Privacy notice

Privacy notice for data subjects

Shelters for victims of domestic violence operates under the Act on reimbursement out of State funds for providers of shelters for victims of domestic violence (2014/1354). A shelter service is a social welfare service provided by private and public organisations (hereinafter Service Providers) selected by the Finnish Institute for Health and Welfare (THL).

General management and direction of shelter service operations is the responsibility of the Ministry of Social Affairs and Health. THL is responsible for the steering, assessment, development and national co-ordination of the shelters for victims of domestic violence. Shelter services are supervised by the National Supervisory Authority for Welfare and Health and the Regional Administrative Offices in their respective operating area. For the supervision of shelter services, chapter 6 of the Act on Organising Healthcare and Social Welfare Services (612/2021) applies to the shelter service produced by the wellbeing services counties, and 46 § and 48 § in the case of shelter service produced by other public service providers.  The Act on Private Social Services (8.7.2022/551) applies to the shelter service produced by the private social service providers.

THL processes personal data in order to perform its statutory duties. When processing personal data, THL and the service providers comply with the valid data protection legislation and ensure an appropriate level of information security. This privacy notice describes how your personal data is processed in the provision and arrangement of shelter services.

1. Name of personal data file

Client register of shelters for victims of domestic violence

2. Contact person in matters concerning the register

Shelters for victims of domestic violence are provided by Service Providers selected by THL. A Service Provider acts as a controller referred to in the legislation on personal data processing and data protection, who processes THL’s personal data on behalf of THL. The Service Providers are responsible for disclosure of data and correction of incorrectly recorded data.

The privacy notice is available for the clients in the shelters. 

All Service Providers and their contact data are available on the THL website at Shelters for victims of domestic violence (Nollalinja)

3. Data Controller

THL acts as the controller referred to in the legislation on personal data processing and data protection.

Our contact information:

Finnish Institute for Health and Welfare, THL
P.O. Box 30
FI-00271 Helsinki,
Finland
tel. 020 610 6000

The contact person for issues related to personal data processing is:

Suvi Nipuli
Development Manager
E-mail: [email protected]
Tel: +358 29 524 7205
Address: P.O. Box 30, 00271 HKI, Finland

The data protection officer at THL is Jarkko Reittu. He can be contacted by e-mail at tietosuoja(a)thl.fi or by phone at +358 29 524 7474.

4. Purpose of personal data processing

The purpose of personal data processing is the provision of shelter service referred to in the Act on reimbursement out of state funds for providers of shelters for victims of domestic violence(2014/1354). The personal data processed is confidential data on the clients of social welfare.

The client data is used for planning and implementing work with clients. In addition the data stored in the client data system are used for statistical purposes, research, evaluations, monitoring, management and development and for responding any requests for a statement. 

5. Legal basis for the processing of personal data

The processing of personal data is always based on valid legislation. THL’s tasks are laid down in the Act on the National Institute for Health and Welfare (31 October 2008/668) and in the Act on reimbursement out of State funds for providers of shelters for victims of domestic violence (2014/1354).

The legal basis of processing personal data for the purposes covered by this notice is: Compliance with a legal obligation (General Data Protection Regulation, Article 6(1)(e)).

The justification for the processing of personal data is the implementation of a shelter service, a client relationship associated with client work and the legislation guiding the operations.

6. What personal data are processed?

Data and data types collected and stored of a data subject.

  • The client's basic data and background information: name/alias, gender, personal identity code, date of birth, mother tongue, municipality of residence, education, marital status, guardianship information, inclusion in labour force, contact details, non-disclosure of contact details for personal safety, telephone number, information about the client's legal representative or other contact person, family relationships and living arrangements, the party who directed the client into the shelter and previous visits to the shelter.
  • Information about the client relationship: service language, use of an interpreter, memos and negotiations associated with the client relationship, contacts with the client, co-operating parties, additional information about health and security, duration of the client relationship and justification for the termination of the client relationship.
  • Information about the client associated with the implementation of the service: the client's situation and needs for support and their justifications, information about violence, reports made to the authorities on the client’s situation, need for service, implementation plan of the service, including its assessment and monitoring, content of the work with the client, a description of the means and services.
  • Documents requested by the authorities: statements and summaries and associated requests.
  • Requests to inspect the register.

The data in the register are maintained in an electronic client information system until their transfer to the Client Data Archive for Social Welfare Services (Kanta services). The stored data is secured so that it can be accessed only by an employee authorised to do so. Accessing the system requires a personal user ID and password. Access and use of the system is logged. Matters related to information security have been agreed in the Terms and conditions of the processing of personal data between THL and the Service Provider and a security appendix. 

