Information on the processing of personal data in STUK’s Communications

The communications services of the Radiation and Nuclear Safety Authority (STUK) create the prerequisites for people to receive correct, understandable and up-to-date information on radiation safety and STUK as an authority. STUK's communications services also support the implementation of STUK's basic duty and strategy as well as the functionality of the work community. The communications services are responsible for, among other things, STUK's media communications, online communications, visual appearance, diversification of STUK's reputation and reputation management as well as communications research. The communications services are also responsible for translations of STUK's communications and marketing communications materials (Swedish, English) as an outsourced service.

Information about the processing of personal data in communications

1 Controller

Radiation and Nuclear Safety Authority

2 Contact details

Radiation and Nuclear Safety Authority
Jokiniemenkuja 1, 01370 Vantaa
Switchboard +358 9 759 881
[email protected]

Data Protection Officer
+358 975 988 286
[email protected]

3 Purposes of data processing

Implementation of communication activities and development of communications. For example:

  • newsletters, press releases, online news articles, blog posts
  • events and sessions
  • surveys, telephone interviews, workshops
  • competitions
  • studies
  • website and related enquiries and feedback

4 Legal basis for data processing

Processing of personal data in connection with newsletters, press releases, online news articles and Finnish blog posts is necessary for the implementation of the Radiation and Nuclear Safety Authority’s (STUK) communications. The processing is based on a statutory obligation (section 20 of the Act on the Openness of Government Activities), public interest or the exercise of official authority vested in the controller. The basis for the processing of data of participants in surveys, competitions or the development of communications is the participants’ consent. The use of cookies in online services is also based on consent. The data of people participating in events organised by STUK are processed based on public interest or the exercise of public authority vested in the controller, or an agreement.

5 Processed personal data or categories of personal data

For the purpose of sending newsletters, press releases, and providing online news articles and Finnish blog posts, we need the recipient’s email address. Tracking is also used in newsletters to enable STUK’s communication services to track the number of recipients opening the newsletter, clicking on the links in the newsletter, and forwarding the newsletter.

To provide information about events and sessions and to organise them, we need the following data: the participant’s name, email address, other necessary contact details and possible dietary information.

To carry out surveys and develop our communication services, we process the following data: the participant’s name, email address, telephone number and any information provided by the participant on the telephone or at an event, which may contain personal data.
In connection with organising competitions, we process the following data: the participant’s name, address, telephone number, email address, and age.

In connection with STUK's events and sessions, data related to the location and time at which a photograph was taken of an identifiable person and, possibly, participants’ names, are processed.
The purpose of the photographs and videos produced for use by STUK is to support STUK’s official communications and otherwise communicate about STUK’s activities. We do not provide separate notification regarding taking photos or recording videos in public places or at public events. When taking photographs or videos at public places, we comply with journalistic principles.

The photographs are used in various communication materials, such as press releases, websites, teaching materials, social media publications, and other publications. Photographs are used to make radiation and nuclear safety concrete and to attract attention to our communications. STUK saves photographs to a media bank provided by a third party, which is freely used by STUK’s employees.

We carry out communication campaigns where external individuals and STUK employees are identifiable. Image material containing identifiable individuals is used in accordance with an agreement made with the relevant persons or their consent.

The user’s IP address is stored in the cookies on the Stuk.fi website. Cookie purposes are described in more detail on the page Processing of personal data on the website. 

To ensure adequate security when submitting feedback forms, we use Google's reCAPTCHA website. The main function of the service is to verify that the sender is a natural person, not an automated robot. This service includes sending the IP address and other data required by the reCAPTCHA service to Google. The verification is subject to the privacy practices of Google Inc. For more information about Google Inc.’s privacy practices, visit the Google website.

6 Where do the personal data come from?

Data subjects’ email addresses are obtained directly from them when they subscribe to our newsletter or press releases, online news articles or blog posts, enter competitions or register for the development of our communications services.

In addition to the customer registers of STUK departments, data are collected for events and sessions as well as for studies carried out in communications from the stakeholders’ own public sources and from STUK’s internal registers containing employee data.

