Go directly to contents.

Suomi.fi Messages privacy statement

Updated on 15 April 2026

Suomi.fi Messages is a secure messaging service developed by the Digital and Population Data Services Agency which enables a client organisation using Suomi.fi Messages to send electronic messages to a person or company using Suomi.fi Messages and to notify documents electronically. Some Suomi.fi Messages client organisations also receive messages sent by persons and companies via Suomi.fi Messages.

The Suomi.fi Messages client organisations that have enabled the printing, enveloping and distribution service (TKJ service) in Suomi.fi Messages can also send messages and notify documents by post via Suomi.fi Messages.

Suomi.fi Messages uses other Suomi.fi services as follows:

  • The Suomi.fi Web Service serves as the browser interface for Suomi.fi Messages.
  • The Suomi.fi mobile application serves as the mobile interface for Suomi.fi Messages.
  • Using Suomi.fi Messages in the Suomi.fi Web Service always requires strong identification with Suomi.fi e-Identification. The Suomi.fi mobile application requires strong identification with Suomi.fi e-Identification at regular intervals.
  • Suomi.fi e-Authorizations is used to grant the right to use the service on behalf of the authorizer.

Suomi.fi Messages is used in an environment provided by Government ICT Centre Valtori, and Valtori provides user support for the environment. Posti Messaging Oy provides the TKJ service in Suomi.fi Messages.

For more information on Suomi.fi Messages, see the Suomi.fi Web Service for persons and companies using the service at www.suomi.fiOpens in a new window. and the Suomi.fi for Service Developers website for client organisations at kehittajille.suomi.fiOpens in a new window..

1. Controller and contact persons

Digital and Population Data Services Agency 

Lintulahdenkuja 2, FI-00530 Helsinki 

PO Box 123, 00531 Helsinki, Finland

Telephone (switchboard): +358 295 536 000

Email: kirjaamo@dvv.fi

Contact person in register-related matters

Maria Juka-Lahdenperä, Chief Specialist

Lintulahdenkuja 2, 00530 Helsinki, Finland

Telephone (switchboard): +358 295 536 000

Email: kirjaamo@dvv.fi

2. Data Protection Officer

Telephone (switchboard): +358 295 536 000

Email: tietosuoja@dvv.fi

3. Purpose and legal basis for processing personal data

The Act on Common Administrative E-Service Support Services (Support Services Act 571/2016) contains provisions on Suomi.fi Messages and the production and development of the service. The processing of personal data in Suomi.fi Messages is therefore based on compliance with the Digital and Population Data Services Agency's statutory obligation.

When processing data for statistical purposes or for determining the extent of use of Suomi.fi Messages and related costs, the processing of personal data is based on the performance of a task carried out in the public interest. When data is used for statistical purposes, the data is collected and published in such a way that individual persons (or companies) cannot be identified.

4. Personal data retention period

The Digital and Population Data Services Agency has set the retention periods of the data in the Suomi.fi Messages register on the basis of the Support Services Act (sections 12.2, 13.3), data protection legislation, the Act on Information Management in Public Administration and other legislation.

The Digital and Population Data Services Agency currently retains the data in the Suomi.fi Messages register as follows:

  • Received and sent electronic messages are retained for two (2) years. A person or company using Suomi.fi Messages can delete messages they have received or sent. The messages deleted by the user are moved to the Deleted folder, where they are stored for 60 days. The messages are removed from the register after this period.
  • Messages relayed to paper mail via Suomi.fi Messages and the information needed for relaying said messages are retained for six (6) months. The messages are destroyed and the information used to relay the messages is anonymised after the retention period has ended.
  • Event data (i.e. log data) is retained for five (5) years from the beginning of the calendar year following the event, but in certain situations the retention period may be shorter. The data will be deleted from the register and destroyed automatically after the retention period ends.
  • Other than the abovementioned, data in the Suomi.fi Messages register is retained for ten (10) years after a mailbox has been closed.

5. Personal data to be processed

The following personal data of a person who has activated Suomi.fi Messages is stored in the register:

  • personal identity code
  • death data
  • information on a person having consented to electronic notifications (persons may also withdraw their consent to electronic notifications and thus select paper mailing)
  • the email address a person has given
  • the notification language selected by a person: Finnish/Swedish/English
  • received messages as well as their unique identifiers and metadata
  • sent notifications and the send times of notifications
  • the messages that a person has sent to a client organisation as well as their unique identifiers, metadata and the name data of the sender
  • event data and event data time stamps
  • time of the latest request to download messages
  • information about verifying the primary email address for the mailbox.

