1. Controller
Name: State Treasury
Address: Sörnäisten rantatie 13, P.O. Box 14, FI-00054 State Treasury
Other contact details: tel. 0295 50 2000, registry@statetreasury.fi
2. Contact person for filing system-related matters
Name: Marjukka Vallioniemi
Address: Sörnäisten rantatie 13, P.O. Box 450, FI-00054 State Treasury
Other contact details: registry@statetreasury.fi
3. Data protection officer
4. Legal basis and purpose for processing of personal data
The personal data is used to process the penalty fee proposals submitted by the Patient Insurance Centre to the State Treasury on the basis of the Patient Insurance Act (948/2019). The Patient Insurance Centre submits a proposal to the State Treasury for imposing a penalty fee and a fee corresponding to the insurance premium. The State Treasury sends a hearing letter to the customer and provides the customer with an opportunity to submit a written response. The State Treasury makes a decision on the matter.
5. Information content of the register Personal data or company information
Personal identity code and/or business ID
Name
Address
Email address
Phone number
Information regarding the negligence
Time of negligence leading to the penalty
Fee corresponding to the insurance premium
Penalty multiplier
Penalty fee
6. Regular sources of data
Patient Insurance Centre
Business Information System
If necessary, the address information is checked from the Population Information System (section 29 of the Act on the Population Information System 661/2009).
7. Regular disclosures of data
Information is regularly disclosed to the Patient Insurance Centre.
8. Regular disclosures of data and transfer of data to outside the EU or the EEA
Information is not disclosed to recipients outside the EU or the EEA.
9. Principles for register protection
The information may include confidential details (such as information on health, financial status, customer relationships with social services and private life).
Only individuals authorized by the controller, who are under obligation of secrecy, have access to the data processed within the information system. Access rights are kept up to date by regular inspection, and all unnecessary access rights are removed. The information network and terminals containing the register are protected using technical measures. The application servers are located in the protected facilities of the operating service provider. The actions of the data system users and the authorisation of data access are monitored by means of collecting log data.
Manual data content is stored in a locked room, which is only accessible by individuals who have been authorised by the controller and are bound by an obligation of secrecy. Unnecessary manual materials are destroyed in a secure manner.
10. Data storage period/criteria for determining storage period
The information is retained for 6 years from the date of the decision. The provisions of the Archives Act (831/1994) are observed with regard to the storage of documents.
11. Information about automatic decision-making and information about the logic of data processing and its impacts on the data subject
The processing of the data entails automated decision-making. The decision is made based on the proposal of the Finnish Motor Insurers’ Centre if the customer does not provide a response within the set time frame.
12. Right of access
The data subject has the right to access their data in the register. The requests should be sent to the registry office.
In the event that the data subject has exercised their right of access less than one year ago, the controller may collect a fee based on the administrative costs caused by the provision of the data.
13. Rectification of data
Data subjects are entitled to request corrections to any incorrect information the register may contain on them. The requests should be sent to the registry office.
14. The right to object to processing of personal data
The State Treasury processes personal data to carry out its statutory duties (possible other reasons for the right to not be available), and the data subject does not have the right to object to the processing of their data.
15. Right to restriction of processing
The data subject has the right to restrict the processing of their personal data as specified in Article 18 of the General Data Protection Regulation.
16. Right to erasure
The State Treasury processes personal data to carry out its statutory duties (there are other possible reasons for the right to not be available), and the data subject does not have the right to have their personal data removed.
17. Right to lodge a complaint
The data subject has the right to lodge a complaint with a supervisory authority if the data subject believes that their rights have been infringed by the actions of the controller.
18. Other rights
Personal data is neither used nor disclosed for the purposes of direct advertising, distance marketing or other direct marketing, market and opinion research, registers of individuals, or genealogies.
19. Use of cookies
The data system does not use cookies.