The processing of personal data and data protection in the Finnish Institute of Occupational Health are regulated by the European Union General Data Protection Regulation (2016/679, ”GDPR”), the supplementary Finnish Data Protection Act, the Act on the Openness of Government Activities (621/1999), the Act on the Status and Rights of Patients (785/1992), the Information Society Code (917/2014) and the Act on the Operation and Financing of the Institute of Occupational Health (159/1978).

The Finnish Institute of Occupational Health operates in many different ways, and the Institute processes personal data on several legal grounds in accordance with the GDPR and the Data Protection Act: consent from the data subject, performance of a contract or taking steps prior to entering into a contract, legal obligation, carrying out tasks in public interest, the legitimate interests of the data controller.

Personal data processed by the Finnish Institute of Occupational Health includes identifying data (name, personal identity code), contact information (mailing address, phone number, e-mail address), information regarding their employer and employment contract (profession, sector, enterprise), views on work life, work organizations or workplace as well as information regarding exposure at work. The Finnish Institute of Occupational Health processes patient information and other data concerning health, and may also process other (sensitive) personal data, such as data concerning trade union membership or ethnic background.

RIGHTS OF THE DATA SUBJECT AND THE REALIZATION THEREOF

You can make a request in relation to the rights of the data subject as described in the GDPR or via a free-form message. Requests are primarily delivered to our Data Protection Officer.

A notice of withdrawal of consent or a direct marketing restriction should be made to the contact person of the data in question. Information on the Finnish Institute of Occupational Health’s personal data can be found on our data protection page (in Finnish). Below, you will find more specific information on various requests (relevant GDPR article in brackets).

RIGHT OF ACCESS BY THE DATA SUBJECT (ARTICLE 15)

This refers to your right to get confirmation as to whether your data is being processed, and your right to check the data in question.

The request must be made with a document signed by the data subject. Please also specify which data your request concerns. If the need arises, The Finnish Institute of Occupational Health may restrict this right in regards to archived data or data being used for scientific research.

RIGHT TO REctIFICATION (ARTICLE 16)

This means your right to rectify unclear or incorrect personal data. The request must be made with a document signed by the data subject. The request should specify which data it concerns, how the data is incorrect and how it should be changed. If the need arises, The Finnish Institute of Occupational Health may restrict this right in regards to archived data or data being used for scientific research. It is not possible to rectify archived data.

RIGHT TO DATA PORTABILITY (ARTICLE 20)

The right to data portability only applies to cases in which your data has been collected based on a contract or consent, the data is being processed automatically and you have given the data to the Finnish Institute of Occupational Health yourself or it has been collected upon using a service or a device. The right to data portability does not apply to archived data or data being used for scientific research, because these are part of the public duties of the Finnish Institute of Occupational Health.

The request must be made with a document signed by the data subject. The request should specify which data it concerns as well as where and how the data should be transmitted.

RIGHT TO OBJECT (ARTICLE 21)

You have the right to object to the data processing that the Finnish Institute of Occupational Health performs for the purpose of carrying out a task in the public interest or for the purpose of their legitimate interest. This includes a direct marketing restriction.

The request must chiefly be made with a document signed by the data subject, but the direct marketing restriction can also be placed via a phone call or an e-mail. The request should specify which data it concerns and why you object to the processing of the data. The right to object does not necessarily apply to archived data or data being used for scientific research.

RIGHT TO ERASURE (‘RIGHT TO BE FORGOTTEN’, ARTICLE 17)

The request must be made with a document signed by the data subject. Please note that the right to erasure does not apply to personal data that is being processed in compliance with a legal obligation or for the purposes of carrying out a task in the public interest. The right to erasure also does not apply to archived data or data being used for scientific research.

THE RIGHT TO WITHDRAW CONSENT (ARTICLE 7)

The easiest way to withdraw consent is to notify the contact person named while giving the consent.

If you withdraw your consent regarding data we have an obligation to archive, the withdrawing will be realized by archiving the data. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. When withdrawing your consent, you need to give out your identification data so that your data can be identified in the data.

CONTACT INFORMATION

MAILING ADDRESSES

Finnish Institute of Occupational Health, P.O. Box 40, FI-00032 Työterveyslaitos

Finnish Institute of Occupational Health, Data Protection Officer, P.O. Box 40, FI-00032 Työterveyslaitos

DATA PROTECTION OFFICER OF THE FINNISH INSTITUTE OF OCCUPATIONAL HEALTH

Telephone: 030 474 2429 or e-mail: dpo(at)ttl.fi

In case of confidential matters, you may also send the Finnish Institute of Occupational Health a secure message (e-mail address required).