Shared systems
Joint controllership
In accordance with data protection legislation, joint controllers mean two controllers who determine the purposes and means of processing data. Joint controllers agree on a system and a transparent manner on the basis of which each takes responsibility for the supervision of compliance with the data protection obligations in their assigned areas.
The Ministry of Economic Affairs and Employment is the joint controller with the following systems or actors.
Government’s shared information systems
The Ministry of Economic Affairs and Employment is the joint controller with the Prime Minister’s Office for the processing of personal data in the government’s shared information systems.
The shared information systems we use include:
- the case management system in which letters from citizens, information requests and other communications are stored: VAHVA and the EU affairs case management system EUTORI
- the Government intranet Kampus and electronic workspaces (including Tiimeri)
- the Government’s internal project management tool Gateway to Information on Government Projects
- the Government’s electronic decision support system PTJ
- the Government’s service order and management system Virkku
- the Government’s media service (intended for the media; requires registration)
- the Government image bank
- Howspace (a digital collaboration platform)
- Valto (the Institutional Repository)
The Government has determined the responsibilities of each joint controller. The Ministry of Economic Affairs and Employment and the Prime Minister’s Office are responsible for ensuring that your personal data are processed in compliance with the General Data Protection Regulation and other applicable national legislation. Joint controllership requires a legal basis for the disclosure of your personal data between the Ministry of Economic Affairs and Employment and the Prime Minister’s Office.
The Ministry of Economic Affairs and Employment is responsible for its own duties as an authority, such as the accuracy of your data and the execution of your rights as a data subject. The Prime Minister's Office is responsible for the following data protection matters in the shared information systems:
- ensuring that there is a legal basis for the technical solutions to process personal data in accordance with the data protection legislation;
- ensuring an appropriate level of security and guaranteeing the confidentiality of services;
- ensuring that contracts with processors of personal data have been concluded in accordance with the General Data Protection Regulation;
- ensuring that the systems comply with the data protection principles;
- carrying out the necessary data protection impact assessments.
You may exercise your data protection rights in relation to both joint controllers.
For more information about data protection in the shared information systems and services, please see the website of the Prime Minister’s Office.
CRM
Processing of personal data: Personal data processed in the customer relationship management system of the business service
The CRM system is a shared system in which the parties storing data in the personal data register serve as the controllers of the data they respectively store in the system and are responsible for ensuring the accuracy and updatedness of the data they store.
The joint controllers and their data protection officers can be contacted at the following contact points in matters concerning this personal data register:
| Organisation and the contact information of the data protection officer | Contact point in data protection matters |
|---|---|
| Centre for Economic Development, Transport and the Environment and TE Offices |
https://www.ely-keskus.fi/en/web/ely-en/contact-information |
| Ministry for Foreign Affairs |
kirjaamo.um(at)formin.fi |
| Finnish Safety and Chemicals Agency (Tukes) |
tietosuoja(at)tukes.fi |
| Business Finland Finnish Funding Agency for Innovation, Business ID: 0512696-4 |
tietosuoja(at)businessfinland.fi |
| Business Finland Ltd, Business ID 2725690-3 tietosuoja(at)businessfinland.fi |
tietosuoja(at)businessfinland.fi |
| Finnvera, Business ID 1484332-4 |
www.finnvera.fi - Online service - Messages function, hashtag Other |
What data do we collect on you for the customer data system of corporate services?
The data in the personal data register of the CRM system are used in the customer relationship and marketing activities of the joint controllers’ current and potential customers to promote the business of the companies. Public data related to companies can be stored and processed in the system.
In addition, the following information can be stored in the register about the company’s contact person and person responsible; not all information provided below is included for each person:
- Identification data: name, home country, domicile, street address, email address, phone number and data subject’s job title and role in the company.
- Additional information: nickname, name spelled in the native language, address and job title, working country, branch of industry, capital investment profile, category of expertise, job description, other description.
- Information about guidance relating to business activities or other services and the service recipient’s identification data.
- Changes to the above-mentioned data.
In addition, the register may include other notes concerning the data subjects and their potential customer relationship and other data related to good customer relationship management. They may include information about the data subject’s past or future event participations, contact requests, or information about the services ordered by the data subject and the delivery and invoicing thereof.
What is our data processing based on?
We process your personal data to comply with our statutory obligation or to perform a task concerning the public interest.
- Act on the customer data system of business services (Laki yrityspalvelujen asiakastietojärjestelmästä)
Disclosure and transfer of personal data
This register is based on the act on the customer data system of business services, according to which in addition to the joint controllers, data can be disclosed from the register only to the Ministry of Agriculture and Forestry and the Finnish Food Authority.
Otherwise, personal data are disclosed to parties other than the joint controllers or the system owner in a manner that allows the identification of individual users only in the following exceptional situations: when obligated by law or an order by the authorities, by a court order, or if disclosure is otherwise required to prevent or inspect suspected violations of law, the terms and conditions of the web services or good practices, or to protect the rights of the joint controllers or third parties.
The personal data included in the register will not be transferred or submitted outside the European Union or the European Economic Area. No automated individual decisions are made; nor is profiling performed based on the personal data in the register.
For more information about the processing of personal data in the customer relationship management system (ATV, Y-ATV), please contact Päivi Tommila ([email protected])
Each joint controller is the controller of the data that they respectively store and is responsible for ensuring that the data is accurate and up to date.
If you still have any questions about the processing of personal data by the Ministry of Economic Affairs and Employment, you can contact our data protection officer at tietosuojavastaava.tem(at)gov.fi.