Navigation Menu

Tietosuojaseloste sivustojen Mediapalvelu en

Privacy statement; media service on the website

POL-2020-84021, ID-20449652, 16th of December 2020

  1. Controller

    National Police Board
    Postal address: PO Box 1000, FI-02151 ESPOO
    Visiting address: Vuorimiehentie 3, 02150 ESPOO 
    Telephone: +358 (0)295 480 181 (general inquiries)
    Email: [email protected]

  2. Contact person in matters related to data protection
    National Police Board
    Aija Tiainen-Broms, Senior Adviser
    For contact details, see Section 1.
  3. National Police Board’s Data Protection Officer
    National Police Board
    Harri Kukkola, Senior Adviser
    For contact details, see Section 1.
  4. Purposes of the processing of personal data and the lawfulness of processing
    The media service is an electronic register of subscribers and their newsletter subscriptions.
    Individual journalists or media representatives register in the media service on the website, where they can subscribe to news of selected police units and invitations to events (such as press conferences) delivered via email. 

    Data is only processed to maintain customer relationships, deliver the aforementioned news and send any invitations. 

    Backup email lists will be generated on the basis of data obtained from the media service so that news of the Police can also be sent to media representatives during system malfunctions. 

    The processing of personal data is based on the provision of a service.
  5. Processed personal data and categories of personal data

    To provide the service, it is necessary to process the following data collected directly from data subjects:

    Personal data
    - First name*
    - Last name*
    - Country (of operations)*
    - Email address*
    - Telephone number (for providing assistance during any login problems)
    - Represented news media service*
    - Job title*
    - Other clarification, e.g. references to articles for freelancers
    - Information on whether other representatives of the same media service can register the data subject for events  
    - Information on whether the data subject requests invitations to press conferences

     Data marked with an asterisk (*) is mandatory.

  6. Recipients of personal data
    As a rule, no personal data is disclosed to parties outside the National Police Board.

    Backup email lists will be processed by communication employees of the Police in their work.
  7. Transfer of data to third countries
    No personal data is disclosed or transferred outside the EU or EEA.
  8. Retention and erasure of data
    Registered data and subscriptions will be erased when the data subject so requests or ends their membership with the media service.

    The controller erases non-functioning email addresses and related data from the service. 
    At the same time, data will be erased from backup email lists.
  9. Protection of personal data 
    Only individuals involved in the provision of the Police’s communication services have the right to process personal data.

    Access to the Police’s data systems is controlled by means of identity and access management. The individuals authorised to process personal data log in to data systems by using a certificate linked to their e-service card.

    Access rights to systems are only granted to the extent required in official and work-related tasks. Representatives of the service supplier have undergone a security clearance procedure and signed a non-disclosure agreement.

    All electronic data is protected against third-party access by technical and organisational means. Any hard copies printed out from electronic systems are kept in a locked space.
  10. Rights of data subjects
    Right of access by the data subject (Article 15)

    Data subjects have the right to obtain information as to whether or not their personal data is processed.

    Requests for exercising the right of access must be addressed to the controller (using the contact details provided in Section 2 above). To exercise their right of access, data subjects must provide the information required by the controller for honouring the request, such as their name and information about the event in question.

    If required, the controller has the right to request additional information from data subjects to verify their identity.

    Right to rectification and right to erasure (‘right to be forgotten’) (Articles 16 and 17)

    Data subjects have the right to request their data to be rectified or erased. Requests for exercising the right of rectification or the right of erasure must be addressed to the controller in writing (see Section 2). Such requests must indicate how the data is inaccurate or on what grounds the data must be erased.

    Right to restriction of processing (Article 18)

    Data subjects have the right to request the processing of their data to be restricted in certain circumstances.

    Circumstances in which a data subject can request the processing of their data to be restricted include, but are not limited to, the following:

    - The data subject contests the accuracy of their personal data.
    - Processing is unlawful and the data subject objects to the erasure of their personal data and requests the use of the data to be restricted instead.
    - The controller no longer needs the personal data for the purposes of processing, but the data subject requires it for the establishment, exercise or defence of a legal claim. 

    Requests for the restriction of processing must be addressed to the controller.

    Right to data portability (Article 20)

    Data subjects have the right to receive their personal data provided for the controller in a structured, commonly used and machine-readable format, and the right to transmit their data to another controller.

    Data subjects have the right to have their data transferred directly from one controller to another, if this is technically possible.

    This right applies:

    - only to the automated processing of personal data
    - when personal data concerns the data subject and has been provided by the data subject
    - when the processing of personal data is based on consent or the performance of a contract
    - when the transfer of data has no adverse impact on the rights and freedoms of third parties.

    Requests for having data transferred must be addressed to the person defined in Section 2.
  11. Right to refer cases to the Data Protection Ombudsman 
    Any data subject who feels that their personal data is being processed in breach of the law governing personal data may request the Data Protection Ombudsman to investigate the matter.

    Office of the Data Protection Ombudsman

    Postal address: PO Box 800, FI-00521 HELSINKI
    Visiting address: Lintulahdenkuja 4, 00530 HELSINKI
    Telephone: +358 (0)295 666 700
    Email: [email protected]  
  12. Access to the privacy statement
    This privacy statement is publicly available in electronic format at
    This privacy statement is stored in the Police’s administrative case management, decision-making and archiving system (Acta).