Certificate information system
Certificate information system is an IT system in which a certification authority creates certificates and where revocation lists of revoked certificates are signed. The certificate information system consists of a directory of valid certificates, advisory service, certificate revocation service, certificate revocation list service, seal service, timestamp service and a validation service. Certificates and smart cards are managed in the certificate information system.
Your data can be found in this register if you have been granted a citizen, organisation or social welfare and healthcare certificate for e-services, you have joined the timestamping service or if you have applied for a seal certificate or a seal service interface certificate for your organisation. Your data can also be processed in this register on a temporary basis if a document containing personal data is sent to the validation service or the seal service. The personal data contained in the documents sent to the validation service or the seal service will only be processed during the validation or sealing and they are not stored in the service.
Digital and Population Data Services Agency
Lintulahdenkuja 2, 00530 Helsinki
PO Box 123, 00531 Helsinki, Finland
Telephone (switchboard) +358 (0)2 9553 6000,
Email [email protected]
Contact person in register-related matters
Jaripekka Turtiainen, Business Owner, Senior Advisor
Lintulahdenkuja 2, 00530 Helsinki
Telephone (switchboard) +358 (0)2 9553 6000,
Email [email protected]
Telephone (switchboard) +358 2 9553 6000, tietosuoja(a)dvv.fi
The Digital and Population Data Services Agency provides nationwide certified electronic services and performances. The services and performances are intended to enable, implement and safeguard the functions and information management of society and the rights and obligations of its members. Personal data is processed to produce, distribute and manage certificates and certificate cards, to validate the electronic signatures contained in the documents sent to the validation service, to seal the documents sent to the seal service and to open a connection to the timestamping service.
The personal data contained in the Certificate Information System are processed on the basis of Article 6 of the EU General Data Protection Regulation. Personal data is processed as part of the provision of statutory services by the Digital and Population Data Services Agency. The certificate information system is also used to process personal data under Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, under Regulation (EU) 2024/1183 of the European Parliament and of the Council amending Regulation (EU) No 910/2014 as regards establishing the European Digital Identity Framework, under section 6 of the Act on Strong Electronic Identification and Electronic Trust Services (617/2009), and under section 6 of the Act on the Population Information System and Certificate Services provided by the Digital and Population Data Services Agency (661/2009).
The Digital and Population Data Services Agency maintains a certificate register on the personal certificates it has granted. Certificate register data will be kept on file for 5 years after certificate expiry. For the timestamping service, the processed data (IP-adress and organisation name) will be kept for 5 years from the end of the timestamping service contract.
Following information is saved in the register:
-
Personal identity code, names and home address of the certificate holder/applicant
-
Name of organisation applying for seal certificate
-
Personal data on system users as follows: name, personal identity code, email
-
The certificate holder’s unique identifier and registration number
-
Certificate holder’s unique identifier
-
Certificate serial number
-
Purpose of the certificate
-
Other necessary technical data related to the use of the certificate
-
Certificate period of validity
-
Information on the calculation method used in the creation of the public key for the certificate holder
-
Name of the person who granted the certificate
-
Revocation list, certificate directory, data contained on the registration forms, facial image of the applicant, personal and contact details given on the client contracts
-
IP address for the organisation joining the timestamping service
Information is obtained from the following sources:
- Persons sending a contract
- Certificate applicants
- System users
- Population Information System
- Central registers of social welfare and healthcare professionals
- Client organisations for organisation cards and seal service
- Certificate services of the Digital and Population Data Services Agency
- Certificate card producers
Certificate card producers are provided with the information needed for producing cards once a day. As a rule, no information is disclosed to third parties.
The public information on the certificates contained in the certificate information system’s certificate directory is published on the internet in the public certificate directory of the Digital and Population Data Services Agency.
No data is transferred outside the European Union or the European Economic Area.
The data is protected by means of access control and can only be accessed from within the government network. Personal data is also protected by physical access control, access control and guidelines for the processing of personal data. The data is protected in the register by commonly used methods (e.g. passwords, firewall, regular updates of the server).
Decisions on applications submitted in the electronic OmaKortti service (renewals of organisation certificates and social welfare and healthcare professional certificates) are made on an automated basis. Automated decision-making is based on chapter 8b of the Administrative Procedure Act (434/2003). If the decision on your application is made on an automated basis, this is stated in the decision or client information made available to you (if the decision has been made available to your employer organisation). More information on the option of automated decision-making is also available in the electronic OmaKortti service and on the website of the Digital and Population Data Services Agency (The information is in Finnish).
If you submit your application outside the electronic OmaKortti service, the decision on your application will not be made on an automated basis.
The Digital and Population Data Services Agency grants the citizen certificate for a personal identity card issued by the police or a Finnish mission abroad. The application for a personal identity card must be submitted in the police e-service, police licence services or in a Finnish mission abroad (diplomatic and consular missions). The application for the citizen certificate granted by the Digital and Population Data Services Agency must be submitted in connection with the application for the personal identity card. The Digital and Population Data Services Agency processes the applications for citizen certificates on an automated basis. Automated decision-making is based on chapter 8b of the Administrative Procedure Act (434/2003). No administrative decision is issued in connection with the issuing of the personal identity card containing a citizen certificate. Details of the automated decision concerning your citizen certificate application are provided in the client information sent to you. More information on the option of automated decision-making is also available on the website of the Digital and Population Data Services Agency (The information is in Finnish).
