Privacy policy: Case Register
Privacy policy
General Data Protection Regulation of the European Union (2016/679)
Case Register
1. Data Controller
The County Board of the Western Uusimaa Wellbeing Services County
2. Person Responsible for the Register
Job title
Director of information management
3. Contact Person for the Register
Job title
Senior specialist of information management
Contact information
Registry Office, Western Uusimaa Wellbeing Services County
P.O. Box 33, 02033 Western Uusimaa Wellbeing Services County
Email: kirjaamo@luvn.fi
4. Purposes of processing personal data and legal grounds for processing
Purposes of processing
The Western Uusimaa Wellbeing Services County, acting as a data management unit, maintains a case register for matters it has and is processing. This register logs information about the case, its processing, and relevant documents. This ensures that information or public records stored in the register can be produced for the purpose of specifying data access requests.
The registry processes the official correspondence of the Western Uusimaa Wellbeing Services County, as well as matters to be decided by the County Council, County Board, committees and management boards, their sub-committees, and office holders.
Legal grounds for processing
Article 6(1)(c) of the General Data Protection Regulation of the European Union: processing is necessary for compliance with a legal obligation to which the controller is subject.
Article 6(1)(e) of the General Data Protection Regulation of the European Union: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Key legislation
- General Data Protection Regulation of the European Union (679/2016)
- Data Protection Act (1050/2018)
- Information Management Act (906/2019)
- Act on the Openness of Government Activities (621/1999)
5. Contents of the Register
Identification and contact details of natural persons and organisations and information necessary for the processing of the case.
6. Disclosure of personal data in accordance with legislation
Meeting minutes are made available in a public network. Only personal data necessary for the provision of information is published in the minutes. The personal data contained in the minutes is removed from the network upon expiration of the legal claim or appeal period. For confidential publications, information regarding their confidentiality and the basis for this confidentiality is provided.
As a rule, data is not transferred from the register to countries outside the EU or the EEA. However, personal data may be transferred to countries outside the EU/EEA area where the European Commission has determined that the level of data protection is adequate. In addition, personal data may be transferred to countries outside the EU/EEA when the protection measures required by the General Data Protection Regulation have been implemented, for example, by incorporating standard data protection clauses into contracts and by employing additional measures recommended by the European Data Protection Board as necessary.
7. Data storage periods
The information contained in the registry is stored according to the data management plan, either permanently or for a set period.
Minutes of decisions made by bodies and any personal data included in them are stored permanently. The storage periods for personal data in office-holder decisions and correspondence related to decision-making vary from one year to indefinite storage.
8. Sources of personal data
The information in the register is obtained from the involved parties, the case initiator, statement provider, case handler, and contracting partners.