Data protection at the Finnish Transport Infrastructure Agency
Most of the services provided by the Finnish Transport Infrastructure Agency (FTIA) to citizens are so-called anonymous services that do not collect personal information. Such a service is, for example, the state’s road network. However, the processing of personal data cannot be completely avoided when information necessary for the management and maintenance of the network is collected, for example in the form of photographs. The FTIA also processes personal data in its projects and in its internal operations, such as personnel administration and as part of document management.
There must always be a legal basis for the processing of personal data.
Processing of personal data in the Finnish Transport Infrastructure Agency
What kind of personal data is processed by the Finnish Transport Infrastructure Agency and why?
When collecting information, the FTIA will explain why the information is needed and how it is used. The FTIA only collects personal data necessary for its operations, the purpose of which has been specified in advance.
Typical personal data collected by the FTIA include the person's name and contact details, such as address and e-mail address.
What is the basis for processing personal data?
There must always be a legal basis for the processing of personal data. The FTIA’s criteria for processing personal data are as follows:
- Contract: The FTIA is a procurement organisation whose operations are strongly based on agreements with, for example, service providers.
- Consent given by the data subject: For example, we ask the data subject's consent to receive our customer communications.
- Legal obligation: The FTIA is an authority whose activities are governed by legislation.
- Exercise of public authority.
For how long will personal data be stored?
Personal data will be retained as long as the grounds for processing it exists. Processing is often based on legislation that regulates the authority's information management, such as the retention period of documents.
If a user visiting our sites does not want us to receive the above information through cookies, most browser programs allow you to disable cookies. For example, this is done through the "Internet Options" menu in the "Tools" menu of Internet Explorer under "Security". However, it is important for any user to be aware that cookies may be necessary for the proper functioning of some of the pages we maintain and the services we provide.
Does the Finnish Transport Infrastructure Agency disclose or transfer personal data to third parties?
As a rule, the FTIA does not disclose information to third parties. In certain situations, information is disclosed to other authorities. In this case, the disclosure is based on the law.
The FTIA transfers personal data to its contracting partners acting as data processors.
Further information on the disclosure and transfer of data is available in the privacy statements of the Finnish Transport Infrastructure Agency.
How does the Finnish Transport Infrastructure Agency protect personal data?
In general, personal data registers are stored in electronic format in information systems. Access to register data that has been stored electronically requires a personal user ID and password or another authentication. The right to process personal data shall be granted to employees of the FTIA or system vendor who have a work-related need to process personal data. Personnel processing personal data have been trained in the use of personal data files and in the processing of personal data.
The protection of the technical equipment has been implemented in accordance with the FTIA’s security guidelines. Communication is encrypted between the registry user and the server.
Manually processed documents containing data from data subjects are stored in locked premises, preventing access by unauthorised persons. Documents for manual processing are printed only when necessary. Paper printouts will be destroyed after use.
Can the Finnish Transport Infrastructure Agency change its data protection principles?
The FTIA is continuously developing its services. As the services develop, the need for and processing of personal data may change. Changes in the processing of personal data may also occur if the law changes. If necessary, the FTIA will communicate the changes on its website to targeted registered users.
Data protection officer of the Finnish Transport Infrastructure Agency
Data Protection Officer
Finnish Transport Infrastructure Agency
Tel: + 358 50 378 1510