Sorry, you need to enable JavaScript to visit this website.
Skip to main content

Data privacy in the Service Manual web service

Processing of personal data

General information on user administration and personal data processing in the Service Manual

  • A personal user account is created for each Service Manual user, with the user’s email address being their user ID. The user sets up their password during the initial login. ​
  • The service administrators and the organisation’s primary user can add new users to the Service Manual. When a new user is invited to the system, their home organisation and user role (primary user, editor, expert) are specified for them. ​
  • The administrators and primary users can add and delete users and manage users’ organisation information and access rights. Each organisation defines their own internal process for adding new users.​
  • The user role determines the individual’s access rights to the system, meaning what information and features they can see and use in the service. Administrators may change user roles without consultation if errors are detected. ​
  • User accounts are automatically deactivated after six months of inactivity, and the account information is erased 30 days after the account’s deactivation.
  • Users have been informed about the processing of personal data and the basis for processing. 
  • User data is not disclosed outside the system (no data transfers). Events are logged. ​

     

Personal data processed​

The system processes users' names and contact information for user administration and system communication purposes. ​

The personal data processed includes: first and last name, email address, and home organisation.

The system users include: administrative users, employment services experts, and content creators from municipalities and service provider organisations. ​

Please note! The system does not process customer information or other comparable personal data classified as confidential.​

Data retention periods and storage location

  • Expert users have the right to access the system during their employment. Content creators manage their own user information.
  • A user account is automatically deactivated after six months of inactivity unless the user activates the account upon request. User data is erased 30 days after account deactivation. The retention period of user data is based on the processing of active users' data in the system.
  • Administrators can restore a user account within 30 days of deactivation if the deactivation was in error. After this period, a new account must be created for the user.​
  • Data is managed through the administrative views of the Service Manual interface. The server is hosted on the City of Helsinki's Azure/OpenShift (Platta) service platform, which is a SaaS cloud service supported by HiQ (formerly Ambientia) (by IBM & Kyndryl until 1 February 2024).
    • Platta is a digital service platform implemented in a Microsoft Azure cloud environment located in a data centre in Europe. No data from Platta is transferred outside the EU/EEA region.
  • Please note! Regarding the location of personal data, a decision by the City Manager on 12 October 2022 (HEL 2022-012014 T 00 01 01) allows the transfer of public personal data, as defined by the Act on the Openness of Government Activities, outside the EU/EEA region and to countries approved by the European Commission if the transfer agreement includes the standard contractual clauses approved by the European Commission. ​

 

Protection of personal data

  • Personal data is protected in the system through different levels of user and access management, user training, and the collection of user logs. ​
  • Users log in to the solution with their personal system-specific credentials (username and password). ​
  • The solution is not considered critical for information security, and the personal data processed is not classified as confidential.

 

Rights of the data subject and data subject access requests

Data subjects have various rights related to their personal data under the EU General Data Protection Regulation (GDPR). The legal basis for personal data processing determines these rights. 

Read more about the rights of the data subject or make a data subject access request: Rights of the data subject and data subject access requests | Employment services’ Service Manual

Cookies

Read more about service cookies: Cookies | Employment services’ Service Manual 

Register description

The personal register of the Service Manual web service is formed by the user information of individuals using the service as logged-in users. The purpose of processing personal data in the personal register is to manage user accounts for the joint municipal information resource of employment services (Service Manual web service) and to implement electronic communications related to the use of the system. The data subjects include employment services personnel as well as users from different municipalities and service provider organisations who act as content creators.