Information on the processing of personal data in STUK’s Communications

The communications services of the Radiation and Nuclear Safety Authority (STUK) create the prerequisites for people to receive correct, understandable and up-to-date information on radiation safety and STUK as an authority. STUK's communications services also support the implementation of STUK's basic duty and strategy as well as the functionality of the work community. The communications services are responsible for, among other things, STUK's media communications, online communications, visual appearance, diversification of STUK's reputation and reputation management as well as communications research. The communications services are also responsible for translations of STUK's communications and marketing communications materials (Swedish, English) as an outsourced service.

1    Data controller

Radiation and Nuclear Safety Authority

2    Contact information

Radiation and Nuclear Safety Authority
Jokiniemenkuja 1, 01370 Vantaa, Finland
Switchboard +358 9 759 881
stuk(at)stuk.fi

Data Protection Officer
+358 9 7598 8439
tietosuojavastaava(at)stuk.fi

3    Purposes of the processing of data

  • Personal data are processed when sending and distributing newsletters, press releases, online news and blog posts in Finnish

  • Personal data are processed when organizing events and meetings and providing about them

  • Personal data are processed in surveys, telephone interviews and workshops organized for the development of communications services

  • Personal data are processed in competitions organized by the Communications

  • Personal data are processed in surveys carried out by the Communications

  • Personal data are processed in online forms at stuk.fi

  • Personal data are processed in connection with the maintenance and development of the stuk.fi website (cookies, React&Share)

  • Personal data are processed in connection with the data of companies offering radon mitigation listed at stuk.fi.

4    Legal basis for the processing of data

The processing of personal data in connection with newsletters, press releases, online news and blog posts in Finnish is necessary for the implementation of STUK's communications. The basis for processing is the public interest or the exercise of official authority vested in the data controller (Article 6(1) (e) GDPR). The data of participants in surveys or communications service development as well as data of participants in competitions and from cookies from online services are processed on the basis of the participants' consent (Article 6(1) (a)). The personal data of participants in events and meetings organized by STUK are processed on the basis of the public interest or the exercise of official authority vested in the data controller (Article 6(1) (e) GDPR).

5    Personal data and personal data categories processed

  • To send newsletters, press releases, online news and blog posts in Finnish, STUK's Communications need the recipient's email address. Newsletters also use tracking to help STUK's Communications find out how many recipients have opened the letter, taken advantage of the links in the letter and forwarded the letter.

  • To inform and organize events and meetings, STUK’s Communications process the following information: the participant's name, email address, other necessary contact information and any dietary information.

  •  To conduct surveys and develop communications services, STUK's Communications process the following information: the participant's name, email address, phone number and the information provided by the participant by phone or at the event, which may include personal data.

  • In connection with the organization of competitions, STUK's Communications process the following information: the participant's name, address, phone number, email address and age.

  • In connection with STUK's events and meetings, information relating to identifiable persons appearing in photos is processed in terms of the place and time of taking the photograph and possibly their name details.

  • The purpose of the photos and videos acquired for the use of STUK's Communications is to support STUK's official communications and otherwise communicate STUK's operations. We do not specifically notify people of taking photos or videos in public places or at public events. We follow journalistic principles when taking photos or videos in a public place. Photos are used in various communications materials, such as newsletters, websites, educational materials, social media posts and other publications. The aim of the photos is to concretise radiation and nuclear safety and to bring media coverage to our communications. STUK stores the photos in a Media Bank provided by a third party, which is freely accessible to the STUK employees.

  • STUK's Communications implement communications campaigns from which third parties and STUK's personnel can be identified. The identifiable photo material is used in accordance with the agreements concluded with the persons appearing in it.

  • The cookies on the stuk.fi website store the user's IP address. The purposes of cookies are described in more detail on the page Processing of personal data on our website. https://stuk.fi/henkilotietojen-kasittely-sivustolla

6    Where does personal data originate from?

  • Persons themselves make their email addresses available for STUK's Communications when they subscribe to a newsletter or press release or online news or blog post, or register to participate in the development of communications services or competitions.

  • In addition to the customer registers of STUK's different departments, data is collected for events and meetings as well as for communications research from the stakeholders' own public sources and STUK's internal registers containing personnel data.

  • We take photos and/or videos from events and meetings in which we participate.

  • Personal data in the possession of Communications are not disclosed for the purposes of direct marketing, opinion polls or market research, unless such disclosure is specifically provided for in the legislation.

