The data is processed for the management of the Digital and Population Data Services Agency’s financial transactions and accounting and for the monitoring of sales statistics.
The personal data contained in the point-of-sale system is processed on the basis of Article 6 of the EU’s Gen-eral Data Protection Regulation. Personal data is processed as part of the provision of the Digital and Popula-tion Data Services Agency’s statutory services.
According to the archive compilation plan, personal data is retained for one, six or ten years.
The following information is recorded in the register:
Information on bans on sales
In addition to the information mentioned above, the register data contents consist of the following:
Account statement and giro reference transactions
In connection with issuing an invoice, the information is received from private persons, companies and commu-nities. Point-of-sale transactions: receipts, invoices, remittances and account statements and giro references collected from banks.
The register data is public, excluding the bank details for Local Register Offices stored in the data system, and the customer bank card data. A permission to disclose data by means of a technical connection may be granted to state or municipal authorities, communities or own-account workers who constantly require register data for an acceptable purpose in their operations.
From the Vakava Point-of-sale system, customer data is also transferred to a customer register maintained by Palkeet.
No personal data is transferred outside the EU or the EEA.
The data material has been protected by means of access management and it can be accessed only from the internal network of the central government. In addition, personal data is protected by means of physical access control, by monitoring the use of personal data and through instructions provided for the processing of personal data.
No automated decision-making or profiling is performed on the basis of the data.
Right of inspection
You have the right to request that the controller provides you with access to the data on you, so that you can check the information that is kept on you. The request must be submitted in writing to Digital and Population Data Services Agency’s registry office. Be prepared to prove your identity.
You will receive the information you need within a month of the time your request was registered. However, for justified reasons the Digital and Population Data Services Agency can extend the aforementioned one-month timeline by two months at the most. In this case you will receive a notification.
Right to demand data correction
You have the right to ask for your personal data to be corrected. Submit a written request to the contact per-son of the register (section Controller and contact persons). In the request for correction, mention the data that should be rectified and the details of the change or the information that should be added to the register. Your identity will be verified in connection with the request.
Limitations to the rights of the data subject with regard to the processing of personal data
Most of the services provided by the Digital and Population Data Services Agency are based on compliance with a statutory obligation or the use of public powers. In those cases, you do not have the right to demand the dele-tion of your data or its transfer to another system.
The data subject has the right to lodge a complaint to the supervisory authority on the processing of their personal data.