Cookie policy for www.sosiaalivakuutus.fi
Cookie policy for www.sosiaalivakuutus.fi
This cookie policy concerns the sosiaalivakuutus.fi website. Sosiaalivakuutus is an online publication for Kela’s stakeholders. It focuses on issues of public policy with a special emphasis on social security. The articles published in Sosiaalivakuutus do not represent Kela’s official policy.
This cookie policy statement outlines how Kela and its partners use cookies and other similar tracking and personalisation technologies (hereinafter referred to collectively as “cookies”) on the sosiaalivakuutus.fi website. Cookies are used to collect information on how and when the website is used. This information helps to improve usability and to offer visitors to the www.sosiaalivakuutus.fi website targeted information.
Kela cannot identify individual users based on the data collected, because it does not capture the users’ name, contact details or personal data code. Behavioural data collected on the sosiaalivakuutus.fi website is not matched to other personally identifying data that Kela may handle in some other context.
Users can allow cookies by adjusting their preferences in the cookie banner. Users can decide not to allow cookies or access to location, or withdraw their consent at any time.
This cookie policy statement provides answers to the following questions:
- How can I find Kela’s contact information?
- What are cookies and what kind of information is collected with them?
- For what purposes are cookies and the information associated with them used?
- How long are data stored?
- What options do users have regarding cookies?
- What other means of control are available to users?
- To whom are data released or transferred?
- How are data protected?
- How is this cookie policy revised or updated?
1. Contact information
The Social Insurance Institution of Finland (Kela)
PL 450, 00101 Helsinki or Nordenskiöldinkatu 12, 00250 Helsinki
Telephone: 020 634 11
Contact person:
Ville Korhonen, Communications Manager
Telephone: 020634 1438
firstname.lastname(at)kela.fi
2. What are cookies and what kind of information is collected with them?
Like many other websites, the sosiaalivakuutus.fi website uses cookies and other similar tracking and personalisation technologies. Cookies are small text files containing information which are stored by the user’s browser and which collect information about visits to the sosiaalivakuutus.fi website.
Both first-party and third-party cookies are used on the sosiaalivakuutus.fi website. First-party cookies are created by the website whose address is shown in the address bar. The sosiaalivakuutus.fi website also uses third-party cookies from marketing technology providers and social media. Only the server that created the cookie can read the cookie and for example recognise a returning user.
On the sosiaalivakuutus.fi website, cookies are used among other things to collect information about
- the number of visitors to the website
- what types of devices are used to access the sosiaalivakuutus.fi website
- the online address from which users access the website
- individual pages visited.
The page requests made by visitors to the site are stored automatically in cookies and on the servers for the sosiaalivakuutus.fi website. Such information typically includes the user’s page request and its date and time, the IP address of the user’s device, and the type and language of the browser.
The information is in a format that prevents it from being matched to individual users without access to additional information. Cookies are not used to store information for example about the user’s name, email address, telephone number or home address. Kela is unable to match cookie data to specific individuals, and is taking steps to further minimise the potential to identify specific users. For example, when using web analytics tools, Kela deletes digits in the user’s IP address in order to prevent anyone from identifying specific users.
3. How are cookies and the information associated with them used?
The following types of cookies are used on the sosiaalivakuutus.fi website:
- Functional cookies These cookies are used to ensure the proper functioning of the sosiaalivakuutus.fi website. For examples, Polyfill is used to remedy performance and functionality problems when using various browsers and older versions of such browsers. Polyfill receives network requests from the browser and activate the functionalities available on the website that are supported by the browser.
- Cookies related to user metrics and analytics: Web analytics tools (Google Analytics and Piwik Pro) use cookies to collect statistical data. We collect data to analyse the number of visitors, to gauge users’ interest in various types of content and to identify different ways in which the service used, as well as to develop the site further.
- Targeting cookies used for marketing communications Cookies allow Kela to target marketing communications to users who have visited the sosiaalivakuutus.fi website. Kela’s works together with the following partners: Adform, Twitter, MediaMath and Facebook. By deploying cookies from these service providers on its website, Kela makes it possible to collect information and to transmit it to the service providers. Further, Google Tag Manager (GTM) is used to manage these tracking tags.
The use of third-party cookie data is governed by the terms and conditions of the third parties, which can be examined below:
Google Analytics
- Purpose of use: To collect statistical data on the website and to analyse it in order to improve the website content.
- Click here for more information on how Google uses cookies.
Piwik Pro
- Purpose of use: To collect statistical data on the website and to analyse it in order to improve the website content.
- Click here for more information on how Piwik Pro uses cookies.
Hotjar
- Purpose of use: To collect statistical data on the website and to analyse it in order to improve the website content.
- Click here for more information on how Hotjar uses cookies.
Google Tag Manager (GTM)
- Purpose of use: To manage tracking tags such as Facebook and Adform pixels.
- Click here for more information on how Google uses cookies.
Google Double Click
- Purpose of use: To personalise, implement and analyse marketing messages in order to display the kind of messages that users are most likely to find interesting.
- More information: If the user has a Google account, Google may match the cookie to the user’s account. Click here for more information on how Google uses cookies for personalisation.
- Purpose of use: To personalise, implement and analyse marketing messages in order to display the kind of messages that users are most likely to find interesting.
- More information: Click here for more information on how Facebook uses cookies. Facebook may match a cookie related to a visit to the sosiaalivakuutus.fi website to a specific Facebook user who has a Facebook account.
Adform
- Purpose of use: To personalise, implement and analyse marketing messages in order to display the kind of messages that users are most likely to find interesting.
- Click here for more information on how Adform uses cookies.
MediaMath
- Purpose of use: To personalise, implement and analyse marketing messages in order to display the kind of messages that users are most likely to find interesting.
- Click here for more information on how MediaMath uses cookies.
- Purpose of use: To personalise, implement and analyse marketing messages in order to display the kind of messages that users are most likely to find interesting.
- Click here for more information on how Twitter uses cookies.
Polyfill
- The purpose of the cookies is to ensure a consistent user experience on different browsers. The Polyfill service identifies the browser and the features it supports. It offers the browser a collection of codes designed to ensure that the various features on the site are displayed as consistently as possible to users of different browsers.
- Click here for more information on how Polyfill uses cookies.
4. How long are data stored?
The cookies either expire after the session ends (i.e., until the user closes the browser) or they are persistent cookies with a lifetime of a few months or a few years. Users can affect the length of time for which the data collected with cookies is stored by clearing the cookies in their browser settings, which will reset their cookie profile.
Typical storage periods for data collected with cookies are as follows:
- Functional cookies The data collected with functional cookies are usually deleted at the end of the sessions, or are stored for a maximum of one month.