  • STUK's Communications use newsletter data processors with whom agreements have been concluded in accordance with Article 28 of the General Data Protection Regulation.

  • As a rule, the cloud services used by STUK's Communications are implemented within the EU.

  • Subscribers to a newsletter or press release or online news or blog post may at any time end their subscription or withdraw their consent to receive customer surveys via the unsubscribe link in the message. After this, their email addresses will be removed from the mailing list.

  • The contact information of the persons participating in the development of STUK's communications services will be deleted when their described purpose of use has ended. The maximum data retention period is always stated at the time of data collection. However, the data are stored for a maximum of two years.

  • Competition entries will be stored for a maximum of one year.

  • The processing of data collected with the feedback form is described in the privacy policy.

7    Groups of personal data recipients

Personal data are processed and stored in the service providers'
information systems used by STUK.

8    Will data be transferred outside the EU/EEA or to international organizations or will they have access to the data?

No.

9    Disclosure and publicity of personal data

Upon request, STUK may disclose personal data in accordance with the Act on the Openness of Government Activities (621/1999).

10    Planned retention periods for data groups

Personal data are stored in accordance with the legislation and the data management plan for as long as there is a purpose for them and in accordance with STUK's data management plan.

11    Implementation of data subjects’ rights

11.1    Right to access personal data

The data subject has the right to receive confirmation from the data controller that the data on themselves is or is not processed, and if it is, the data subject has the right to access the personal data and the right to receive information on the processing of such data.

11.2    Right to rectification of data

The data subject has the right to demand that the data controller rectifies without undue delay any inaccurate and erroneous personal data about the data subject.

11.3    Right to erasure of data

A person has the right to have the data about themselves be erased if
–    consent is cancelled and no other legal justification exists for the processing of the data
–    the grounds for the use/processing of the data have ceased to exist
–    the processing is in breach of law.

11.4    Right to restriction of processing

The data subject has the right to have the processing of their personal data restricted if the data subject contests the accuracy of the data or if the processing of the data violates law.

11.5    Right to objection

Data subjects have the right to object to the use of their personal data in direct marketing.
On grounds concerning their personal situation, the data subjects also have the right to object to the processing necessary for performing a task serving the public interest, or for exercising public authority falling on the data controller, or if the processing is necessary for securing the legitimate interests of the data controller or third parties.

However, data may be processed for scientific or historical research purposes or for statistical purposes if this is necessary for the performance of a task serving the public interest.

11.6    Right to data portability

Data subjects have the right to have their personal data transferred to another data controller if the processing is based on consent or agreement and the processing is performed automatically.
Data can be transferred directly from one data controller to another, where technically feasible.

11.7    How do I submit a request regarding my personal data to STUK?

A request concerning the rights of the data subject can be addressed to the Head of Communications for the activities referred to in this document or by agreeing in advance with the Head of Communications on a data audit at the data controller’s premises. In addition, STUK's Data Protection Officer can be contacted in all matters related to the processing of personal data or the exercise of data subjects' rights. You can send a message about the matter by letter or email to STUK's Registry stuk(at)stuk.fi or alternatively by contacting the aforementioned persons directly. We will respond to you as soon as possible and within a month at the latest.

12    Cancellation of consent

If the processing is based on consent, the data subject has the right to cancel their consent at any time. The cancellation of consent does not affect the lawfulness of processing based on consent before its cancellation.

13    Legal remedies

If a data subject considers that the processing of their personal data is in breach of law, the data subject may bring the matter to the Data Protection Ombudsman.

For additional information, please contact:
Office of the Data Protection Ombudsman
Visiting address: Lintulahdenkuja 4, 00530 Helsinki, Finland
Mailing address: P.O. Box 800, 00531 Helsinki, Finland
Switchboard: +358 29 566 6700
Email: tietosuoja(at)om.fi
www.tietosuoja.fi

14    Further information

You can ask for more information about the processing of personal data in STUK's Communications by contacting our Communications either through our switchboard on weekdays from 8 a.m. to 4:15 p.m., tel. +358 9 759 881 or by email at viestinta(at)stuk.fi or contacting our Data Protection Officer through our switchboard on weekdays from 8 a.m. to 4:15 p.m., tel. +358 9 759 881 or by email at tietosuojavastaava(at)stuk.fi.​​​​​​​