Data protection

You can find more detailed information about personal data that is collected from the privacy statement of each service: 

• Privacy statement for Suomi.fi web service
• Privacy statement for Suomi.fi Messages
• Event log file of the register of the Suomi.fi e-Authorizations checks on the right to act on behalf of another party
• Privacy statement for the Suomi.fi e-Authorizations mandate register
• Privacy statement for Suomi.fi e-identification event register
• Privacy statement for event log file for cross-border identifiers
• Privacy statement for the Customer Feedback tool

The Digital and Population Data Services Agency collects and processes personal data in Suomi.fi services so that it can provide services to private and organisational users. The provision of Suomi.fi services is prescribed under the Act on Common Administrative e-Service Support Services, (571/2016).

The Act on Common Administrative e-Service Support Services regulates the Digital and Population Data Services Agency's rights to process personal data, specifically in Section 9 of the Act. The Act also regulates the Digital and Population Data Services Agency's obligations to maintain certain registers, such as the authorisation register (Section 10) related to Suomi.fi e-Authorisations, the register of provision of consent relating to use of electronic services such as Suomi.fi Messages (Section 11) and the messages register. In addition the collection of event data and log data is regulated in the Act (Section 13 and Section 20).

The Digital and Population Data Services Agency only collects and processes data which is necessary for the provision of the various Suomi.fi services. In addition, the Digital and Population Data Services Agency takes account of the processing of personal data, data protection and data security of services when developing Suomi.fi services, and has paid particular attention to the necessity of processing personal data and its implementation in the use stages of the various services.

From the perspective of private users, the following registers are the most significant:

• Suomi.fi e-Authorisations’ authorisation register which stores data about mandates given by people in addition to personal identity codes.
• Suomi.fi Messages’ register of provision of consent relating to use of electronic services, which, in addition to personal identity codes, stores data regarding whether a person has given their consent to electronic notifications or selected paper notification by post. The electronic mail address given by a person and other selections are also stored in the consent register.
• Suomi.fi Messages’ messages register which stores sent and received messages and notifications.
• Suomi.fi services’ events data registers, which record event data. Event data means data about how the data in registers has been processed or how Suomi.fi services have been used. There is a need to store event data so that the Digital and Population Data Services Agency can confirm that transactions have taken place after the event. Event data collects personal identity codes as well as other personal data when there is a justification for it.

In addition, the Digital and Population Data Services Agency collects log data about the processing of data in the event data registers. Log data can be used to see who has processed what event data and when.

The Digital and Population Data Services Agency takes into account the requirements of data protection and data security when developing services, as well as when processing and disclosing data.

Officials at the Digital and Population Data Services Agency have only very restricted access to personal data. The processing procedure must always be justified by the official tasks concerned, i.e. personal data is only processed if it relates to a task being undertaken at the time.

In addition, a person can see the data that relates to them when they identify themselves on the system and use the services after having logged on.

Data material is encrypted for data security reasons and accessing it requires being granted user rights. There are other safeguards too. Manual material is located in locked facilities protected by access control. Personal data is not disclosed outside the EU/EEA area, nor is the data used for automated decision making or profiling.

Data that is stored in and processed by Suomi.fi services is used so that you can benefit from various electronic services.  

The data in Suomi.fi services is disclosed in Suomi.fi e-Identification, Suomi.fi e-Authorisations and in Suomi.fi Messages to those organisations that use the services. Disclosing the data makes it possible for you to access these organisations’ services or engage in transactions with them. Suomi.fi e-Identification enables you to use strong identification to access electronic services such as municipal day care services. Suomi.fi e-Authorisations enables you to engage in transactions with another person or, on behalf of your company, for example, with the electronic services of an organisation that uses Suomi.fi e-Authorisations such as the Social Insurance Institution’s (KELA) Kanta service.   

Organisations that use Suomi.fi Messages can send you messages through the services and they can also let you answer the messages and send messages to the organisations using the Suomi.fi Messages service. In addition, the Suomi.fi Web Service can disclose data if you ask to be able to see data in a register when you are carrying out a transaction on the Suomi.fi web pages. In this case, a check question is sent to the register and the data about you or, for example, about a company you represent is shown to you as the answer.   

