Joint controllership

In accordance with data protection legislation, joint controllers means two controllers who determine the purposes and means of processing data. Joint controllers agree on a system and transparent manner on the basis of which each takes responsibility for the supervision of compliance with data protection obligations in their assigned areas.

The Ministry for Foreign Affairs is joint controller with the following systems and actors:

Government’s shared information systems
Shared customer relationship management system KasvuCRM

Government’s shared information systems

The Ministry for Foreign Affairs and the Prime Minister's Office are joint controllers when processing personal data in the government’s shared information systems.

The Foreign Ministry’s shared information systems are:

case management systems for storing letters from citizens, requests for information and other communications: VAHVA (deployment in summer 2021), Aski (document drafting system), Arkki (online archive), UHKUVA (electronic photo archive), separate document registers maintained by the Foreign Service, and EU affairs case management system EUTORI
the Government intranet Kampus
the Government’s project management tool Gateway to Information on Government Projects
the Government electronic decision support system PTJ
the Government's service order and management system Virkku.

The Government has determined the responsibilities of each joint controller. The Ministry for Foreign Affairs and the Prime Minister's Office are responsible for ensuring that your personal data are processed in accordance with the European Union's General Data Protection Regulation (GDPR) and applicable national legislation. Regardless of joint controllership, a legal basis must exist for the disclosure of personal data between the Ministry for Foreign Affairs and the Prime Minister's Office.

In the Ministry for Foreign Affairs, we take responsibility for our own official activities, including the accuracy of your data and the realisation of your rights as a data subject. The Prime Minister's Office is responsible for the following data protection issues in the shared information systems:

ensuring that the technical solutions have a legal basis for processing personal data in accordance with the data protection legislation
ensuring an appropriate level of security and guaranteeing the confidentiality of services
ensuring that contracts with processors have been concluded in accordance with the General Data Protection Regulation
ensuring that the systems comply with data protection principles
carrying out the necessary data protection impact assessments.

You may exercise your data protection rights in relation to both joint controllers.

For data protection contacts at the Prime Minister's Office(Link to another website.) (Opens New Window)

Shared customer relationship management system KasvuCRM

The shared customer relationship management system KasvuCRM is a joint system, owned by the Ministry of Economic Affairs and Employment. It is used by joint controllers when handling their current and potential customer relations and marketing matters to promote companies’ business activities.

The Ministry of Economic Affairs and Employment is responsible for the system’s overall operation and for the technical interface necessary to store, connect, disclose and process data, as well as for the usability of the system and the integrity, protection and storage of data in it.

Information processed in the system is mainly public data related to companies, available from:

the National customer data resource for business services
the data subject
the data subject, collected by a third party in connection with events
public sources of information.

Personal data stored in the system is retained only as long as and to the extent that is necessary and permitted by law in relation to the original or compatible purposes, for which they have been collected. As a rule, personal data is retained for five years at most from the date on which the data was processed last for service provision purposes. However, data is not deleted if it is necessary to retain the information for the execution of a statutory duty or for processing a matter that has been initiated.

Joint controllers

Each joint controller handles the data that they have saved and is responsible that the data is correct and up to date.

For matters relating to processing of personal data, customers can contact joint controllers or data protection officers at the following contact points:

ELY Centre and TE Offices (Link to another website.) (Opens New Window)

tietosuoja.keha@ely-keskus.fi

Ministry for Foreign Affairs

tietosuoja@formin.fi

kirjaamo.um@formin.fi

Finnish Safety and Chemicals Agency

tietosuoja@tukes.fi

Innovaatiorahoituskeskus Business Finland,

Business ID: 0512696-4

tietosuoja@businessfinland.fi

Business Finland Ltd, Business ID 2725690–3

tietosuoja@businessfinland.fi

Finnvera, Business ID 1484332-4(Link to another website.) (Opens New Window)

tietosuojavastaava@finnvera.fi

Information about you that we are entitled to store

The following information about your company's contact persons and authorities can be stored in the system; all information mentioned below is not necessarily stored of each person :

Identification data: name, home country, domicile, street address, email address, phone number and data subject’s job title and role in the company
Additional information: Nickname, name spelled in the native language, address and job title, working country, branch of industry, capital investment profile, category of expertise, job description, other description
Information about guidance relating to business activities or other services and the service recipient’s identification data
Changes to the above-mentioned data.

