Privacy policy: Safety repository

1 Registrar/controller
Vantaa Energy Group
Vantaan Energia Oy (“Vantaa Energy”)
Business (VAT) ID: FI01244613
Mailing address: PO Box 95, 01301 Vantaa, Finland
Telephone: +358 9 829 01
Online service: www.vantaanenergia.fi/en

Vantaan Energia Sähköverkot Oy (“Vantaa Energy Electricity Networks”)
Business (VAT) ID: FI20384080
Mailing address: PO Box 95, 01301 Vantaa, Finland
Telephone: +358 9 829 01
Online Service: www.vantaanenergiasahkoverkot.fi/

2 Person responsible for the register
Erkki Yrjölä
erkki.yrjola@vantaanenergia.fi
Mailing address: PO Box 95, 01301 Vantaa, Finland
Street address: Peltolantie 27, 01300 Vantaa, Finland

3 Data Protection Officer
Heidi Itkonen
Mailing address: PO Box 95, 01301 Vantaa, Finland
Street address: Peltolantie 27, 01300 Vantaa, Finland

4 Data security inquiries
https://tietopalvelu.vantaanenergia.fi/turvallisuusrekisterilomake

5 Title of the register
Vantaa Energy Group’s safety repository

6 The purpose and legal basis of processing personal information
The purpose of processing personal information is to protect property and prevent crime, disruption, harassment and unacceptable conduct, as well as to help solve and prove occurred crime, disruption, harassment and unacceptable conduct or other situation causing danger or a threat. In addition, the purpose is to ensure the delivery processes of energy products and to increase occupational safety. Personal information is also processed to comply with obligations related to applicable laws and official orders and guidelines. In addition, the personal information of the registrants may be processed due to self-monitoring or complaints.

Processing is necessary in order to pursue the legitimate interests and obligations of Vantaa Energia Group.

7 Information included in the register/data file
Footage of a person’s routes in Vantaa Energy’s premises and yard from the surveillance camera system included in the self-monitoring system and data produced by other systems.

Vantaa Energy collects this information as the user in charge of the premises in order to prevent crime against its personnel, property and customers and to specify liabilities if damages occur. Thanks to this information, Vantaa Energy is able to ensure personal safety, property and order maintenance, and calling to account those who cause damages. Information is collected only for the items necessary for administration and management. This information is used to maintain the property and order and calling to account those who cause damages:

  • basic information of the registered person (including names, date of birth, social security number, company);
  • contact information (including address, telephone number and email address);
  • information about contact persons in a company (including employer and professional status);
  • surveillance camera footage (including photos and video material and vehicle license numbers);
  • access control data;
  • access permission information;
  • security clearance result.

8 Regular sources of data
Information about the registrant is regularly received from the following sources:

  • Vantaa Energy’s surveillance cameras indicated by signs or labels;
  • Vantaa Energy’s access control systems;
  • Vantaa Energy’s timesheet monitoring systems;
  • personal “VAP” (released from military service) reservations applied from and confirmed by the Finnish Defence Forces;
  • connected to self-monitoring;
  • from the registrant.
  • Personal information may be collected and updated from authorities and other third parties within the limits of applicable laws for the purposes described in this privacy policy.

9 Regular disclosure of information
In principle, personal information is not disclosed outside the Group. However, if a crime is suspected, information will be disclosed to the police within the limits of current legislation, and to authorities, for example, within the limits of and according to current legislation, official orders, and industry associations’ guidelines. In contract disputes, information about the access-control and electronic key systems may be disclosed to the contract partner.

10 Data retention period
Information is retained only as long as is necessary for the purposes described in this privacy policy. After this, the data is removed, except if the rights and obligations given by law or by a mutual contract require that we retain the information.

In principle, retention times are the following:

  • Access control system information is retained for 400 days.
  • Timesheet information is retained for circa 5 years.
  • Electronic key system Abloy Cliq’s register is retained for as long as the person has the right to use the key.
  • Security clearance is removed after the person has passed the trial period, after which the person is removed from the monitoring register. The person’s information is removed also if employment or contract is terminated before the end of trial period.
  • The information saved by the camera surveillance system is automatically retained for as long as is necessary to serve the purpose of surveillance, however for 30 days at maximum. For a specific reason (such as major catastrophe or occupational accident), the records may be retained longer; however, for one year (1) at maximum. These records are entered manually.
  • Personal “VAP” (released from military service) reservations are retained until there is a new VAP person-register to replace a previous reservation list.
  • All information is removed by deleting the materials.

11 Data transfer outside the EU or the EEA
Vantaa Energy does not transfer information to other than the countries of the European Union (EU) and the European Economic Area (EEA).

12 Principles of register/data file protection
Personal information is protected by reasonable means generally approved for the industry, including access control, training, firewalls and passwords. Only persons appointed to the task are allowed to process the databases.

A digital database (on a hard drive of a computer or similar) is protected with a password. Each authorized processor is given a unique password the use of which can be controlled.

The users of the databases are obliged to maintain professional secrecy.

13 Right of inspection, prohibition and rectification
Based on the GDPR, the registrant has the right to inspect their personal information recorded. A digital request to inspect can be submitted via a digital form at https://tietopalvelu.vantaanenergia.fi/turvallisuusrekisterilomake.

The request can also be submitted in person at the registrar after proving the registrant’s identity. If the registrant uses their right of inspection more than once per year, Vantaa Energy is allowed to charge a reasonable fee for their service.

Based on the GDPR, each registrant has the right to inspect their personal information, including audiovisual material recorded by a surveillance system, for example. The registrar must be presented with a request to inspect including place and time of the recording. The registrar must react to the request to inspect within one (1) month. Only the recordings of the requesting person can be shown to them if they are included in the material.

Based on the GDPR, the registrant has the right to require that Vantaa Energy rectify, remove, or amend any personal information included in the register that is incorrect, unnecessary, faulty or outdated for the purposes of data processing.

Personal information is not disclosed without the consent of the registrant to direct marketing, market or opinion surveys, lists of professionals, or genealogical research.

Based on the GDPR, the registrant also has the right to restrict the processing and transfer of their personal information to another registrar.

14 Filing a complaint to the supervisory authority
If the registrant thinks that the processing of their personal information violates the applicable laws or that their legal rights have been violated, they can file a complaint to the Data Protection Ombudsman whose contact information is available at www.tietosuoja.fi/en.