Skip to the content

Privacy statement: Jira

Drafted 28 May 2026

1. Register controller

Name: State Treasury
Address: Sörnäisten rantatie 13, P.O. Box 14, FI-00054 State Treasury, Finland
Other contact details: tel. +358 295 50 2000, kirjaamo(at)valtiokonttori.fi

2. Contact person in matters related to the register

Name: Mr. Henri Heiskanen, Technology Department, Service Production Unit
Address: Sörnäisten rantatie 13, P.O. Box 14, FI-00054 State Treasury, Finland
Other contact details: switchboard +358 295 50 2000, henri.heiskanen(at)valtiokonttori.fi

3. Data protection officer

Mr. Denis Galkin, tel. +358 (0) 295 50 2165, dpo(at)statetreasury.fi

4. Legal basis and purpose for processing of personal data

  1. Management of internal tasks and tickets: various development tasks and service requests of the State Treasury. User data is only used to process tasks and tickets. For this purpose, the State Treasury maintains a user register within Jira. The legal basis is a statutory duty, because the management of internal tasks and tickets is part of the performance of the State Treasury’s statutory duties.
  2. External customer messages: the customer’s contact details are only used to process feedback and to process out tasks and tickets. For the processing of feedback and the carrying out of tasks and tickets, the State Treasury maintains a customer register within Jira. The legal basis is the customer’s consent. The customer gives their consent by entering their contact details in the feedback, task or ticket.

5. Information content of the register

Data content of the register: management of internal tasks and tickets

  1. Tasks and tickets: data provided by the user, at minimum an email address, name and organisation, and possibly a phone number. The data is required for creating and processing tasks and tickets and for identifying the user.
  2. Changes to contact details: first name, last name, email, organisation
  3. Visitor tracking: changes made by users.
  4. Users’ IP addresses: technical log data is collected from the use of Jira and used to verify the operation of Jira and to investigate possible disruptions. IP addresses are stored in the technical log data.

Data content of the register: external customer messages

  1. Feedback, tasks and tickets: data provided by the customer, usually an email address and name, and possibly a phone number. It is not mandatory to provide any personal data in feedback; feedback can also be given anonymously. The State Treasury uses the data to process tasks and tickets or to respond to feedback.
  2. Changes to contact details: first name, last name, email, organisation
  3. Visitor tracking: changes made by customers.
  4. Customers’ IP addresses: technical log data is collected from the use of Jira and used to verify the operation of Jira and to investigate possible disruptions. IP addresses are stored in the technical log data. The IP address data in customer messages received by email is not stored in the log.

6. Regular information sources

Feedback, tasks and tickets, and changes to contact details: the data is obtained from the user or the customer themselves.
Visitor tracking: the data is collected using the Jira system.
Visitors’ IP addresses: Jira automatically captures the user’s IP address in connection with use.

7. Regular disclosures of data

Feedback, tasks and tickets, and changes to contact details: the data is not disclosed further.
Visitor tracking and visitors’ IP addresses: the data is not regularly disclosed further.

8. Regular disclosures of data and transfer of data outside the EU or the EEA

User IDs and external customer IDs may be transferred between Atlassian Corporation’s AWS data centres (Australia, Canada, India, Japan, Singapore, South Korea, Switzerland, the United Kingdom, the United States). Data related to the IDs may be processed and stored in these data centres.

9. Principles of register protection

Feedback, tasks and tickets, and changes to contact details: the register does not contain confidential data.
Access to the data processed in Jira is restricted to persons authorised by the data controller. The validity of access rights is checked regularly, and unnecessary rights are removed. The network and end-user devices on which the register is located are protected by technical measures.

Visitor tracking and visitors’ IP addresses: the register contains confidential material.
Access to the data processed in information systems is restricted to persons authorised by the data controller who are bound by confidentiality obligations. The validity of access rights is checked regularly, and unnecessary rights are removed. The network and end-user devices on which the register is located are protected by technical measures.

10. Data storage period / criteria for determining the storage period

Feedback, tasks and tickets, and changes to contact details: the data is stored only for as long as this is required for processing the customer’s matter; the data is not stored as a register.

Visitor tracking and visitors’ IP addresses: visitor tracking data is stored for as long as the user’s account exists in the system. The account data can be deleted on request by contacting the Jeesi support portal (internal State Treasury users) or by sending an email to vkjira@valtiokonttori.fi.

Users’ and customers’ IP addresses are retained in logs for 180 days from the most recent login and use.

11. Information about automatic decision-making (e.g. profiling) and information about the logic of data processing and its impacts on the data subject

No automated decisions or profiling are carried out on the basis of the data.

12. Right of access

Feedback, tasks and tickets, changes to contact details, visitor tracking and visitors’ IP addresses: the data subject has the right to inspect their data in the register. Requests should be addressed to the State Treasury Registry (see section 1. Data controller).

13. Rectification of data

The data subject has the right to inspect their data in the register. Requests should be addressed to the State Treasury Registry (see section 1. Data controller).

14. The right to object to processing of data

Feedback, tasks and tickets, and changes to contact details: the data subject has the right, on grounds relating to their particular personal situation, to object at any time to the processing of personal data concerning them.

15. Right to restriction of processing

The data subject has the right to restrict the processing of their personal data as provided in Article 18 of the General Data Protection Regulation.

16. Right to erasure

Feedback, tasks and tickets, and changes to contact details: the data subject has the right to request that the data controller erase their personal data from the personal data register. Requests should be addressed to the State Treasury Registry (see section 1. Data controller).

17. Right to lodge a complaint

The data subject has the right to lodge a complaint with the supervisory authority if they consider that their rights have been violated by the data controller.

18. Other rights

Personal data is not used or disclosed for direct advertising, distance selling or other direct marketing, for market and opinion research, personal directories or genealogical research.

The data subject may report a possible data protection risk or data protection issue they have observed to the State Treasury by email: viestinta(at)valtiokonttori.fi or via the website’s feedback channels.

19. Use of cookies

Jira uses cookies to collect user data. Necessary cookies enable the normal use of Jira in accordance with the data subject’s access rights; these cannot be disabled when using Jira. Cookies related to functionality, performance and analytics, research, usage patterns and targeted advertising, as well as social media cookies, can be disabled. More information is available on the website of the manufacturer, Atlassian.

Target group: Authorities Companies and organisations Private individuals

Additional theme

◄ All news