In addition, notes and other information necessary for the good management of customer relations can be processed in the system. These may include information about participation in past or future events, requests for contact, or information relating to ordered services and their delivery and invoicing.

Why we process your data

As joint controllers we process personal data case by case based on one of the following:

Processing is necessary for the preparation or performance of a contract to which the data subject is party.
Processing is necessary for compliance with a legal obligation to which the controller is subject.
Processing is necessary for the performance of a task carried out in the public interest or for the exercise of official authority vested in the controller.
Processing is necessary for the purposes of the legitimate interests of the controller (only in cases where this is considered to be also in the interests of the data subject).

The Ministry for Foreign Affairs processes personal data to be able to carry out its statutory duties and to perform tasks carried out in the public interest. The processing is based on Article 6, paragraph 1, points c and e of the General Data Protection Regulation (GDPR) (EU 2016/679).

Provisions on the tasks of the Ministry for Foreign Affairs and Finland's missions abroad are laid down, for example, in:

the Act on the Foreign Service
the Government Decree on the Foreign Service
the Act on customer data systems for business services

Transfer of personal data

We do not disclose personal data on a regular basis.

In accordance with the Act on customer data systems for business services (293/2017), personal data can be disclosed not only to the joint controllers but also to the Ministry of Agriculture and Forestry and the Agency for Rural Affairs.

Personal data is not disclosed to other than the joint controllers except in the following cases

Exceptional situations :

Obligated by law or an official order
By court order
Provided that disclosing the data is necessary to prevent or investigate suspected violations of law, websites’ terms of use or good practice or to protect the rights of joint controllers or third parties.

Personal data will not be transferred outside the European Union or European Economic Area.

Did you know that under the GDPR you have rights related to how we process your personal data? More information about your right to data protection is available.

If you have any questions concerning the processing of your personal data in the Foreign Service, contact the Ministry’s Data Protection Officer by email at tietosuoja@formin.fi

Foreign policy and security policy

International organisations and partnerships

North Atlantic Treaty Organisation

Partnerships

Defence Cooperation Agreement with the United States (DCA)

National Security Authority

Foreign policy planning and research

Development policy and development cooperation

Goals and principles of Finland’s development policy

Rights and status of women and girls

Agenda 2030 – Sustainable Development Goals

Development cooperation appropriations

Bilateral partner countries

Afghanistan

Ukraine

Partners of Finland's development policy

Regional development cooperation

Monitoring, oversight and risk management

International trade and services for companies

Common Trade Policy of the EU

Team Finland activities at the Foreign Ministry

Promotion of export and internationalisation

Services and guidelines for export control

Regional and thematic cooperation

Climate Smart Foreign Policy

Human rights policy

Finland in the UN Human Rights Council 2022–2024

Nordic cooperation

Arctic and Antarctic cooperation

ATCM45

About the Meeting

About Finland

Information for Delegates

Barents cooperation

The Finnish Presidency of the Barents Euro-Arctic Council 2021-2023

Presidency 2021-2023

Finland's Africa strategy

Country image

EU

The new relationship between the EU and the UK (Brexit)

Legal affairs

International treaties

Services and guidelines related to sanctions

Human rights complaints

Publications

Russian invasion of Ukraine

Entering Finland

Visa representation agreements

Before travelling abroad

In distress abroad

Services of Finnish missions

Finnish passport and identity card

Remember to update your personal data

Frequently Asked Questions

FAQ: Travelling and Covid-19

Guidelines and financial support related to development cooperation

Development Cooperation support for Finnish CSOs

Opportunities in development cooperation for the private sector

EU projects to develop public administration – Twinning and TAIEX

Organisation

Archives and information requests

Diplomatic Portal

Foreign missions in Finland ─ Helsinki Diplomatic List

Tax Exemption Forms for Missions

Data protection

Your data protection rights

Media Service

Projects and legislative drafting

Permanent State Secretary

Political Department

Department for International Trade

Department for Development Policy

Department for Europe

Department for Russia, Eastern Europe and Central Asia

Department for the Americas and Asia

Department for Africa and the Middle East

Department for Communications

Legal Service

Consular Services

Administrative Services