- Cookies related to user metrics and analytics: Cookies collected for this purpose are deleted from Hotjar or equivalent within 365 days. Data collected by Google Analytics is typically stored for 26 months and data collected by Piwik Pro for 36 months.
- Targeting communications. The data collected for the purpose of targeted advertising is typically stored for a few months. For example Adform and MediaMath, both Kela partners, delete the data within 13 months.
5. What options do users have regarding cookies?
Users give their consent to the use of cookies and to the processing of the data collected with them when visiting the sosiaalivakuutus.fi website for the first time and by clicking the Allow button in the cookie banner. Users may decline or withdraw their consent by clicking on the Cookies Preferences button in the banner.
Users wishing to make choices that are specific to a particular partner we work with may visit the partners’ website to block cookies or change their preferences:
- Google Analytics: Users can block the use of site data in Google Analytics by installing a browser add-on available here. The add-on prevents the Google Analytics JavaScript code running on the website (ga.js, analytics.js and dc.js) from sharing site usage data with Google Analytics.
- Google DoubleClick: Users can manage Google’s advertising settings here.
- Twitter: Users can manage Twitter’s advertising settings here.
- Facebook: Users can manage Facebook’s advertising settings here.
- Adform: Users can withdraw their consent to targeted advertising here.
- MediaMath: Users can withdraw their consent to targeted advertising here.
- Hotjar: Users can go here to prevent the collection of data.
- Piwik Pro: Users can stop the collection of data by enabling Do not track in the browser settings. Browser-specific instructions: Internet Explorer, Firefox and Google Chrome.
Users can can also use the browser settings to block or delete cookies. Blocking or deleting cookies may affect choices you have made previously on the website, for example deleting a cookie set previously on the website which forbids targeted advertising. Any selections made are browser-specific, which means that users must manage their preferences separately in each browser.
In Google Chrome, Internet Explorer and Mozilla Firefox, for example, cookies are deleted as follows:
Google Chrome 66
- Launch Google Chrome.
- Click the menu in the upper right-hand corner and select Options.
- Click Show advanced settings.
- Yes. Fill in the following data:.
- Turn off “Allow sites to save and read cookie data (recommended)”.
Internet Explorer 11
- Launch Internet Explorer.
- Click the Tools icon (which looks like a gear) and select Internet Options.
- Select the Privacy tab and click on Advanced.
- Under First-party Cookies and Third-party Cookies, select Block. Also uncheck “Always allow session cookies”.
- Then click OK.
Mozilla Firefox 52
- Launch Firefox.
- Click the menu in the upper right-hand corner and select Options.
- Select Privacy & Security.
- Choose “Firefox will” in the drop-down menu under History.
- Select “Never remember history”.
- Close the Options page.
If you block cookies, you can allow them again at any time. Deleting cookies will not make it more difficult to use the sosiaalivakuutus.fi website
6. What other options do users have?
Besides having the right to information about the handling of personal information, users have the right under the privacy law:
- to check what personal information has been stored about them
- to correct the information
- to delete the information and to exercise their right to be forgotten
- to withdraw a consent they have given earlier
- to restrict the handling of the information
- to ask that the information they have supplied, which is handled automatically based on their consent or an agreement, not be transferred from one system to another
By default, exercising the above rights requires Kela to identify each user. This means that users must supply additional information to allow them to be identified.
Changing the cookie preferences as described above is the primary way in which users can affect the processing of their data. Users can contact Kela by phone or use the Message function on Kela’s e-service, submit a written request to Kela’s Registry, or visit a Kela office personally. The contact information can be found in section 1. Users can also file a complaint with the supervisory authority at www.tietosuoja.fi.
7. To whom are data released or transferred?
Kela works with a number of reliable partners to target marketing and enables these partners to collect information on the sosiaalivakuutus.fi website by means of cookies and similar technologies. Please refer to section 3 for information on how the partners handle the data.
Certain service providers contracted by Kela (such as communications agencies) may have access to data created in connection with visits to the sosiaalivakuutus.fi website. These service providers may use the data only as appropriate to Kela’s requirements. In that context, Kela may transfer processed personal data outside the EU or ETA in compliance with prevailing legislation.
Kela seeks to ensure by contractual means that the partners and service providers handle the information in accordance with the prevailing legislation.
8. How are data protected?
At Kela, data security and protection of personal data are systematically taken into account in all use and handling of information. The privacy and usability of personal data are ensured by employing the appropriate technical and administrative measures. Kela handles all personal data with data protection in mind and in the manner determined by law.
All persons at Kela who handle personal data sign a confidentiality agreement. The personal data are used only by authorised persons who need them to perform their official duties.
Data collected by means of cookies are also handled by certain external partners of Kela in accordance with separate agreements. Kela seeks to ensure by contractual means that the partners take the necessary steps to guarantee data security as required by legislation.
9. How is this cookie policy revised or updated?
Kela may update this cookie policy when appropriate, for example if the purposes for which which the data are handled change or if the relevant legislation or government recommendations are revised. Information about the updates will be posted on the sosiaalivakuutus.fi website.
This cookie policy was published in connection with the implementation of a cookie banner on the sosiaalivakuutus.fi website, which allows users to manage their cookie preferences. It replaces the earlier privacy policy statement, which is available here.
Privacy statement for the Elämässä.fi website
Privacy statement for the Elämässä.fi website
This privacy statement only applies to the Elämässä.fi website. Elämässä.fi is a web publication for Kela’s individual and employer clients. Elämässä.fi produces customer profiles for Kela’s clientele as well as blogs, questionnaires and tests which complement the informational content on the kela.fi website.
1 Data controller
The Social Insurance Institution of Finland (Kela)
PL 450, 00101 HELSINKI or Nordenskiöldinkatu 12, 00250 HELSINKI
020 634 11, www.kela.fi/administration
2 Contact person for register-related matters
Minna Latvala, tel. +358 20 634 1418,
firstname.lastname (at) kela.fi
3 Name of register
Privacy statement for the Elämässä.fi website
4 What kind of data are collected and how?
Statistical data on the use of the kela.fi website is collected by means of both first-party cookies deployed by Kela and by cookies from third-party providers. Google Analytics is used to collect the statistical data.
Such data can include
- the number of visitors to the website
- devices used to access the kela.fi website
- the online address from which users access the website
- specific pages visited
Learn more about the cookie policy of the Elämässä.fi website.
The data collected with the web analytics tool never includes the name, personal identity code or other identifying details about a particular individual. For example, the visitor’s IP address is pseudonymised when web analytics tools are used. Kela will never try to identify individual visitors to the website based on this data.
The ZEF survey tool may be used to ask visitors to the site may be asked for the following information:
- name
- email address
- home address
- telephone number
- age
- date of birth
- educational attainment and qualifications
- contact information
- other personal data given by visitors in connection with a specific survey.
The collection of this data is based on the users’ consent. Only information provided personally by readers of Elämässä.fi is used to compile the register.
