal data removed.
17. Right to lodge a complaint
The data subject has the right to lodge a complaint with a supervisory authority if the data subject believes that their rights have been infringed by the actions of the controller.
18. Other rights
Personal data is neither used nor disclosed for the purpose of direct advertising, distance marketing or other direct marketing, market and opinion research, registers of individuals, or genealogies.