Right of inspection
You have the right to request that the controller provides you with access to your personal data The request can be submitted in writing to Digital and Population Data Services. registry office. Please be ready to prove your identity. The data stored in the register (organisational and social and healthcare certificate holders' data) can also be checked in an electronic service (OmaKortti, https://omakortti.dvv.fi/?culture=fi-FI), which is accessed by logging in with the help of Suomi.fi-identification.
You will receive the information you need within one month. If, for justified reasons, it is not possible to provide the information within this period, the Digital and Population Da-ta Services Agency may extend the deadline by up to 2 months. In this case, you will be notified.
Right to demand data correction
You have the right to request for your personal data to be corrected. Make the request in writing to the contact person of the register (please see section Controller and contact persons). In the correction request, you must indicate the information to be corrected and the exact change or information to be added to the record. Your identity will be verified at the time of the request.
If the Population Information System has been the source for personal data and the data in question is incorrect, the request for the correction of personal data must be submitted to the Population Information System.
Restrictions to the data subject’s rights in relation to personal data processing
Most of the services provided by the Digital and Population Data Services Agency are based on compliance with the controller’s statutory obligation, on the performance of a duty of public interest or the exercise of public authority. In such cases, you do not have the right to request the deletion of your data or its transfer to another system, and , as a rule, you cannot object to the processing of your personal data.
Consent-based processing of personal data
Processing of personal data is based on consent to the extent that it involves the publication of the certificate data in the public certificate directory of the Digital and Population Data Services Agency. Publication of the data with the consent of the data subject is based on Article 24(2)(f) of the eIDAS directive (910/2014): A qualified trust service provider providing qualified trust services shall use trustworthy systems to store data provided to it, in a verifiable form so that they are publicly available for retrieval only where the consent of the person to whom the data relates has been obtained. The data subject is requested to give their consent in connection with the certificate application.
If you think that your personal data is processed unlawfully, you can submit a complaint to the Office of the Data Protection Ombudsman.
Office of the Data Protection Ombudsman
Street address Lintulahdenkuja 4, 00530 Helsinki
Postal address PO Box 800, 00531 Helsinki, Finland
Email tietosuoja(at)om.fi
Telephone (switchboard) +358 (0)29 566 6700
Registry +358 (0)29 566 6768
For more information on submitting a complaint, see the website of the Office of the Data Protection Ombudsman at https://tietosuoja.fi/.
- Individuals
- Processing times
- Marriage
- Having or adopting a child
- Names
- Moving
- Guardianship
- Life changes while living abroad
- Moving while living abroad
- Registration of a child born abroad
- Marriage concluded abroad
- Partnership registered abroad
- Divorce granted abroad
- Registration of a name change performed abroad
- Gender recognised abroad
- Death abroad
- Registration of citizenship
- Notification of retaining Finnish citizenship
- Legalisation of foreign documents
- Submitting foreign documents
- As a foreigner in Finland
- Registration of a foreigner
- Guide for students
- Municipality of residence
- Family relationships and Marital Status
- Instructions on arriving in Finland from Ukraine
- Guide for employed persons
- Fast track service for specialists and growth entrepreneurs
- Instructions for legalisation
- Submitting foreign documents
- Foreigner’s move to Finland, in Finland and out of Finland
- Check your own personal details
- Elections and Right to vote
- Suomi.fi Web Service
- Citizen Certificate and electronic identity
- Certificates from the Population Information System
- Population information in the Population Information System
- Registration of a gift notification
- Services of notary public
- Certification of purchase
- Citizens’ initiative
- Death and estate inventory
- Public Service Info
- Address service
- Forms
- Digital support for citizens
- Organisations
- Certificates
- For social welfare and healthcare service providers
- For organisations
- Electronic sealing service
- Timestamping Service
- Electronic signature
- Service certificates
- Advisory service, support and revocation service
- Certificate Directory
- Test the use of a certificate
- Card Reader Software
- Information about certificates
- Population information services for organisations
- Public administration sampling and updating service
- Private sector information services
- PIS modified data interface
- Modified data update service
- Population Information System query interface
- Browser-based Population Information System query
- Resident sampling services for property management offices and maintenance companies
- Data extraction for municipalities
- Reform of personal identity code
- Conditions for using population information
- Maintaining the Population Information System
- Extracts from registers
- Suomi.fi services
- Services to promote digitalisation
- Digital support
- Digital security services
- Services of notary public
- Certification of purchase
- Right to officiate weddings
- E-services
- Finnish Authenticator identification service
- Certificates
- About the agency
- Digital and Population Data Services Agency
- Digital and Population Data Services Agency as an Employer
- Use our services electronically
- Contact
- Customer service for private customers
- Customer service for organisations
- Service locations
- Digital and Population Data Services Agency address, switchboard e-billing details
- Digital and Population Data Services Agency Management
- Marriage ceremony premises information
- Contact details for media
- International Affairs
- Invoicing
- Quality policy
- Equality plan for customers
- Data protection
- News
- Population Information System
- For media
- Brochures and publications
- Projects
- Foresight and research cooperation