Kela specifies for each survey the kind of information collected from respondents. In some surveys, no information at all is collected from respondents.
In addition, Kela collects data in the normal course of operation of the Elämässä.fi website, which is stored in the log files for the site.
Data collected from different sources are never matched or combined.
5 For what purposes are data collected?
Kela uses the data collected to ensure that the Elämässä.fi website functions properly and to guarantee data security. In addition, the data are used for site analytics and to produce information about the number of visitors, the usefulness of the content and the way the service is used as well as to further develop the content of the site.
Personal information collected with the ZEF survey tool is used only for purposes of prize delivery. The information is collected and used for this purpose only.
6 Transfer of data outside the EU or EEA
As a rule, Kela will not transfer data about visitors to the Elämässä.fi site to other data controllers. However, certain service providers contracted by Kela (such as producers of online publications) may have access to data created in connection with visits to the Elämässä.fi website. These service providers may use the data only as appropriate to Kela’s requirements. In that context, Kela may transfer processed personal data outside the EU or EEA in compliance with prevailing legislation.
7 How are data protected?
At Kela, data security and protection of personal data are systematically taken into account in all use and handling of information. The privacy and usability of personal data are ensured by employing the appropriate technical and administrative measures. Kela handles all personal data with data protection in mind and in the manner determined by law.
All persons at Kela who handle personal data sign a confidentiality agreement. The register data are used only by authorised persons who need them to perform their official duties.
Data are processed also by outside partners of Kela in accordance with specific agreements, in which case the partners act in the role of data processors.
8 How long are data stored?
As soon as Kela no longer needs certain personal data it has collected, the data are destroyed in a secure fashion.
9 What rights do the users of the service have?
Users have the right to check the information collected about them and to ask that incorrect information is corrected. Users can check and correct their personal information by sending Kela a request to that effect.
In the request, they must identify the incorrect information, indicate why it is incorrect and specify how it should be amended.
The request can be made by phone, by using the Messages function on Kela’s e-service, by submitting a written request to Kela’s Registry, or by visiting a Kela office personally. The contact information can be found in section 1.
10 Amendments to this privacy statement
Kela may amend this privacy statement without separate notice.
Privacy statement for the Kysy Kelasta discussion forum
Privacy statement for the Kysy Kelasta discussion forum
1 Data controller
The Social Insurance Institution of Finland (Kela)
PL 450, 00056 HELSINKI or Nordenskiöldinkatu 12, 00250 HELSINKI
020 634 11, http://www.kela.fi/web/en/administration
2 Contact person for register-related matters
Päivi Jalava, tel. 020 634 11 (exchange)
3 Name of register
User register for the Kysy Kelasta discussion forum
4 Purpose and basis for the handling of personal data
The collection of personal data such as the IP address is based on users’ consent. Users give their consent when registering or when posting a message unregistered.
The Kysy Kelasta forum may be used normally also without allowing cookies.
5 Information content of the register
The Kysy Kelasta forum may be used normally also without allowing cookies. Types of data contained by the register:
- User’s handle
- User’s email address
- User’s IP address, operating system and browser
- The user’s navigation path from the main Kela website to the Kysy Kelasta discussion forum and within the forum.
- Question posted by the user and the reply, with time stamp details
6 Regular sources of data
User register for the Kysy Kelasta discussion forum
Some of the personal data stored in the register are obtained from users upon registration. The rest are created as part of the subsequent use of the service.
No data are obtained from any other source, nor are data matched with data from other sources.
7 Regular disclosure of data
None.
8 Transfer of data outside the EU or EEA
None.
9 Retention period for personal data
Personal data are retained for as long as the Kysy Kelasta discussion forum is used.
Personal data are deleted if a registered user requests the deletion of their account.
10 Principles of register security
At Kela, data security and protection of personal data are systematically taken into account in all use and handling of information. Kela handles all personal data with data protection in mind and in the manner determined by law.
All persons at Kela who handle personal data sign a confidentiality agreement. The register data are used only by authorised persons who need them to perform their official duties.
11 Right of access to data
According to Article 15 of EU Regulation 2016/679, the data subject has the right to access personal data concerning him or her, i.e. a right to check information concerning the person himself or herself.
The request can be made by phone, by using the Message function on Kela’s e-service, by submitting a written request to Kela’s Registry, or by contacting a Kela office personally. The contact information can be found in section 1.
12 Right of correction
According to Article 16 of EU Regulation 2016/679, the data subject has the right to request the correction of inaccurate personal data concerning him or her.
In the request, they must identify the incorrect information, indicate why it is incorrect and specify how it should be amended.
The request can be made by phone, by using the Message function on Kela’s e-service, by submitting a written request to Kela’s Registry, or by contacting a Kela office personally. The contact information can be found in section 1.
13 Right of erasure
According to Article 17 of EU Regulation 2016/679, the data subject has the right to request the erasure of personal data concerning him or her.
This right does not concern personal data that Kela needs in order to carry out its statutory duties.
The request can be made by phone, by using the Message function on Kela’s e-service, by submitting a written request to Kela’s Registry, or by contacting a Kela office personally. The contact information can be found in section 1.
14 Right to file a complaint with a supervisory authority
According to Article 77 of EU Regulation 2016/679, the data subject has the right to lodge a complaint with the Data Protection Ombudsman, if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
Privacy statement for Kela’s press release distribution system
Privacy statement for Kela’s press release distribution system
1 Data controller
The Social Insurance Institution of Finland (Kela)
PL 450, 00056 Helsinki or Nordenskiöldinkatu 12, 00250 Helsinki
020 634 11, http://www.kela.fi/web/en/administration
2 Contact person for register-related matters
Ville Korhonen
Tel. 020 634 11 (exchange)
3 Name of register
Recipients of Kela press releases
4 Purpose and basis for the handling of personal data
The data are processed for the purpose of distributing press releases through the ePressi service. Personal data are not disclosed to outside parties and are not used for commercial purposes.
The basis for processing data is to perform a task in the public interest (Article 6(1), point (e) of the General Data Protection Regulation; Section 4 of the Data Protection Act). The data subject’s consent is also required.
5 Information content of the register
The register consists of e-mail addresses.
6 Regular sources of data
The register is compiled from address data of the partners of Kela's Communications Section, publicly available internet sources and subscriptions received by Kela’s Communications Unit.
7 Regular disclosure of data
None.
8 Transfer of data outside the EU or EEA
None.
9 Retention period for personal data
The personal data are retained for as long as the distribution list is used.
The personal data are deleted if the subscriber cancels a press release subscription. The personal data are also deleted if the e-mail address is no longer valid.
10 Principles of register security
Kela exercises due care in all its operations and ensures a high level of data protection and data security.