We take photographs and/or record video at the events we are part of.
The personal data held by communications will not be disclosed for direct marketing or for opinion or market research purposes, unless specifically provided or agreed for this purpose.

7 Recipients or groups of recipients of personal data

The data are processed using the information systems of service providers.
The data may be processed in cloud computing services, in which case data may be transferred outside the EU or EEA using an appropriate data transfer mechanism. (Commission Implementing Decision (EU) 2023/1795 on the adequate level of protection of personal data under the EU–US Data Privacy Framework)

The data are transferred to Google LLC in connection with the use of the reCAPTCHA service. The basis of data transfer is the aforementioned decision.

8 Will data be transferred outside the EU/EEA and to international organisations, or will these parties have access to data?

The data may be processed in cloud computing services, in which case data may be transferred outside the EU or EEA using an appropriate data transfer mechanism. (Commission Implementing Decision (EU) 2023/1795 on the adequate level of protection of personal data under the EU–US Data Privacy Framework)

The data are transferred to Google LLC in connection with the use of the reCAPTCHA service. The basis of data transfer is the aforementioned decision.

9 Disclosure and publicity of personal data

Upon request, STUK may disclose personal data in accordance with the Act on the Openness of Government Activities (621/1999).

10 Planned data retention periods for data groups

Personal data are stored in accordance with the law and the data management plan for as long as the current purpose of use exists.

The subscribers of a newsletter, press release, online news article or blog post may unsubscribe or withdraw their permission to receive customer surveys at any given time using the ‘unsubscribe’ button in the message. As a result, their email addresses will be removed from the mailing list.
The contact details of the persons participating in developing STUK’s communication services will be deleted once the intended use has ended. The maximum time for data storage will always be stated in connection with data collection. However, the maximum period of data storage is two years.

The data concerning competition participants will be stored for a maximum of one year.
The processing of data collected using the feedback form is described in the related privacy notice.

11 Realisation of the rights of the data subject

11.1 Right of access

The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data and information about the processing of the personal data.

11.2 Right to rectification

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them.

11.3 Right to erasure

 The data subject has the right to obtain from the controller the erasure of personal data, for example, when

  • consent is withdrawn and there is no other legal basis for processing the data
  • the data are no longer necessary in relation to the purposes for which they were collected/processed
  • the processing is unlawful

11.4 Right to restriction of processing

The data subject has the right to obtain from the controller restriction of processing, for example, if the accuracy of the personal data is contested by the data subject or the processing of personal data is unlawful.

11.5 Right to object

The data subject has the right to object to the processing of their personal data for direct marketing purposes.

The data subject has the right to object, on grounds relating to their personal, particular situation, to the processing of their personal data where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or a third party.

However, the data may be processed for scientific or historical research purposes or for statistical purposes, if necessary for the performance of a task carried out in the public interest.

11.6 Right to data portability

The data subject has the right to transmit the personal data, which they have provided to a controller, to another controller, where the processing is based on consent or the processing is carried out by automated means. The data may be transmitted directly from one controller to another, where technically feasible.

11.7 How do I submit a request for reviewing my personal data to STUK?

You can submit the request for your personal data, for example, using the Suomi.fi online service or by mail to the Radiation and Nuclear Safety Authority, Jokiniemenkuja 1, 01370 Vantaa. 
We will respond to you as soon as possible, but no later than within one month.

12 Is the provision of personal data mandatory??

Without personal data, STUK cannot contact or deliver the agreed materials to the recipient.

13 Withdrawal of consent

If the processing is based on consent, the data subject has the right to withdraw their consent at any time. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent before the withdrawal.

14 Information on profiling or automated decision-making

Not used

15 Remedies

If you find that the processing of personal data is unlawful or insecure, please contact us.
You may also refer the matter to the Data Protection Ombudsman.

Further information:
Office of the Data Protection Ombudsman
Visiting address: Lintulahdenkuja 4, 00530 Helsinki, Finland
Mailing address: P.O. Box 800, FI-00531 Helsinki
Switchboard: +358 29 566 6700
Email: tietosuoja(at)om.fi
www.tietosuoja.fi

16 Additional information

Additional information on the processing of personal data and data protection is available from STUK’s communication services and the Data Protection Officer at STUK.