Move to content

Privacy policy of Senate Group's e-sevice

1. Data controller and contact information

Senate Properties and Defence Properties Finland

Senate Properties: Lintulahdenkatu 5 A, P.O.Box 237, 00531 Helsinki, Finland
E-mail: kirjaamo(at)senaatti.fi

Defence Properties Finland: Isoympyräkatu 10, P.O.Box 1, 49401 Hamina, Finland
E-mail: kirjaamo(at)puolustuskiinteistot.fi

Tel: +358 294 830 000

Data Protection Officer Petri Konttinen, firstname.lastname(at)senaatti.fi

2. Purpose of the processing of personal data (the purpose of use of the file system) and
the legal basis for the processing

Senate Group’s e-sevice on senaatti.fi is the portal to the digital services offered by Senate Properties and Defence Properties Finland to their stakeholders. Senate Properties and Defence Properties Finland act as joint controllers in accordance with Article 26 of the GDPR.

Processing of data is necessary for the performance of tasks carried out in the public interest by the controllers (Article 6 (1)(e) of the GDPR). Under Section 2.1 of the Act on Senate Properties and Defence Properties Finland (1018/2020): “The purpose of the unincorporated state enterprises in the Senate Group is to operate in the real estate and facility services, providing real estate and facility services for the state; management of the facilities and administrative services; services related to the acquisition, management and transfer of premises; as well as other services closely connected to these, on the basis of service agreements, for customers referred to in Section 2 of the Act on Unincorporated State Enterprises. Furthermore, the responsibilities of the unincorporated state enterprises include management of the state’s real estate assets under their control; maintenance and administration of said assets; and, if necessary, the transfer, acquisition, management and administration of the state’s real estate assets and other related assets.”

3. Data content of the file system and categories of personal data

The e-sevice portal is used to log in to the Group’s systems, to which stakeholders have been granted access using Senate Properties’ IAM system. Information about data subjects’ profiles is saved in the e-service portal.

The data subjects are stakeholders of the Senate Group (e.g. customers and service providers). The data subject may also be an employee of Senate Group (mainly only the main users of the service). The following personal details are registered in the system: name, email address, user role (customer or other stakeholder) and information about which service the person has access to.

4. Regular data sources

The details are obtained from the persons themselves when they log in to the service. The details in the e-service portal come from the IAM system’s user profile.

5. Recipients or categories of recipients of the personal data

System administrators have access to the personal details. Senate’s ICT service providers (system support services) have access to the data so that they can carry out technical maintenance tasks.

6. Data transfers to third countries outside the EU or EEA, information on the applicable security measures and means to obtain copies or information on their content

The data will not be transferred outside Finland, the EU or the EEA.

7. Security principles for the file system

The data in the system is protected by a firewall and other technical measures. Data subjects log in to the service as identified users with their personal profiles.

Personal data is visible to the system administrators. No personal data is transferred for the purposes of the service provider’s analytics service, but the service provider anonymises the data transferred.

8. Data retention period and the criteria for determining it

Personal data (user profile) will be deleted automatically when a data subject has not logged in to the service for 4 months.

9. Rights of the data subjects

Data subjects may exercise their rights under the General Data Protection Regulation (Article 14.2c) in the following matters when Senate Properties acts as controller

  • The right to access personal data (to be informed about the processing of their personal data)
  • The right to erasure
  • The right to restrict processing
  • The right to object to the processing
  • The right not to be subject to a decision based on automated processing.

The controller shall provide information on action taken on request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by a further two months where necessary, taking into account the complexity and number of requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject (Article 12.3 of the GDPR).

The data subject also has the right to lodge a complaint with the Data Protection Ombudsman acting as a supervisory authority.

Give feedback