All Kela staff members who handle personal data sign a confidentiality agreement. The register data may be used only by authorised persons who need them to perform their official duties.
11 Right of access to data
According to Article 15 of EU Regulation 2016/679, data subjects have the right to access personal data concerning them, i.e., to you can check the data concerning their person.
Those who wish to check their data must submit a request to Kela.
The request can be addressed to Kela's Registry. The contact information of the Registry can be found on Kela’s website at www.kela.fi/web/en/administration.
Alternatively, the request can be made by phone or by visiting a Kela customer service point. It can also be transmitted in a message via Kela’s e-service at www.kela.fi/omakela.
12 Right of correction
According to Article 16 of EU Regulation 2016/679, the data subject has the right to request the correction of inaccurate personal data.
The request for correction must be submitted to Kela.
The request must specify the following:
- the specific information which is incorrect
- the reason why it is incorrect
- how it should be amended.
The request can be addressed to Kela's Registry. The contact information of the Registry can be found on Kela’s website at www.kela.fi/web/en/administration.
Alternatively, the request can be made by phone or by visiting a Kela customer service point. It can also be transmitted in a message via Kela's e-service at www.kela.fi/omakela.
13 Right of erasure
Under Article 17 of the General Data Protection Regulation, data subjects have the right to request the erasure of their personal data.
This right does not concern personal data that Kela needs to carry out its statutory duties.
The request to erase personal data must be made to Kela.
The request can be addressed to Kela's Registry. The contact information of the Registry can be found on Kela’s website at www.kela.fi/web/en/administration.
The request can also be transmitted in a message via Kela's e-service at www.kela.fi/omakela. Alternatively, the request can be made by phone or by visiting a Kela customer service point.
14 Right to file a complaint with a supervisory authority
According to Article 77 of EU Regulation 2016/679, the data subject has the right to lodge a complaint with the Data Protection Ombudsman, if the data subject considers that the processing of Kela personal data relating to him or her infringes this Regulation.
Privacy statement for Kela’s newsletter subscriber address register
Privacy statement for Kela’s newsletter subscriber address register
1 Data controller
The Social Insurance Institution of Finland (Kela)
PL 450, 00056 Helsinki or Nordenskiöldinkatu 12, 00250 Helsinki
020 634 11, http://www.kela.fi/web/en/administration
2 Contact person for register-related matters
Heidi Blomqvist
Tel. 020 634 11 (exchange)
3 Name of register
Address register for Kela's newsletters
4 Purpose and basis for the handling of personal data
The purpose for handling personal data is to allow Kela’s newsletters to be sent to the subscribers. The register contains such data as new orders submitted on the newsletter subscription form (see section 6). Subscribers give their consent to the processing of their data.
To allow further development of the newsletters, the newsletter tool uses pixels to track the following information based on user actions to open the newsletter and the links it contains:
- what newsletter topics are read
- date and time at which the newsletter is read.
The data can be tracked on an individual-user level. Only the authors of the newsletters are authorised to look up statistical data as required by their professional responsibilities.
Personal data are not disclosed to outside parties and are not used for commercial marketing purposes.
5 Information content of the register
The register contains data on the customers according to the following classification: e-mail address and background organisation. The users’ IP addresses are used to track the opening of links.
6 Regular sources of data
The register is compiled from address data of the partners of Kela's Communications Section, publicly available Internet sources and subscriptions filed on the subscription form.
7 Regular disclosure of data
None.
8 Transfer of data outside the EU or EEA
None.
9 Retention period for personal data
The personal data are stored as long as a particular newsletter is published. They are deleted if the subscriber cancels all of his or her newsletter subscriptions or if the email address is no longer in use.
10 Principles of register security
Kela exercises due care in all its operations and ensures a high level of data protection and data security.
All Kela staff members who handle personal data sign a confidentiality agreement. The register data may be used only by authorised persons who need them to perform their official duties.
11 Right of access to data
According to Article 15 of EU Regulation 2016/679, data subjects have the right to access personal data concerning them, i.e., to check the data concerning their person.
Those who wish to check their data must submit a request to Kela.
The request can be addressed to Kela's Registry. The contact information of the Registry can be found on Kela’s website at www.kela.fi/web/en/administration.
The request can also be made by phone or by visiting a Kela service point, or by sending a message on Kela’s e-service at www.kela.fi/omakela.
12 Right of correction
According to Article 16 of EU Regulation 2016/679, the data subject has the right to request the correction of inaccurate personal data.
Subscribers can use the link at the end of the newsletter to correct inaccuracies.
13 Right of erasure
Under Article 17 of the General Data Protection Regulation, data subjects have the right to request the erasure of their personal data.
Subscribers can cancel their subscription, following which their data are deleted from the register. The data can also be deleted from the register at the subscriber’s request, which will also cancel the subscription. Erasure requests may be emailed to viestinta(at)kela.fi.
14 Right to file a complaint with a supervisory authority
According to Article 77 of EU Regulation 2016/679, the data subject has the right to lodge a complaint with the Data Protection Ombudsman, if the data subject considers that the processing of Kela personal data relating to him or her infringes this Regulation.
Privacy statement for the supplier and customer register
Privacy statement for the supplier and customer register
1 Data controller
The Social Insurance Institution of Finland (Kela)
PL 450, 00056 HELSINKI or Nordenskiöldinkatu 12, 00250 HELSINKI
020 634 11, http://www.kela.fi/web/en/administration
2 Contact person for register-related matters
Jarkko Malinen
Tel. 020 634 11 (exchange)
3 Name of register
Supplier and customer register
4 Purpose and basis for the handling of personal data
The register contains supplier and customer data used in the handling and archival of sale and purchase invoices. The data are used to pay organisations, private individuals and employees and to invoice organisations and private individuals. The data are used for billing reports.
The handling of the data is based on the discharge of Kela’s statutory responsibilities and contractual fulfilment.
5 Information content of the register
Recipient details (organisation or private individual):
- name
- bank account
- electronic invoicing address
- Business ID
- contact information
- country code
- customer account category, supplier account category
- EPR validity period
- payment details
6 Regular sources of data
Suppliers are recorded in the register based on a combination of data supplied by the supplier (e.g. on an invoice) and data obtained or verified from governmental registries.
Staff members are recorded either as suppliers or customers based on HR data.
Invoiced customers are registered on the basis of self-provided information.
Some of the customer and supplier data are retrieved from other Kela systems.
7 Regular disclosure of data
None.
8 Transfer of data outside the EU or EEA
None.
9 Retention period for personal data
Customer data are retained in accordance with the Accounting Act.
10 Principles of register security
Kela exercises due care in all its operations and ensures a high level of data protection and data security.
All Kela staff members who handle personal data sign a confidentiality agreement. The register data may be used only by authorised persons who need them to perform their official duties.
