Processing of personal data by Workers' compensation centre
On what basis and for what purpose do we process personal data?
We process personal data when handling the tasks assigned to Finnish Workers' Compensation Centre under the Workers' Compensation Act. These tasks include, but are not limited to
- claim processing
- supervision of the insurance obligation
- maintenance of the register of occupational accidents and diseases
- investigation of accidents at work
- issuing statements by the Employment Accidents Compensation Board to insurance institutions.
Information from the register of occupational accidents and diseases enables the formulation of statistics and various reports and studies.
Personal data is also processed with regard to the administration of Finnish Workers' Compensation Centre and its contacts with clients. Such data includes contact information, often with the related names and e-mail addresses.
What personal data do we process?
We process personal data in the following categories
- personal data, such as names and personal identification numbers, used to individualise and identify a person
- contact information, such as the address, e-mail address, and phone number
- when handling claims, the details of the employment relationship, such as salary; as well as health information, such as medical records drawn up by doctor and medical reports
- information needed for statistics and surveys on occupational accidents and occupational diseases, and the compensation paid for them.
We only process the data needed for each task.
What are our sources of personal data?
We obtain personal data directly from you when you seek compensation from Finnish Workers’ Compensation Centre. Data for the register of occupational accidents and diseases is obtained from insurance institutions.
We also receive data from authorities such as the Finnish Centre for Pensions and the Finnish Tax Administration. We also receive information from the Population Register Centre for address updates.
We receive health information from the medical establishments in which you have been treated. We receive information about employment relationships directly from your employer.
How long do we retain personal data?
The Worker's Compensation Act includes provisions on the retention periods of documents. For example, data on claim processing must be kept for 100 years after the institution of the claim. Wherever the retention period for personal data is not provided by law, we will only retain the data for as long as required by its use.
To whom is personal data disclosed?
We disclose personal data only when such disclosure is based on consent or legal provisions.
If necessary, we will disclose data to parties such as the Finnish Tax Administration, the Social Insurance Institution of Finland (Kela), an employment pension insurance institution, the Finnish Centre for Pensions, an unemployment fund, a transport or liability insurance company, and an enforcement authority.
In addition, we disclose data to appeal bodies under occupational accident legislation and to the Employment Accidents Compensation Board. With regard to rehabilitation referrals, data is disclosed to the rehabilitation service.
Is personal data transferred or processed outside the EU/EEA?
We do not transfer personal data outside the EU/EEA and it is not processed outside these territories.
Are automated decisions or profiling performed on the basis of personal data?
We do not use the personal data in our possession for profiling. In addition, Finnish Workers' Compensation Centre does not make automated decisions.
How do we process personal data?
When we process personal data, we comply with the legislation in force, data protection authorities' guidelines and good data handling practices. Careful and cautious handling of personal data is important to us.
In every case, we ensure that our processing of personal data has a lawful basis.
We use personal usernames and passwords to ensure that your personal data is only processed by those with permission to do so. Each person may only deal with the data that he/she needs in order to perform his/her work.
Personal data is confidential and the employees who process its have signed a confidentiality agreement.
We train, and draw up guidelines for, those of our personnel who process personal data. We immediately intervene in cases of abuse.
Electronic personal data is isolated from public communications networks by firewalls. We do not send personal data by unsecured email. Personal data printed on paper is kept in locked premises.
We also ensure that personal data is handled in compliance with the law when we use subcontractors. Subcontractors may only process your data in accordance with the instructions we issue. They have no right to use your data for their own purposes, such as direct marketing. On the basis of contracts with subcontractors, we ensure that personal data is always handled with due care and in compliance with good processing practices.
How can I learn more about the processing of my personal data? What rights do I have with regard to the processing of personal data and how can I exercise them?
The EU's General Data Protection Regulation defines the rights of data subjects with respect to the processing of personal data. Such rights depend on the purpose for which the personal data is processed in each case. In almost every case, a person has the right to know whether or not his or her data is being processed, and what personal data is processed about him or her. The data subject also has the right to demand the rectification of any incorrect or incomplete data. On the other hand, where personal data is processed to comply with a statutory obligation, the data subject is not entitled to forbid its processing or require its erasure, and does not have the right to have it transferred electronically to another system.
If you have any questions about your privacy or how your personal data is processed by Finnish Workers' Compensation Centre, please contact us by sending an email to firstname.lastname@example.org. Our data protection officer will handle and respond to your message.
The Data Protection Ombudsman publishes guidelines and information, on its website, about the processing of personal data. You can also contact the Data Protection Ombudsman if you suspect that personal data has been processed unlawfully.