7. Regular sources of data

The data stored in the register accumulates in the service provider's daily work with the clients. The personal data is obtained from the clients themselves and via VTJkysely from the Population Information System of the Digital and Population Data Services Agency. On the consent of the client, the data can be supplemented with data obtained from other parties. If the client is a child, information is received both from the child and his or her custodian or parent.

8. Transfer or disclosure of personal data 

The terms and conditions of personal data processing contain provisions on the security arrangements to be followed and the processing of personal data between THL and the Service Provider.
The data in the client register is confidential. The data in the client register is processed by the data controller only in tasks related to the provision and arrangement of the shelter service and only to the extent permitted by law. The data will not be disclosed, unless the party requesting the data is legally entitled to obtain it. Data can also be disclosed on the client’s consent.

9. Transfer and disclosure of personal data to non-EU/EEA countries

Personal data are not regularly transferred to non-EU/EEA countries. However, data can be disclosed to the data subjects themselves outside the EU/EEA.

10. Profiling and automated decision-making

No profiling or automated decision-making is performed.

11. Storage of personal data

The data will be stored in the service provider's client information system until the shelters have migrate the data to the Client data archive for social welfare services (Kanta) stepwise by 2023, or until the agreement on service provision made with THL has expired. 

The data will be stored in the service provider's client information system until the shelter has transferred the data to the Client Data Archive for Social Welfare services (Kanta archive) or until the agreement on service provision made with THL has expired. The provider of shelter services will deliver the social welfare clients’ data to THL no later than at the expiration of the agreement insofar as the social welfare data has not been successfully migrated to the Kanta archive.

12. Right to access the data

The client and the custodian of a child marked as a client have the right to know what data about them or the child have been stored in the Client register of shelters for victims of domestic violence. The person can submit a data access request personally or in writing.

The data access request is submitted to the Service Provider. The requested data is given without undue delay, and in writing if requested. A person has the right to receive a copy of their personal data, provided that giving this copy will not have adverse effects on the rights and freedoms of others and that the Service Providers do not have legal grounds for refusing to disclose the data. If the right of access is rejected, the client is given a written certificate of rejection, stating the reasons for rejection and the right to lodge an appeal. The client may refer the matter to the Data Protection Ombudsman. Exercising the right of access is, as a rule, free of charge. 

13. Right of rectification and erasure of data

If a piece of data in the register is found to be incorrect, unnecessary, incomplete or obsolete, the Service Provider will rectify the data on their own initiative without delay or by a written request of the client. As a rule, the changes will be performed in a way that leaves in the register information about the correction, the person performing the correction and the date of correction, and enables the original entry to be viewed at any time if necessary.

If the client's demand for data rectification is rejected, the client has the right to obtain a written certificate that states the reasons for rejecting the right and the right to lodge an appeal. The client may refer the matter to the Data Protection Ombudsman. 

14. Right to restrict the processing of personal data

In certain cases laid down in law, a client can have the right to restrict the processing of their personal data. The right to restrict processing might be invoked, for example, if the personal data is reported to be incorrect, it is processed against the law or the client has objected to the processing of personal data (in cases in which the processing of personal data is based on consent). In this case, personal data may only be processed on the client's consent for the exercise or defence of legal claims, or when it is in general interest or essential to protect another person’s rights.

15. Right to oppose the processing of personal data

As a rule, the processing of personal data is always based on law, which means that the client usually has no right to object to the processing of personal data. According to the legislation, the right to object can be exercised, for example, if the data was used for the purposes of direct marketing. THL and the Service Providers do not use the data for such purposes.

16. Informing the register subject and contacts

The Service Providers are responsible for the processing of their clients’ data, the correctness of the data and informing the clients. The privacy notice is available for the clients in the premises of the unit and in the internet.

Contacts and requests concerning the privacy notice must be made in writing to the appointed contact persons. The data subject must be prepared to prove their identity with a photo ID card.

17. Right to lodge a complaint with the supervisory authority

The client has the right to lodge a complaint with the supervisory authority if the client is of the opinion that their personal data has not been processed in accordance with the applicable data protection legislation.

Contact:
Office of the Data Protection Ombudsman
Visiting address: Lintulahdenkuja 4, 00530 Helsinki, Finland
Mailing address: P.O. Box 800, 00531 Helsinki, Finland
Telephone exchange: +358 29 566 6700
Registry: +358 29 566 6768
e-mail: tietosuoja(at)om.fi

18. Changes to the privacy notice

The privacy notice will be changed as necessary, for example when changes take place in the legislation.