11 Right of access to data
According to Article 15 of EU Regulation 2016/679, data subjects have the right to access personal data concerning them, i.e., to check the data concerning their person.
Data subjects who wish to check the data on their person must request the data from Kela's Registry.
The Registry’s contact information can be found on Kela’s website at www.kela.fi/web/en/administration.
The request can also be made by phone or by visiting a Kela service point, or by sending a message on Kela’s e-service at www.kela.fi/omakela.
12 Right of correction
According to Article 16 of EU Regulation 2016/679, the data subject has the right to request the correction of inaccurate personal data.
The request for correction must be submitted to Kela.
The request must specify the following:
- the specific information which is incorrect
- the reason why it is incorrect
- how it should be amended.
The request can be sent to Kela’s registry, whose contact information can be found on Kela’s website at www.kela.fi/web/en/administration.
The request can also be made by phone or by visiting a Kela service point, or by sending a message on Kela’s e-service at www.kela.fi/omakela.
13 Right of erasure
Under Article 17 of the General Data Protection Regulation, data subjects have the right to request the erasure of their personal data.
This right does not concern personal data that Kela needs in order to carry out its statutory duties.
Data subjects wishing to delete personal information must send a deletion request to Kela's Registry, whose contact information can be found on Kela’s website at www.kela.fi/web/en/administration.
The request can also be sent in a message via Kela’s e-service at www.kela.fi/omakela, by phone, or by visiting a Kela service point.
14 Right to file a complaint with a supervisory authority
According to Article 77 of EU Regulation 2016/679, the data subject has the right to lodge a complaint with the Data Protection Ombudsman, if the data subject considers that the processing of Kela personal data relating to him or her infringes this Regulation.
Privacy statement for the system used in the registration and archival of administrative documents
Registration and archival system for administrative documents
1 Data controller
The Social Insurance Institution of Finland (Kela)
PL 450, 00056 Helsinki or Nordenskiöldinkatu 12, 00250 Helsinki
020 634 11, http://www.kela.fi/web/en/administration
2 Contact person for register-related matters
Jarmo Partanen
Tel. 020 634 11 (exchange)
3 Name of register
Registration and archival system for administrative documents
4 Purpose and basis for the handling of personal data
The register is used for the registration of administrative matters and the archival of documents.
The handling of personal data is based on section 18 of the Act on the Openness of Government Activities (621/1999).
5 Information content of the register
The register contains data on matters which are pending or concluded and the documents associated with them, and the contact information of the persons and organisations initiating or otherwise related to the matter. The following types of data are stored about the relevant persons and organisations:
- name
- address
- email address
- telephone number
- contact person.
6 Regular sources of data
The following sources of data are used: documents submitted by private individuals, organisations and government agencies and administrative documents produced by Kela.
7 Regular disclosure of data
None.
8 Transfer of data outside the EU or EEA
None.
9 Retention period for personal data
The retention periods for personal data have been set in accordance with the guidelines issued by the National Archives of Finland and the applicable laws and decrees.
10 Principles of register security
Kela exercises due care in all its operations and ensures a high level of data protection and data security.
All Kela staff members who handle personal data sign a confidentiality agreement. The register data may be used only by authorised persons who need them to perform their official duties.
11 Right of access to data
According to Article 15 of EU Regulation 2016/679, data subjects have the right to access personal data concerning them, i.e., to you can check the data concerning their person.
Those who wish to check their data must submit a request to Kela.
The request can be addressed to Kela's Registry. The contact information of the Registry can be found on Kela’s website at www.kela.fi/web/en/administration.
Alternatively, the request can be made by phone or by visiting a Kela customer service point. The request can also be transmitted in a message via Kela's e-service at www.kela.fi/omakela.
12 Right of correction
According to Article 16 of EU Regulation 2016/679, the data subject has the right to request the correction of inaccurate personal data.
The request for correction must be submitted to Kela.
The request must specify the following:
- the specific information which is incorrect
- the reason why it is incorrect
- how it should be amended.
The request can be addressed to Kela's Registry. The contact information of the Registry can be found on Kela’s website at www.kela.fi/web/en/administration.
Alternatively, the request can be made by phone or by visiting a Kela customer service point. The request can also be transmitted in a message via Kela's e-service at www.kela.fi/omakela.
13 Right of erasure
Under Article 17 of the General Data Protection Regulation, data subjects have the right to request the erasure of their personal data.
This right does not concern personal data that Kela needs to carry out its statutory duties.
The request to erase personal data must be made to Kela.
The request can be addressed to Kela's Registry. The contact information of the Registry can be found on Kela’s website at www.kela.fi/web/en/administration.
The request can also be transmitted in a message via Kela's e-service at www.kela.fi/omakela. Alternatively, the request can be made by phone or by visiting a Kela customer service point.
14 Right to file a complaint with a supervisory authority
According to Article 77 of EU Regulation 2016/679, the data subject has the right to lodge a complaint with the Data Protection Ombudsman, if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
Privacy statement for the electronic register of job applicants
Privacy statement for the electronic register of job applicants
1 Data controller
The Social Insurance Institution of Finland (Kela)
PL 450, 00056 HELSINKI or Nordenskiöldinkatu 12, 00250 HELSINKI
020 634 11, http://www.kela.fi/web/en/administration
2 Contact information for register-related matters
HR Services
Tel. 020 634 11 (exchange)
3 Name of register
Electronic register of job applicants
4 Purpose and basis for the handling of personal data
The personal data stored in the register are used by Kela for internal and external recruitment.
The data are used in receiving, reviewing and storing job applications, in making selections among applicants, and in informing applicants.
The handling of the personal data is based on the applicants’ consent given upon registration with the service.
5 Information content of the register
The register contains data on the position applied for and on the applicant.
Information about the applicant:
- name, email address, delivery address, postal code and phone number
- educational attainment and work experience
- language proficiency
- actions taken at various stages of the recruitment process (e.g. interviews and aptitude tests)
- candidate’s job search history over a maximum period of two years
- other information provided by the applicant (CV, cover letter, other documents)
6 Regular sources of data
The personal data are obtained from the applicants themselves.
7 Regular disclosure of data
None.
With the applicant’s consent, personal data may in certain specific situations be made available to the software application used in the video interview (applicant’s email address) or to the service provider carrying out the aptitude test (applicant’s name and phone number).
8 Transfer of data outside the EU or EEA
None.
9 Retention period for personal data
Application documents are retained for two years starting from selection.
10 Principles of register security
At Kela, data security and protection of personal data are systematically taken into account in all use and handling of information. Kela handles all personal data with data protection in mind and in the manner determined by law.
All persons at Kela who handle personal data sign a confidentiality agreement. The register data are used only by authorised persons who need them to perform their official duties.
