Date of publication: 23 September 2020
1. Data controller
City of Espoo
2. Person responsible for the register
Chief Digital Officer
3. Contact person of the register
Elli-Noora Lassy, project coordinator
Postal address: PB 30, 02070 City of Espoo
4. Data Protection Officer
5. For what purpose will personal data be processed?
Espoo has opened its schools and other learning environments for cocreation. The co-creation is based on the “KYKY” model. At the moment, the processes and models of co-creation are developed within the Smart Learning Environments for the Future project and the Devoloping KYKY project together with companies, RDI-organisations and the representatives of the city’s leaning environments.
Personal data is processed in order to enable the co-creation. The city may also process data in order to form anonymous data for statistical purposes.
6. On what grounds will personal data be processed?
Article 6(1)(e) of the General Data Protection Regulation of the European Union: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. What data will be processed?
Description of the personal data collected in the register:
- Representative of a company/community: name, e-mail and phone number
- Contact person of the city: name, e-mail and phone number
PUBLICITY AND CONFIDENTIALITY OF DATA:
According to law the data is not confidential.
8. What are the sources of data?
The personal data is collected from the data subjects. Participation to cocreate, i.e. giving the information, is voluntary.
9. Will data be disclosed or transferred outside the city?
The technical service provider of the platform is Wunder Finland Oy and platforms data is stored on Google Cloud Service The technical service provider of the registration form is Webropol Oy. Microsoft Office tools may also be used to process the data. Webropol, Microsoft and Wunder Finland produce the services on behalf of Espoo
10. Will data be transferred outside the EU/EEA?
All the data contained in the digital innovation platform is is stored inside the EU and is not transferred or processed outside the EU.
All the data which is contained in the Webropol service is stored inside the EU and is not transferred or processed outside the EU.
The contents of the services Microsoft provides is stored within the EU. Microsoft operates and develops its Office 365 services from outside of Europe and the data is regarded to transfer outside the EU if for example the administrator is given remote access to a European server room for example to clear up a fault situation. In this case for example the Commission’s standard contractual clauses are applied.
11.How long will data be stored?
The data is stored at most one year from when the city has received the data
12.How will data be protected?
Electronic materials: IT equipment is located in protected and supervised premises. Each user has personal user rights to client data systems and files. User rights are given on a task-specific basis. Each user must accept a data and data system user agreement and non-disclosure agreement.
There are no manual materials.
13.Rights of the data subject
Further instructions on submitting information requests referred to in the General Data Protection Regulation: https://www.espoo.fi/en-US/Eservices/Data_protection/Client_rights
1. How can I access my data?
You have the right to obtain from the controller a copy of the personal data that is subject to processing. The controller shall provide the data without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay, and at the latest within one month of receipt of the request, of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
Requests from the data subject and any resulting actions are free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.
1.1 When can I request rectification of my data?
You have the right to have inaccurate, incomplete, outdated or unnecessary personal data that we store either rectified or completed by us.
1.2 When can I request erasure of my data?
You have the right to have the controller erase your personal data without undue delay under certain conditions. The data subject does not have the right to erasure if the processing of data is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. In these cases, the data will only be erased after the statutory time limit.
1.3 When can I request restriction of processing of my data?
If the data concerning you is inaccurate, you have the right to request that its processing be restricted until its accuracy has been verified.
1.4 Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority if you feel that the processing of your personal data is in infringement of data protection legislation. You can lodge a complaint with the Office of the Data Protection Ombudsman: www.tietosuoja.fi.