Event data (log data) on the use of the service is recorded. Event data includes the data recorded on the processing activities performed by the Digital and Population Data Services Agency and the client organisations and the measures targeted at the register. In addition, event data on a person’s activities is recorded when they use Suomi.fi Messages.

When a person identifies themselves, Suomi.fi e-Identification forwards the person’s name from the Population Information System to be displayed in the browser interface (Suomi.fi Web Service). In addition, Suomi.fi Messages uses the personal identity code to query the Register of Guardianship Affairs on whether there is a valid guardianship or power continuing of attorney in the Register of Guardianship Affairs.

The following personal data on a person who acts on behalf of another person or company in Suomi.fi Messages is stored in the register:

  • personal identity code of the person acting on behalf of another party
  • email address of the person acting on behalf of another party
  • the name data of the person acting on behalf of another party in connection with messages they have sent to client organisations
  • event data plus time stamps for the actions taken by a person acting on behalf of a party in the Suomi.fi Messages mailbox belonging to the party on whose behalf actions are being taken
  • data regarding the validity of right to act on behalf of another party at a given point in time.

Other personal data related to acting on behalf of another person is recorded in the Digital and Population Data Services Agency’s Suomi.fi e-Authorizations service and in a centralised log file.

The following is also stored in the register for a person who is using the Suomi.fi mobile application:

  • push notifications sent for incoming messages and the push notification send times
  • device model
  • unique login code.

The person’s name, cached attachments, PIN code and application language setting are stored on the device itself.

Users can also identify themselves to the Suomi.fi mobile application with the biometric identification methods on their device, but this data is not stored in the Suomi.fi Messages register. The identification data is only retained on the user’s device.

For a person who has not activated Suomi.fi Messages, whose personal identity code is known to the client organisation and to whom the client organisation sends a message via the TKJ service, the following is stored in the register:

  • personal identity code
  • address details
  • received messages as well as their unique identifiers, metadata and the name data of the receiver.

In exceptional cases, it is also possible for a client organisation to send messages to a person via the Suomi.fi Messages TKJ service in a way that no personal data is stored in the Suomi.fi Messages register.

Personal data processed for companies

As a rule, company data stored in the Suomi.fi Messages register is not personal data subject to data protection. However, messages sent by a client organisation to a company and messages sent by a company to a client organisation may contain personal data. Messages sent to a company via the TKJ service, and the details of those messages, are processed in the same way as in the case of persons.

Processing special categories of personal data and information on criminal convictions and offences

Messages going through Suomi.fi Messages may contain information belonging to special categories of personal data as well as information on criminal convictions or violations. As the service provider of Suomi.fi Messages, the Digital and Population Data Services Agency is not a party to electronic communications, and as a rule, the Digital and Population Data Services Agency does not have the right to read the messages received or sent by persons or companies in the service. Suomi.fi Messages’ client organisations act as controllers for the content of the messages they send. Suomi.fi Messages only serves as a messaging platform for messages sent by client organisations.

Information on a valid guardianship or continuing power of attorney in the Register of Guardianship Affairs is data that reveals information about a person’s health. Data from the Register of Guardianship Affairs is not stored in the Suomi.fi Messages registers.

6. Standard sources of data

Data sources of the Suomi.fi Messages register include

  • activities of a person or company using Suomi.fi Messages and persons acting on the behalf of such in the service (consent to electronic notification, language selection, email address, messages sent by the user, event data, information on when messages were downloaded, verification of the primary email address and information concerning mobile devices)
  • Suomi.fi e-Identification (relays the personal identity code and name from the Population Information System)
  • Population Information System (the death data of persons using Suomi.fi Messages is retrieved with a separate query)
  • Register of Guardianship Affairs (information on a person’s valid guardianship or continuing power of attorney)
  • client organisations (personal identity code or business ID, messages, notifications, address details, name data and event data)
  • the Digital and Population Data Services Agency (editing the settings of persons and companies using Suomi.fi Messages, event data).

When a person identifies themselves, Suomi.fi e-Identification makes a query to the Suomi.fi Messages register using the person’s personal identity code to check whether they have given consent for electronic notifications. In addition, the Suomi.fi Messages user register uses the personal identity code to query the Register of Guardianship Affairs on whether there is a valid guardianship or power continuing of attorney in the Register of Guardianship Affairs. If consent has not been given, Suomi.fi e-Identification displays an identification prompt if the person is of age and does not have a valid guardianship or continuing power of attorney entered in the Register of Guardianship Affairs.

7. Disclosure of data

When providing the service, the Digital and Population Data Services Agency has the right to disclose to the client organisation the information that is necessary for delivering notifications from the Suomi.fi Messages register and the information that is necessary for verifying notifications made via Suomi.fi Messages.

