Data privacy in the Employment Services Manual Online Service
Processing of Personal Data
User Management and General Processing of Personal Data in the Employment Services Manual
- A personal user account is created for each user of the Employment Services Manual, with the user's email address serving as the username. The password is set by the user during the initial login.
- A new user is added to the Employment Services Manual by the service administration or the organization's primary user. When a new user is invited to the system, their home organization and user role (primary user, editor, expert) are assigned.
- Administrators and primary users can add and remove users, as well as manage users' organizational information and access rights. Each organization defines its internal process for adding new users.
- The user role determines a person's access rights within the system, i.e., what information and functions they can see or perform in the service. The administration can change user roles without consultation if errors are detected.
- User accounts are automatically deactivated after 6 months of inactivity, and the account information is deleted 30 days after deactivation.
- Users have been informed about the processing of personal data and the grounds for processing.
- User data is not disclosed outside the system (no data transfers). Events are logged.
Processed Personal Data
The system processes users' names and email addresses for user management and system communication purposes.
Processed data includes: first and last name, email address, and home organization.
System users include: administrative users, employment services experts, and content creators from municipalities and service provider organizations.
Note: The system does not process customer information or other classified personal data comparable to classified.
Data Retention Periods and Location
- Expert users have access to the system for the duration of their employment. Content providers manage their own user information.
- A user account is automatically deactivated after 6 months of inactivity unless the user activates it upon request. User data is erased 30 days after account deactivation. The retention period of user data is based on the processing of active users' information in the system.
- Administration can restore a user account within 30 days of deactivation if the deactivation was erroneous. After this period, a new account must be created for the user.
- Data is managed through the administrative views of the Service Manual interface. The server is hosted on the City of Helsinki's Azure/OpenShift (Platta) service platform, supported by HiQ (formerly Ambientia) as a SaaS cloud service (until February 1, 2024, by IBM & Kyndryl).
- Platta is a digital service platform implemented in the Microsoft Azure cloud environment located in a data center in Europe. Data from Platta is not transferred outside the EU/EEA region.
Note: Regarding the location of personal data, a decision by the Chief of Staff on October 12, 2022 (HEL 2022-012014 T 00 01 01) allows the transfer of public personal data, as defined by the Publicity Act, outside the EU/EEA region and to countries approved by the European Commission if the transfer agreement includes the standard clauses approved by the European Commission.
Protection of Personal Data
- Personal data is protected in the system through various levels of user and access management, user training, and the collection of user logs.
- Access to the solution is granted with personal system-specific credentials (username and password).
- The solution is not considered critical for information security, and the processed personal data is not classified as confidential.
Rights of the Data Subject and Data Requests
Based on the General Data Protection Regulation, the data subject has various rights related to personal data. The legal basis for data processing determines these rights.
Learn about the rights of the data subject or make a data request: TBA
Cookies
Learn about the service's cookies: https://uusi.palvelumanuaali.fi/en/cookies
Privacy Policy
The personal data register of the Employment Services Manual online service is created from the user information of individuals using the service as logged-in users. The purpose of processing personal data in the register is to manage users and implement electronic communication related to the use of the municipal employment services information repository (Service Manual online service). Data subjects include employment services staff and users in the content creator role from various municipalities and service provider organizations.
See privacy policy and registry description: https://tyollisyys.palvelumanuaali.fi/en/data-privacy/privacy-policy
Read about the rights of the data subject and data requests: https://tyollisyys.palvelumanuaali.fi/en/rights-of-data-subject-and-data-requests