Skip to the content


Privacy policy: Penalty fees based on the Workers’ Compensation Act

16 May 2019 

1. Controller

Name: State Treasury
Address: Sörnäisten rantatie 13, P.O. Box 14, FI-00054 State Treasury
Other contact details: tel. +358 (0)295 50 2000, [email protected]

2. Contact person for filing system-related matters

Name: Marjukka Vallioniemi
Address: Sörnäisten rantatie 13, P.O. Box 450, FI-00054 State Treasury
Other contact details: [email protected]

3. Data protection officer

[email protected]

4. Legal basis and purpose for processing of personal data

Personal data is used for the processing of the penalty fee proposal provided to the State Treasury by the Finnish Workers’ Compensation Centre based on the Workers’ Compensation Act (459/2015). The Finnish Workers’ Compensation Centre submits a proposal for imposing a fee corresponding to the insurance premium and the penalty fee to the State Treasury. The State Treasury sends a hearing letter to the customer and affords the opportunity to provide a written response. The decision on the matter is made by the State Treasury.

5. Information content of the register

Employer’s information (personal data or company information)

  • Personal identity code or business ID
  • Name
  • Address
  • E-mail address
  • Field

Information regarding the negligence

  • Professional category
  • Liability category
  • Time of negligence leading to the penalty
  • Payment information/year/professional category
  • Has an occupational accident occurred
  • Payment corresponding to the insurance premium
  • Penalty multiplier
  • Penalty fee

6. Normal data sources

  • The Finnish Workers’ Compensation Centre
  • Tax Administration
  • Population information system
  • Local register office
  • Information system on businesses and organisations
  • Trade Register
  • Police
  • Courts

If necessary, the address information is confirmed from the Population Information System (Population Information Act 661/2009, Section 29).

7. Regular disclosures of data

Information is regularly disclosed to the Finnish Workers’ Compensation Centre.

8. Regular disclosures of personal data or transfer of data outside the EU or the EEA

Data is not disclosed or transferred to recipients outside the EU or EEA.

9.  Principles for filing system protection

The information may include confidential details (e.g. information on health, financial status, customer relationships with social services and private life).

Only individuals authorised by the controller, who are under obligation of secrecy, have access to the data processed within the information system. Access rights are kept up-to-date by regular inspection, and unnecessary access rights are removed. The information network and terminals containing the register are protected using technical measures. The application servers are located in the operating service provider’s protected facilities. The actions of the data system users and the authorisation of data access are monitored by means of collecting log data.

Manual data content is stored in a locked room which is only accessible by individuals who have been authorised by the controller and are bound by an obligation of secrecy. Unnecessary manual materials are destroyed in a data secure manner.

10. Data storage period / criteria for determining storage period

The information is retained for 6 years from the date of the decision. In the event of an appeal process, the information is stored for 50 years. The stipulations of the Archives Act 831/1994 are observed with regard to the storage of documents.

11. Information about automatic decision-making and information about the logic of data processing and its impacts on the data subject

The processing of the data entails automated decision-making. The decision is made based on the proposal of the Finnish Workers’ Compensation Centre if the customer does not provide a response within the set time frame.

12. Right of access

The data subject has the right to access their data in the register. Requests should be sent to the registry office.

In the event that the data subject has exercised their right of access less than one year ago, the controller may collect a fee based on the administrative costs caused by the provision of the data.

13. Rectification of data

Data subjects are entitled to request corrections to any incorrect information the register may contain on them. Requests should be sent to the registry office.

14. The right to object to processing of personal data

The State Treasury processes personal data in order to carry out its statutory duties, and the data subject does not have the right to object to the processing of their personal data.

15. Right to restriction of processing

The data subject has the right to restrict the processing of their personal data as specified in Article 18 of the GDPR.

16. Right to erasure

The State Treasury processes personal data in order to carry out its statutory duties, and the data subject does not have the right to have their personal data removed.

17. Right to lodge a complaint

The data subject has the right to lodge a complaint with a supervisory authority if the data subject believes that their rights have been infringed by the actions of the controller.

18. Other rights

Personal data is neither used nor disclosed for the purpose of direct advertising, distance marketing or other direct marketing, market and opinion research, registers of individuals, or genealogies.

19. Use of cookies

The data system does not use cookies.