Data protection

Privacy statement, treasuryfinland.fi

Drafted on 13 April 2018, updated on 16 April 2019

1. Controller

Name: State Treasury
Address: Sörnäisten rantatie 13, PO Box 14, FI-00054 State Treasury
Other contact details: tel. +358 (0)295 50 2000, kirjaamo@statetreasury.fi

2. Contact person in matters related to the register

Name: Suvi Asikainen, Finance Division
Address: Sörnäisten rantatie 13, PO Box 14, FI-00054 State Treasury
Other contact details: +358 (0)295 50 2302, suvi.asikainen@statetreasury.fi

3. Data protection officer

Eija Louhelainen, tietosuojavastaava@statetreasury.fi

4. Legal basis and purpose for processing of personal data

1. Responding to customer feedback (feedback form): The contact details provided by the customer are used only for responding to feedback. The giving of contact details is voluntary. The customer gives their consent by writing their contact details on the feedback form.

2. Delivering subscriptions for published materials (the State Treasury’s various publications, press releases and newsletters, and order forms): The contact details provided by the customer are used only for delivering the subscription. The State Treasury maintains a separate customer register in Emaileri for the purpose of distributing publications (not linked to the website). The customer gives their consent by writing their contact details on the subscription form.

3. Visitor monitoring: To support website development, we use cookies to collect statistical data about the use of the website. However, the user cannot be identified based on the data collected. We use Google Analytics visitor monitoring.

4. Call recordings: Some of the incoming and outgoing calls at the State Treasury’s Finance division are recorded. State Treasury follows general financial sector practices in the recording of telephone calls and listening to recordings. Recordings allow telephone conversations to be verified and the terms and conditions of transactions and contracts to be ascertained after the fact in the event that any disputes arise between the parties.

The recoding of telephone calls is based on Article 6(1)(b;c;e) of the EU’s General Data Protection Regulation. The recording is necessary in order to be able to fulfil agreements or carry out statutory duties and tasks related to the public interest.

5. Information content of the register

1. Feedback: data provided by feedback giver (not compulsory), generally email address and name, possibly telephone number. The State Treasury responds to the feedback using the data.

2. Subscriptions / subscription cancellations for published materials (* = required information):
Publications: first name*, last name*, email address*, organisation, street address, postal code and city, country, and the publications subscribed*.

3. Visitor monitoring (Google Analytics): User IP address without the identifying final section (= anonymised IP), in which case Google Analytics only uses part of the IP address collected instead of the entire address. The user is able to select the ‘do not track’ setting on their browser, in which case Google Analytics does not even collect the above data. Using the IP address, data is collected for the purpose of visitor monitoring on the actions carried out by the user on the website. This data includes e.g. navigation within the site, clicking on links, length of visit and information about where the visitor connected to the service from and where they transferred to afterwards. Further information about the anonymisation of an IP address is available at https://support.google.com/analytics/answer/2905384/

4. Call recordings: Calls made to and from numbers to be recorded are recorded in their entirety. In addition, the following identifying information is stored: 1) the start and end times of the call; 2) the number of the caller; 3) the number called; 4) name and telephone number of the officer.

6. Ordinary information sources

Steps 1, 2 and 4: The data is collected from the customer themselves

Step 3: The data is collected using cookies.

7. Regular disclosures of data

Steps 1–4: The data is not disclosed to others.

8. Regular disclosures of personal data or transfer of data to outside the EU or the EEA

The data is not disclosed to others.

9. Principles of register protection

Steps 1–3: The register does not contain confidential material.

Only individuals authorised by the controller have access to the data processed within the information system. Access rights are kept up-to-date by regular inspection, and unnecessary access rights are removed. The information network and terminals containing the filing system are protected using technical measures.

Step 4: The register contains confidential materials.

Only individuals authorised by the controller, who are under obligation of secrecy, have access to the data processed within the information system. Access rights are kept up-to-date by regular inspection, and unnecessary access rights are removed. The information network and terminals containing the register are protected using technical measures.

10. Data storage period / criteria for determining storage period

Step 1 (feedback): The data is stored only for the period required for processing the customer’s affairs. It is not saved into the filing system.

Step 2 (subscriptions): The data is saved into the State Treasury’s customer register for publication subscriptions in Emaileri, and it is stored there until the customer cancels their subscription.

Step 3 (visitor monitoring): The data is saved into the Google Analytics visitor monitoring service, in which the data is stored for 26 months. At the end of the data storage period, expired data is automatically removed monthly.

Step 4 (call recordings): Call recordings are stored for no longer than 2 months, after which period they are removed automatically.

11. Information about automatic decision-making (e.g. profiling) and information about the logic of data processing and its impacts on the data subject

No automatic decisions or profiling are carried out using the data.

12. Right of access

The data subject has the right to access his or her data in the register. Requests should be sent to the registry office.

13. Rectification of data

The data subject has the right to access his or her data in the register. Requests should be sent to the registry office.

14. The right to object to processing of personal data

Steps 1–3: The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of their personal data, such as profiling.

Step 4 (call recordings): Calls are recorded in order to carry out statutory duties and tasks related to the public interest. The data subject does not have the right to object to the processing of their personal data.

15. Right to restriction of processing

The data subject has the right to restrict the processing of his or her personal data as specified in Article 18 of the GDPR.

16. Right to erasure

Steps 1–3: The data subject has the right to request that the controller erase their personal data from the person register.

Step 4 (call recordings): Calls are recorded in order to carry out statutory duties and tasks related to the public interest. The data subject does not have the right to have their personal data removed.

17. Right to lodge a complaint

The data subject has the right to lodge a complaint with a supervisory authority if the data subject believes that his or her rights have been infringed by the actions of the controller.

18. Other rights

Personal data is neither used nor disclosed for the purpose of direct advertising, distance marketing or other directing marketing, market and opinion research, registers of individuals, or genealogies.

19. Use of cookies

We use cookies on our webpages. The only purpose of the cookies is to technically facilitate the use of the service. A cookie is a small text file which is sent to the user’s computer and stored there, and which enables the website administrator to recognise regular visitors to the website and to facilitate their use of the webpages.

Cookies do not cause damage to a user’s computer or files. If a user visiting our webpages does not want us to obtain the information mentioned above through the use of cookies, most web browsers have functions for disabling cookies. On Internet Explorer, for example, this can be done by selecting “Tools”, then “Internet Options”, and then “Privacy”.

It is nevertheless good to take note that the cookies may be needed for the correct functioning of some of the services we offer and some of the websites available.

For more information on cookies in Google Analytics, see https://support.google.com/analytics/answer/6004245?hl=fi



Published 2019-04-16 at  10:29 , updated 2019-04-16 at  10:28 Suomeksi   På svenska   In English

Top of the page

Give feedback

Feedback on


Contact details