11 Right of access to data
According to Article 15 of EU Regulation 2016/679, the data subject has the right to access personal data concerning him or her, i.e. a right to check information concerning the person himself or herself.
The request can be made by phone, by using the message function on Kela’s e-service, by submitting a written request to Kela’s Registry, or by contacting a Kela office personally. The contact information can be found in section 1.
12 Right of correction
Applicants may self-correct their profile information and supporting documents by logging in to the recruitment service.
13 Right of erasure
Applicants may delete their data and application sooner than described in section 9. The data can be deleted by logging into the recruitment service. After deletion, the personal data and the application data stored in the service are anonymised.
14 Right to file a complaint with a supervisory authority
According to Article 77 of EU Regulation 2016/679, the data subject has the right to lodge a complaint with the Data Protection Ombudsman, if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
Privacy statement: Subscriber address register for the newsletter on topics for flexible research funding provided by Kela
Privacy statement: Subscriber address register for the newsletter on topics for flexible research funding provided by Kela
1 Data controller
The Social Insurance Institution of Finland (Kela)
PL 450, 00056 Helsinki or Nordenskiöldinkatu 12, 00250 Helsinki
020 634 11, http://www.kela.fi/web/en/administration
2 Contact person for register-related matters
Päivi Tillman
Tel. 020 634 11 (exchange)
3 Name of register
Subscriber address register for the newsletter on topics for flexible research funding awarded by Kela under section 12 of the Act of Parliament on the rehabilitation services and cash benefits provided by Kela.
4 Purpose and basis for the handling of personal data
The data are processed for the purpose of distributing updated information on new topics for flexible research funding to newsletter subscribers.
5 Data content of the register
The register contains data on the customers according to the following classification: e-mail address and background organisation.
6 Regular sources of data
The register is compiled from email addresses provided by researchers on the online subscription form posted on the Kela Research website.
7 Regular disclosure of data
None.
8 Transfer of data outside the EU or EEA
None.
9 Retention period for personal data
The personal data are stored as long as the newsletter is published.
The personal data are deleted if a subscriber cancels their subscription.
The personal data are also deleted if the e-mail address is no longer functioning.
10 Principles of register security
Kela exercises due care in all its operations and ensures a high level of data protection and data security.
All Kela staff members who handle personal data sign a confidentiality agreement. The register data may be used only by authorised persons who need them to perform their official duties.
11 Right of access to data
According to Article 15 of EU Regulation 2016/679, data subjects have the right to access personal data concerning them, i.e., to check the data concerning their person.
Those who wish to check their data must submit a request to Kela.
The request can be addressed to Kela's Registry. The contact information of the Registry can be found on Kela’s website at www.kela.fi/web/en/administration
The request can also be made by phone or by visiting a Kela service point, or by sending a message on Kela’s e-service at www.kela.fi/omakela.
12 Right of correction
According to Article 16 of EU Regulation 2016/679, the data subject has the right to request the correction of inaccurate personal data.
The request for correction must be submitted to Kela.
The request must specify the following:
- the specific information which is incorrect
- the reason why it is incorrect
- how it should be amended.
The request can be addressed to Kela's Registry. The contact information of the Registry can be found on Kela’s website at www.kela.fi/web/en/administration.
The request can also be made by phone or by visiting a Kela service point, or by sending a message on Kela’s e-service at www.kela.fi/omakela.
13 Right of erasure
Under Article 17 of the General Data Protection Regulation, data subjects have the right to request the erasure of their personal data.
This right does not concern personal data that Kela needs to carry out its statutory duties.
The request to erase personal data must be made to Kela.
The request can be addressed to Kela's Registry. The contact information of the Registry can be found on Kela’s website at www.kela.fi/web/en/administration.
The request can also be transmitted as a message via Kela's e-service at www.kela.fi/omakela. Alternatively, the request can be made by phone or by visiting a Kela customer service point.
14 Right to file a complaint with a supervisory authority
According to Article 77 of EU Regulation 2016/679, the data subject has the right to lodge a complaint with the Data Protection Ombudsman, if the data subject considers that the processing of Kela personal data relating to him or her infringes this Regulation.
Privacy statement for Kela’s Research Ethics Committee
1 Data controller
The Social Insurance Institution of Finland (Kela)
PL 450, 00056 Helsinki or Nordenskiöldinkatu 12, 00250 Helsinki
020 634 11 http://www.kela.fi/administration
2 Contact person for register-related matters
Secretary of the Research Ethics Committee
kela.tutkimuseettinen.tmk@kela.fi
Tel. 020 634 11 (exchange)
3 Name of register
Register of statement requests submitted to Kela’s Research Ethics Committee
4 Purpose and basis for the handling of personal data
The register is used to record and review requests for statement sent to Kela’s Research Ethics Committee for the purpose of carrying out an ethical review. The register is also used to store documents. The handling of personal data is based on the fulfilment of Kela’s statutory responsibilities(section 2 of the Act on the Social Insurance Institution.
5 Data content of the register
The register contains the following types of personal data:
- For the principal investigator: name, professional title, education, key professional responsibilities, organisation, address, email address and telephone number
- For other participating researchers: name, education, professional title, organisation and key professional responsibilities.
6 Regular sources of data
Personal data are obtained from the registered persons themselves.
7 Regular disclosure of data
No data are disclosed except to the members of Kela's Research Ethics Committee.
8 Transfer of data outside the EU or EEA
None.
9 Retention period for personal data
The statement requests are stored permanently.
10 Principles of register security
Kela exercises due care in all its operations and ensures a high level of data protection and data security.
All Kela staff members who handle personal data sign a confidentiality agreement. The register data may be used only by authorised persons who need them to perform their official duties.
11 Right of access to data
According to Article 15 of EU Regulation 2016/679, data subjects have the right to access personal data concerning them, i.e., to you can check the data concerning their person.
Those who wish to check their data must submit a request to Kela.
The request can be addressed to Kela's Registry. The contact information of the Registry can be found on Kela’s website at www.kela.fi/web/en/administration
The request can also be made by phone or by visiting a Kela service point, or by sending a message on Kela’s e-service at www.kela.fi/asiointi.
12 Right of correction
According to Article 16 of EU Regulation 2016/679, the data subject has the right to request the correction of inaccurate personal data.
The request for correction must be submitted to Kela.
The request must specify the following:
- the specific information which is incorrect
- the reason why it is incorrect
- how it should be amended.
The request can be addressed to Kela's Registry. The contact information of the Registry can be found on Kela’s website at www.kela.fi/web/en/administration
The request can also be made by phone or by visiting a Kela service point, or by sending a message on Kela’s e-service at www.kela.fi/asiointi.
13 Right of erasure
Under Article 17 of the General Data Protection Regulation, data subjects have the right to request the erasure of their personal data.
This right does not concern personal data that Kela needs to carry out its statutory du-ties.
