Sorry, you need to enable JavaScript to visit this website.
Skip to main content

Data security

Privacy policy

The personal register of the Service manual online service is created from the user data of the people who use the service as registered users. The purpose of processing personal data is user management of the system and the electronic communication related to the use of the system. Registered are the personnel of employment services and users of different municipalities and service organizing organizations as content producers of the service information.

Handling of personal data

User management of the service manual and processing of personal data in general

  • A personal user account is created for each user of the Service Manual. E-mail address of the user works as their username and their personal password is set when registering the user account. ​
  • New users are added to the Service Manual by the service administrator or main user of the organisation. When a new user is invited to the system, he is assigned a home organization and a user role (main user, editor, expert). ​
  • Administration and main users can add and remove users and manage users' organizational information and access rights. Each organization defines its own internal process for adding new users.​
  • The user role determines a person's access rights in the system, i.e. what information and actions can be seen or done in the service. The administration can change the roles of the users without consideration, if an error is detected. ​
  • User accounts are automatically deactivated after 4 months of inactivated and deleted after 6 months if not reactivated by the main user. 
  • Users have been informed about the processing of personal data and the basis of the processing.
  • User data from the system is not delivered outside the system (no data transfer). Events are recorded in logs. ​

Personal data to be processed

The system processes users' name and contact information for database user management and system communication. ​

The mandatory data processed are: the person's e-mail address and home organization. Voluntary personal data are: the person's first and last name, and work title. 

System users include: administrator users, employment service experts, and content producers from municipalities and service provider organizations. ​

Note! The system does not process customer data or other comparable sensitive personal data.​​

Data storage periods and location

  • Expert users have the right to use the system while the employment relationship is valid. Content producers manage their own user data. The user's data and user account are deactivated after 4 months of inactivity. ​
  • The retention period of user data is based on processing the data of active users and the activity check takes place in 4-month cycles. The main user of the organization can restore the user account 2 months after the deactivation, if the deactivation was incorrect. The accounts are deleted after 6 months, after which a new account must be created for the user.​
  • Information is managed through the management views of the Service Manual user interface. The server is the City of Helsinki's Azure Redhat OpenShift (Platta) environment, which is a SaaS cloud service supported by IBM/Kyndryl. ​

Note! Regarding the location of personal data, a decision of the head of the chancellery has been made on 12 October 2022 (HEL 2022-012014 T 00 01 01), according to which public personal data according to the Publicity Act may be transferred outside the EU/EEA area and a country approved by the European Commission, if the agreement regarding the transfer has been accompanied by documents approved by the European Commission regular expressions. ​

Personal data protection measures

  • Personal data is protected in the system with different levels of user and access rights management, user training and the collection of user logs. ​
  • Users register and log in to the system with system-specific personal credentials (username and password). ​
  • The solution is not critical to information security and the processed personal data is not classified as confidential.

Privacy policy statement can be found on its own page.