PRIVACY NOTICE FOR REGISTERED USERS OF THE LÄHELLÄ.FI ONLINE SERVICE
In accordance with the EU General Data Protection Regulation ((EU) 2016/679)
Data Controller
Lapin sosiaali- ja terveysturvayhdistys ry (The Social Welfare and Health Security Association of Lapland)
Kansankatu 13
96100 Rovaniemi
Phone (info): 040 6895910
Lapin sosiaali- ja terveysturvayhdistys ry (The Social Welfare and Health Security Association of Lapland) represents the Lähellä.fi network.
Contact Person for Data Protection Matters
Executive Director
Arja Kilpeläinen
Lapin sosiaali- ja terveysturvayhdistys ry (The Social Welfare and Health Security Association of Lapland)
Kansankatu 13
96100 Rovaniemi
Phone (info): 040 040 3659
firstname.lastname@lapinsote.fi
Name of the Register
Registered users of the Lähellä.fi online service
Purpose of Processing Personal Data
The purpose of processing personal data in the Lähellä.fi service is
provision and maintenance of the service
customership management
service development
monitoring and analysing usage
service security and development
communication with end users
enhancing network-based collaboration between different actors to promote wellbeing and health
Legal Basis and Content of Data Processing
Based on the Lähellä.fi network agreement
service maintenance and management measures
technical support and customer service for registered users
communication with registered users
usage monitoring
service development
service security
surveys and raffles
statistical purposes related to service development
Contents of the Register
The register contains information provided by the data subject, including first name, last name, phone number, email address, organisation, username, and password*. The password is not visible to the data controller or to those processing the data.
Providing the personal data marked with an asterisk is a prerequisite for establishing our contractual and/or customer relationship. Without the required personal data, we are unable to provide the service.
To ensure the proper functioning of the online service, the system uses cookies for login and temporary data storage.
Categories of Data Subjects and Categories of Personal Data
The register contains the personal data of users registered in the Lähellä.fi service.
Recipients and Categories of Recipients of Personal Data
Personal data is received and processed by the administrators of the Lähellä.fi service. Where necessary, personal data may also be processed on behalf of the data controller by the service’s IT provider (technical maintenance and development), based on a contractual agreement.
Public sector employees who are responsible for promoting cooperation between different actors in the fields of health and wellbeing.
Retention Period of Register Data
Personal data of registered users is retained for a fixed period. The data will be stored until:
the registered user deletes their own data from the service
the registered user requests deletion from the Lähellä.fi service administrators
The registered user has not used the service for two (2) years, in which case the administrators will delete the user’s data. Before deletion, a notification will be sent to the email address provided by the user
the registered user is permanently removed from the service due to a violation of the terms of use
the data is automatically removed from backup copies within three (3) months
the online service is discontinued
As the data controller, we regularly assess the necessity of data retention in accordance with applicable legislation. In addition, we take reasonable measures to ensure that no personal data which is incompatible with the purpose of processing, outdated, or incorrect is stored in the register. Such data will be rectified or deleted without delay.
Regular Sources of Data
Personal data concerning the registered user is obtained from the individual registering for the service.
Regular Disclosure and Transfer of Data, Including Transfers Outside the EU/EEA
The data controller does not disclose the personal data of registered users to third parties, except if required to do so by Finnish authorities.
Personal data may be transferred from the Lähellä.fi service to other services via interface solutions. The following types of content are available via interfaces:
Organisation
Activity announcements
If these contents include personal data entered in form fields—such as names and contact details—this data may be transferred via interfaces to other services and users. An example of such transferred personal data includes contact details provided on a form related to work and internship opportunities.
The data controller does not transfer registered users’ personal data outside the EU or EEA.
Principles of Register Protection
The register is kept confidential and protected using various technical and organisational security measures. The data is stored in a system that is accessible only to specific employees through usernames and passwords. The data networks and hardware on which the registers are stored are protected by firewalls and other necessary technical safeguards. The databases and their backups are located in locked facilities of the IT service provider, and only certain predesignated individuals have access to the data.
Rights of the Data Subject
As a data subject, you have the right to access the personal data stored about you in the register and to request the rectification or erasure of inaccurate or unlawful data, provided there are legal grounds for doing so. You may independently review, correct, or delete your data through the "User" section in the service management interface. As a registered user, you also have the right to withdraw or modify your consent at any time.
The Lähellä.fi online service does not engage in automated decision-making or profiling.
However, in accordance with the General Data Protection Regulation (GDPR), you have the right to object to or request the restriction of processing of your data, to request the transfer of your data to another system, and to lodge a complaint with a supervisory authority concerning the processing of your personal data. As the data controller, we encourage you to first discuss your situation with us before submitting a complaint.
For special personal reasons, you also have the right to object to profiling or other forms of data processing that are based on our customer relationship. In making such a request, you must specify the particular situation on which your objection is based. As the data controller, we may refuse such a request only on grounds provided by law.
Contacts from Data Subjects
All enquiries and requests concerning this statement must be submitted by email to info@lahella.fi. The data controller has the right to verify the identity of any individual exercising their right of access. If the data subject fails to provide the necessary additional information, the data controller reserves the right to refuse the request.
Right to be Notified of Personal Data Breaches
The data controller will notify affected individuals of any data breach that is likely to result in a high risk to their rights and freedoms. Notification may be made directly or via public means (e.g., media) if direct contact causes unreasonable burden to the data controller. The controller will also notify the Data Protection Ombudsman.
Additional Information Regarding Processing of Personal Data in Lähellä.fi
The log system of the Lähellä.fi service is part of the overall Lähellä.fi system and does not have an independent core function in relation to the Lähellä.fi entity. Therefore, a separate privacy notice is not provided for the log system.
Changes to the Privacy Notice
Any possible changes to this notice will be published with dates in the privacy notice. Significant changes will be communicated separately, for example, via an announcement on the website. We recommend that you visit our service regularly and take note of any updates or changes to the statement.
This privacy notice was created on 6 April 2022.