Organisations can use Suomi.fi services in their own operations. Using Suomi.fi services and disclosing event data from Suomi.fi service's registers requires a user permit issued by the Digital and Population Data Services Agency. When issuing a user permit, the Digital and Population Data Services Agency makes checks on the use of the data and privacy protection and matters concerning data security. The Digital and Population Data Services Agency also monitors the use of Suomi.fi services.  

Data can also be disclosed under the provisions of the Act on Common Administrative e-Service Support Services or some other legal basis. This means in particular the processing of event data in error investigation situations, disclosure of event data in situations clarifying transactions for organisations that use Suomi.fi services, for private individuals that use Suomi.fi services or, for example, monitoring authorities.

The data subject has the right to request that the controller provides them with access to their personal data (so that the data subject can check the information that is kept on them in the personal data file).

You can examine some of the event data recorded about you by logging into Suomi.fi and selecting “Event data” from the menu. You can see your own log-ins and messages in events data. Among other things, you can see when you have logged into the web services, received a message or sent a message yourself.

I Suomi.fi på sidan Register ser du en sammanställning av registermyndigheternas viktigaste uppgifter om dig. På sidan Personuppgifter kan du kontrollera uppgifter som har sparats om dig i befolkningsdatasystemet. Du måste identifiera dig innan du kan kontrollera dina uppgifter.

In Suomi.fi you can see on the  Registers page a summary of the main data about you selected by the various register authorities. On the Personal data pageOpens in a new window. you can check all the data stored about you in the Population Information System.

With regard to other data, a data request should be sent in accordance with the Digital and Population Data Services Agency's instructions. You can find the instructions on submitting a request on the website Data protection at the Population Register CentreOpens in a new window..

With the Suomi.fi services, it is not possible to refuse to allow the processing of your data or its release to organisations that use the Suomi.fi services.

Suomi.fi e-identification and Suomi.fi Messages can be used to discharge public administration tasks that organisations in or linked to the public sector undertake. This means that if a company exceptionally has the possibility to use Suomi.fi e-identification or Suomi.fi Messages, it can use these services when carrying out tasks that are stipulated in law for example [Section 5 of the Act on Common Administrative e-Service Support Services (571/2016)].

Organisations, including companies that have joined the Suomi.fi web service, can make their registered data visible to other users logged in using strong identification. When you use the Suomi.fi web services, if you wish you can view data relating to you or, for example, your company by making them visible from the register you want to access.

Suomi.fi e-Authorisations can be used by people acting on behalf of companies as well as by public sector bodies. The service can be used by someone acting on behalf of another. Data is thus disclosed both to companies when you act as an employee of the company in question or when another person uses the service on your behalf.

In addition, organisations that use both Suomi.fi e-Authorisations and Suomi.fi web services have the right to process a person’s personal identity code [Sections 5 and 8 of the Act on Common Administrative e-Service Support Services (571/2016)].

Services and the channels used to access them are described in the Suomi.fi service information store and the Digital and Population Data Services Agency does not disclose personal data from private users of these services to organisations. The Digital and Population Data Services Agency does not disclose data to organisations through the Suomi.fi Single Digital Gateway either; the service enables the transfer of data between organisations so that organisations can also exchange personal data between themselves.

We use the Matomo Cloud tool to analyze service usage without cookies. More information on cookies

The Digital and Population Data Services Agency ensures the information security of Suomi.fi services in the manner required by law. Audits that apply to the services are carried out at regular intervals, and the organisations that use Suomi.fi services are expected to accept the Digital and Population Data Services Agency's terms and practices related to information security. Additionally, the Digital and Population Data Services Agency's own employees are trained in the secure development of services. 

To protect the data of its users, no embedding for social media (e.g. Facebook, Twitter) or video services that are located outside the European Economic Area (e.g. YouTube) have been built into the Suomi.fi online service. Suomi.fi video content is created using a secure Finnish service.

Do not forget your own responsibility

Using the online services is safe as long as you take care of the information security of the device you use and act responsibly: 

• Always have the firewall enabled in your computer. 
• Update the virus protection software in your computer regularly. 
• Store and use your identification media carefully. 

You will also be responsible for the costs and functioning of the hardware and software as well as the communication and data connections through which you use Suomi.fi service.