When a person or company responds to a received message or starts communication with a client organisation, the Digital and Population Data Services Agency relays the client organisation the message, the sender's personal identity code or business ID, the name of the principal and, if applicable, the name of the party acting on their behalf. The message may also contain personal data.

In addition, the Digital and Population Data Services Agency may disclose data stored in the register on the use of Suomi.fi Messages to a client organisation whose data has been stored in connection with the use of an e-service or other services or which has been a party to communications relayed via Suomi.fi Messages if the client organisation needs data

  • to ensure and improve the functioning of its e-service
  • to ensure the information security of its e-service or to investigate information security incidents
  • to prove the validity of data processing in connection with service use or
  • to investigate problems concerning service use in some other way.

As a rule, the Digital and Population Data Services Agency may also disclose information retained on the use of Suomi.fi Messages

  • to a person or company on whose use of the support service or other services the information has been recorded
  • to a person or a company on whose behalf someone has used the support service or used the service otherwise
  • for another identified purpose where the person or company on whose use of the support service or other services the information has been recorded has given their express consent to this.

The Digital and Population Data Services Agency may also disclose data as statistics in a way that an individual person (or company) cannot be identified.

The Digital and Population Data Services Agency may also disclose data on other legal grounds.

8. Transferring data outside the EU or the EEA

No personal data is transferred outside the EU or the EEA or to international organisations.

9. Automated decision-making

No personal data is used for automated decision-making.

10. Data subject’s rights

Right of inspection

You can view the data stored in the Suomi.fi Messages register by identifying yourself in Suomi.fi Messages. In the service, you can for example check the choice of consent for electronic notification, the language choice for the service, email address, received and sent messages, and information about the Suomi.fi mobile application.

If you cannot check your information via electronic services, you can send a request for an inspection to the Digital and Population Data Services Agency’s registry at kirjaamo@dvv.fi. Be prepared to provide proof of identity.

Right to revision

By identifying yourself in Suomi.fi Messages, you can change the information stored in the Suomi.fi Messages register about you, such as the validity of your consent for electronic notification, your language selection for the service and the email address you use in the service. The right of a person acting on behalf of another person in Suomi.fi Messages is determined on the basis of the granted mandate.

You have the right to correct your personal data if you notice that it contains inaccurate or incorrect information. The request for corrections must be submitted in writing to the contact person of the registry. In your request, you must specify which information should be corrected and what changes or additions should be made. Be prepared to provide proof of identity.

Please note that, for the data relayed from the Population Information System, rectification of incorrect data must be requested from the contact person of the Population Information System (see the privacy statement of the Population Information System at https://dvv.fi/en/pis-privacy-statementOpens in a new window.).

With regard to the data transmitted from the Register of Guardianship Affairs (valid guardianship or continuing power of attorney), corrections must be requested from the contact person of the Register of Guardianship Affairs (see the privacy statement of the Register of Guardianship Affairs at https://dvv.fi/en/privacy-statement-of-the-register-of-guardianship-affairsOpens in a new window.).

Event data (i.e. log data) generated in connection with the use of Suomi.fi Messages cannot be changed afterwards.

If there is an error in a message sent to Suomi.fi Messages by a client organisation, the rectification of the information must be requested from the client organisation in question. 

Limitations to the rights of the data subject

The processing of personal data in the Suomi.fi Messages service is based on compliance with the controller’s statutory obligation, on the performance of a duty of public interest and the exercise of public authority. In such cases, you do not have the right to demand that your personal data should be deleted or transferred to another system. Moreover, as a rule, you do not have the right to object to the processing of your personal data.

11. Right to submit a complaint to the supervisory authority

If you think that your personal data is processed unlawfully, you can submit a complaint to the Office of the Data Protection Ombudsman.

Office of the Data Protection Ombudsman

Street address: Lintulahdenkuja 4, 00530 Helsinki, Finland

Postal address: PO Box 800, 00531 Helsinki, Finland

Email: tietosuoja@om.fi

Switchboard: +358 29 566 6700

Registry: +358 29 566 6768

For more information on submitting a complaint, see the website of the Office of the Data Protection Ombudsman.Opens in a new window. 

12. Other information

The privacy statements concerning Suomi.fi Messages, Suomi.fi Web Service, Suomi.fi e-Identification and Suomi.fi e-Authorizations are available in the Suomi.fi Web Service at www.suomi.fiOpens in a new window. and in the the Digital and Population Data Services Agency registry.

For client organisations that use Suomi.fi Messages, the processing of personal data is described in the privacy statements published by said client organisations. 

You can check the client organisations using Suomi.fi Messages in the Suomi.fi Web Service. 

Read more about the Digital and Population Data Agency’s general data protection information.Opens in a new window.