The request to erase personal data must be made to Kela.
The request can be addressed to Kela's Registry. The contact information of the Registry can be found on Kela’s website at www.kela.fi/web/en/administration
The request can also be transmitted as a message via Kela's e-service (www.kela.fi/asiointi). Alternatively, the request can be made by phone or by visiting a Kela customer service point.
14 Right to file a complaint with a supervisory authority
According to Article 77 of EU Regulation 2016/679, the data subject has the right to lodge a complaint with the Data Protection Ombudsman, if the data subject considers that the processing of Kela personal data relating to him or her infringes this Regulation.
Privacy statement for the register of applications for research funding
Privacy statement for the register of applications for research funding
1 Data controller
The Social Insurance Institution of Finland (Kela)
PL 450, 00056 Helsinki or Nordenskiöldinkatu 12, 00250 Helsinki
020 634 11, http://www.kela.fi/web/en/administration
2 Contact person for register-related matters
Päivi Tillman
Tel. 020 634 11 (exchange)
3 Name of register
Register of applications for research funding under section 12 of the KKRL (Kela Rehabilitation) Act.
4 Purpose and basis for the handling of personal data
Processing of applications for research funding. The processing of the data is part of Kela’s statutory responsibilities.
5 Data content of the register
The register of research funding contains the following information:
- name of the person signing the research contract;
- name, professional title, educational background, organisation, address, email address and phone number of the principal investigator;
- names, professional titles and organisations of other researchers listed in the application
- CV and publication list for the principal investigator and any other members of the research team.
6 Regular sources of data
The personal data are obtained from the applicants themselves.
7 Regular disclosure of data
No personal data are disclosed.
8 Transfer of data outside the EU or EEA
None.
9 Retention period for personal data
Documents are retained either permanently or for a specific period of time according to the filing plan. The retention periods for personal data are also defined in the filing plan.
10 Principles of register security
Kela exercises due care in all its operations and ensures a high level of data protection and data security.
All Kela staff members who handle personal data sign a confidentiality agreement. The register data may be used only by authorised persons who need them to perform their official duties.
11 Right of access to data
According to Article 15 of EU Regulation 2016/679, data subjects have the right to access personal data concerning them, i.e., to check the data concerning their person.
Those who wish to check their data must submit a request to Kela.
The request can be addressed to Kela's Registry. The contact information of the Registry can be found on Kela’s website at www.kela.fi/web/en/administration
The request can also be made by phone or by visiting a Kela service point, or by sending a message on Kela’s e-service at www.kela.fi/omakela.
12 Right of correction
According to Article 16 of EU Regulation 2016/679, the data subject has the right to request the correction of inaccurate personal data.
The request for correction must be submitted to Kela.
The request must specify the following:
- the specific information which is incorrect
- the reason why it is incorrect
- how it should be amended.
The request can be addressed to Kela's Registry. The contact information of the Registry can be found on Kela’s website at www.kela.fi/web/en/administration
The request can also be made by phone or by visiting a Kela service point, or by sending a message on Kela’s e-service at www.kela.fi/omakela.
13 Right of erasure
Under Article 17 of the General Data Protection Regulation, data subjects have the right to request the erasure of their personal data.
This right does not extend to personal data that Kela needs to carry out its statutory duties.
The request to erase personal data must be made to Kela.
The request can be addressed to Kela's Registry. The contact information of the Registry can be found on Kela’s website at www.kela.fi/web/en/administration
The request can also be sent in a message via Kela's e-service (www.kela.fi/omakela). Alternatively, the request can be made by phone or by visiting a Kela customer service point.
14 Right to file a complaint with a supervisory authority
According to Article 77 of EU Regulation 2016/679, the data subject has the right to lodge a complaint with the Data Protection Ombudsman, if the data subject considers that the processing of Kela personal data relating to him or her infringes this Regulation.
Privacy statement for distribution addresses for Kela's research publications
Privacy statement for distribution addresses for Kela's research publications
1 Data controller
The Social Insurance Institution of Finland (Kela)
PL 450, 00056 KELA or Nordenskiöldinkatu 12, 00250 Helsinki
020 634 11, http://www.kela.fi/administration
2 Contact person for register-related matters
Tarja Hyvärinen
Tel. 020 634 11 (exchange)
3 Name of register
Distribution addresses for research publications
4 Purpose and basis for the handling of personal data
The register is used when sending Kela’s printed research publications to organisations or persons that have subscribed to a printed publication and reported their address for this purpose to the contact person who maintains a list of the distribution addresses for Kela’s research publications.
The publications are sent by the printing house Punamusta. Kela has an agreement with the printing house Punamusta on appropriate processing of the distribution addresses for research publications. Neither Punamusta nor Kela releases addresses for marketing purposes. The processing of the data is based on the consent of the registered persons.
5 Data content of the register
Name and postal address of the customer
6 Regular sources of data
The addresses in the register are obtained from the customers themselves.
7 Regular disclosure of data
None.
8 Transfer of data outside the EU or EEA
None.
9 Retention period for personal data
The personal data are stored as long as the publication subscription is valid. The data are erased when the customer cancels the subscription.
10 Principles of register security
Kela exercises due care in all its operations and ensures a high level of data protection and data security.
All Kela staff members who handle personal data sign a confidentiality agreement. The register data may be used only by authorised persons who need them to perform their official duties.
11 Right of access to data
Under Article 15 of the EU General Data Protection Regulation (EU 2016/679), data subjects have the right to access personal data concerning them. This means that persons included in the register have the right to check data concerning themselves.
Those who wish to check their data must submit a request to Kela.
The request can be addressed to Kela’s Registry at kirjaamo@kela.fi
The request can also be made by phone, by visiting a Kela customer service point, or by sending a message on the OmaKela e-service.
12 Right of correction
Under Article 16 of the General Data Protection Regulation, the data subject has the right to request the correction of inaccurate personal data.
The request for correction must be submitted to Kela.
The request must specify the following:
- the specific information which is incorrect
- the reason why it is incorrect
- how it should be amended.
The request can be addressed to Kela’s Registry at kirjaamo@kela.fi
The request can also be made by phone, by visiting a Kela customer service point, or by sending a message on the OmaKela e-service.
13 Right of erasure
Under Article 17 of the General Data Protection Regulation, data subjects have the right to request the erasure of their personal data.
This right does not extend to personal data that Kela needs to carry out its statutory duties.
The request to erase personal data must be made to Kela.
The request can be addressed to Kela’s Registry at kirjaamo@kela.fi
The request can also be made by phone, by visiting a Kela customer service point, or by sending a message on the OmaKela e-service.
14 Right to file a complaint with a supervisory authority
Under Article 77 of the General Data Protection Regulation, the data subject has the right to lodge a complaint with the Data Protection Ombudsman, if the data subject considers that the processing of Kela personal data relating to him or her infringes this Regulation.
