Access Control Personal Data Register
Privacy policy
General Data Protection Regulation of the European Union (2016/679)
24 May 2024
Access Control Personal Data Register
1. Data controller
The County Board of the Western Uusimaa Wellbeing Services County
2. Person responsible for the register
Director of Corporate Group Services
3. Contact person of the register
Chief Security Officer of Support Services
Western Uusimaa Wellbeing Services County
P.O. Box 33
02033 Western Uusimaa Wellbeing Services County
Switchboard: 029 151 2000
4. Purposes of processing personal data and the legal grounds for processing
Purposes of processing
The purpose of collecting personal data for access control is to ensure the legal protection and safety of both visitors and individuals employed by the Western Uusimaa Wellbeing Services County. It also aims to protect the property of the employer and employees, prevent crimes, and facilitate their investigation. Registry data is used to track and identify the movements of individuals within our premises.
A unique access report related to a registered individual can be provided upon request and as needed to supervisors, but only for their direct subordinates. The request for a supervisor’s access control report must be based on the employer’s right to direct and supervise work. The provision of reports is not a regular practice, but must be based on a specific need.
Legal grounds for processing
Article 6(1)(c) of the General Data Protection Regulation of the European Union: processing is necessary for compliance with a legal obligation to which the controller is subject.
Key legislation
- General Data Protection Regulation of the European Union (679/2016)
- Data Protection Act (1050/2018)
- Act on the Protection of Privacy in Working Life (759/2004)).
5. Data contents of the register
The access control system records the following personal data: name, personal number, phone number, access data, and access control areas.
6. Regular disclosure of personal data
Personal data from the access control registry is not generally disclosed to anyone. A unique access report related to a registered individual can be provided upon request to supervisors at the Western Uusimaa Wellbeing Services County and only for their direct subordinates. A supervisor’s request for an access control report must be based on the employer’s right to direct and supervise work. The provision of reports is not a regular practice and must be based on a specific need.
Personal data can processed by the security services within the Western Uusimaa Wellbeing Services County’s support services and by an outsourced service provider, but only by individuals whose job duties include this task.
The main users of access control are the security services within the Western Uusimaa Wellbeing Services County’s support services. Personal data can be disclosed only with the permission of the security manager of the Western Uusimaa support services. The service provider cannot grant permission for the disclosure of personal data.
Data is disclosed to the police or other competent authorities in cases specifically provided for by law, for example, to investigate crimes. The disclosure is always based on a specific request made by the authorities.
7. Data retention periods
The retention period for personal data is six months.
8. Sources of personal data
The sources of data for the registry are the access identifiers and access control readers of the access control system. The controller has placed access control readers in locations deemed necessary.