Privacy statement for the system used to process orders for Kela’s research and statistical publications
Privacy statement for the system used to process orders for Kela’s research and statistical publications
1 Data controller
The Social Insurance Institution of Finland (Kela)
PO Box 450, 00056 Kela
020 634 11 http://www.kela.fi/administration
2 Contact person for register-related matters
Research and Statistical Publications, julkaisut@kela.fi
Tel. 020 634 11 (exchange)
3 Name of register
Subscriber register for Kela’s research and statistical publications
4 Purpose and basis for the handling of personal data
The register is used to send print research and statistical publications to individuals and entities who have either an email subscription or are subscribed through the University of Helsinki Helda digital archive. The address data are also used for invoicing. No address data are released to outside parties or used for marketing purposes.
5 Data content of the register
Customer's name, postal address and email address
6 Regular sources of data
The addresses in the register are obtained from the customers themselves.
7 Regular disclosure of data
None.
8 Transfer of data outside the EU or EEA
None.
9 Retention period for personal data
The data are deleted once the subscription has been delivered or has ended.
10 Principles of register security
Kela exercises due care in all its operations and ensures a high level of data protection and data security.
All Kela staff members who handle personal data sign a confidentiality agreement. The register data may be used only by authorised persons who need them to perform their official duties.
11 Right of access to data
Under Article 15 of the EU General Data Protection Regulation (EU 2016/679), data subjects have the right to access personal data concerning them. This means that persons included in the register have the right to check data concerning themselves.
Those who wish to check their data must submit a request to Kela.
The request can be addressed to Kela's Registry at kirjaamo@kela.fi.
It can also be made by phone, by visiting a Kela customer service point, or by sending a message on the OmaKela e-service.
12 Right of correction
According to Article 16 of EU Regulation 2016679, the data subject has the right to request the correction of inaccurate personal data.
The request for correction must be submitted to Kela.
The request must specify the following:
- the specific information which is incorrect
- the reason why it is incorrect
- how it should be amended.
The request can be addressed to Kela's Registry at kirjaamo@kela.fi.
It can also be made by phone, by visiting a Kela customer service point, or by sending a message on the OmaKela e-service.
13 Right of erasure
Under Article 17 of the General Data Protection Regulation, data subjects have the right to request the erasure of their personal data.
This right does not extend to personal data that Kela needs to carry out its statutory duties.
The request to erase personal data must be made to Kela.
The request can be addressed to Kela's Registry at kirjaamo@kela.fi.
It can also be made by phone, by visiting a Kela customer service point, or by sending a message on the OmaKela e-service.
14 Right to file a complaint with a supervisory authority
According to Article 77 of EU Regulation 2016/679, the data subject has the right to lodge a complaint with the Data Protection Ombudsman, if the data subject considers that the processing of Kela personal data relating to him or her infringes this Regulation.
Register for the system used to process orders for Kela forms
Register for the system used to process orders for Kela forms
1 Data controller
The Social Insurance Institution of Finland (Kela)
PL 450, 00056 KELA or Nordenskiöldinkatu 12, 00250 Helsinki
020 634 11 http://www.kela.fi/administration
2 Contact person for register-related matters
Riitta Keskitalo
Tel. 020 634 11 (exchange)
3 Name of register
Register for the system used to process orders for Kela forms
4 Purpose and basis for the handling of personal data
The register contains contact information for Kela’s partner organisation, which are needed to process orders for Kela forms. Based on the partner organisation’s request, Kela orders forms from the contract supplier’s online store. If relevant to a specific form, Kela will also check the doctor’s license to practise. Orders are also processed in Kela's purchase invoice system.
The processing of the data is part of Kela’s statutory responsibilities. Kela's partner organisations have the right to receive paper forms from Kela at no cost.
5 Data content of the register
The register contains the following identifying details:
- name of company or person submitting the order
- address
- phone number (for deliveries)
Additional information included in the register:
- form ID or name
- number of copies
6 Regular sources of data
Data are obtained from the data subject when a request for forms is submitted.
7 Regular disclosure of data
None.
8 Transfer of data outside the EU or EEA
None.
9 Retention period for personal data
The forms supplier retains the data for the entire term of the contract, at the end of which they are deleted. The Hansel framework agreement is valid for four years (2018-2022). After it has expired, separate client-specific agreements may be in effect for an additional period of up to twelve months.
The data are stored by Kela for a period of six years starting from the end of the current year. After that, they are deleted.
10 Principles of register security
Kela exercises due care in all its operations and ensures a high level of data protection and data security.
All Kela staff members who handle personal data sign a confidentiality agreement. The register data may be used only by authorised persons who need them to perform their official duties.
11 Right of access to data
Under Article 15 of the EU General Data Protection Regulation (EU 2016/679), data subjects have the right to access personal data concerning them. This means that persons included in the register have the right to check data concerning themselves.
Those who wish to check their data must submit a request to Kela.
The request can be addressed to Kela's Registry. The contact information of the Registry can be found on Kela’s website at www.kela.fi/web/en/administration.
Alternatively, the request can be made by phone or by visiting a Kela customer service point. It can also be transmitted in a message via Kela's OmaKela e-service at www.kela.fi/omakela (in Finnish) or www.fpa.fi/mittfpa (in Swedish).
12 Right of correction
According to Article 16 of EU Regulation 2016679, the data subject has the right to request the correction of inaccurate personal data.
The request for correction must be submitted to Kela.
The request must specify the following:
- the specific information which is incorrect
- the reason why it is incorrect
- how it should be amended.
The request can be addressed to Kela's Registry. The contact information of the Registry can be found on Kela’s website at www.kela.fi/web/en/administration.
Alternatively, the request can be made by phone or by visiting a Kela customer service point. It can also be transmitted in a message via Kela's OmaKela e-service at www.kela.fi/omakela (in Finnish) or www.fpa.fi/mittfpa (in Swedish).
13 Right of erasure
Under Article 17 of the General Data Protection Regulation, data subjects have the right to request the erasure of their personal data.
This right does not extend to personal data that Kela needs to carry out its statutory duties.
The request to erase personal data must be made to Kela.
The request can be addressed to Kela's Registry. The contact information of the Registry can be found on Kela’s website at www.kela.fi/web/en/administration.
Alternatively, the request can be made by phone or by visiting a Kela customer service point.
The request can also be transmitted in a message via the OmaKela e-service at www.kela.fi/omakela (in Finnish) or www.fpa.fi/mittfpa (in Swedish).
14 Right to file a complaint with a supervisory authority
According to Article 77 of EU Regulation 2016/679, the data subject has the right to lodge a complaint with the Data Protection Ombudsman, if the data subject considers that the processing of Kela personal data relating to him or her infringes this Regulation.