Privacy policy: Register for contacting website

Updated 27 May 2020

Controller Geological Survey of Finland
P.O. Box 96, FI-02151 Espoo, Finland
Tel. +358 29 503 0000,
Contact person for register matters Pauli Vartia
Contact details of the data protection officer
Register name Register for website contacts
Purpose of and legal grounds for processing personal data Personal data are processed in connection with managing contacts received on a contact form through the website.

The processing of personal data is based on 1) the controller’s legitimate interest, 2) a contractual relationship and/or 3) the controller’s compliance with a statutory obligation. The controller’s legitimate interest provides the right to carry out necessary, justified and legal sales and marketing activities, including related profiling.

Data content of the register and categories of personal data The data entered by the person on the contact form available at is saved in the register. First name, last name, job title, organisation, e-mail address and telephone number.
Storage period for personal data or, if this is not possible, criteria for determining the storage period The data is based on professional interaction. No data about personal traits and other such qualities is collected. Personal data is deleted from the register after 3 months from the contact.
Regular sources of data Data is obtained from the individuals themselves.
Recipients of personal data or groups of recipients The data is processed by GTK’s employees who are responsible for website administration as well as for processing and reporting on contacts received through the website. In addition, the supplier of the data system can access data in conjunction with maintenance.
Information about the transfer of data to third countries and protection used (including information about the existence or non-existence of the Commission’s decision on the sufficiency of data protection), and opportunities to obtain a copy or information on their content. No data is transferred from the register outside the EU or EEA.
Principles of register protection (manual material and electronic processing) The system supplier ensures the technical protection of data in cooperation with GTK. The use of the system is protected by a username and password. Only appointed persons within the organisations are authorised to use the system. All data is processed confidentially.
Rights of data subjects Data subjects have the right to access their data and request their data to be rectified. Data subjects have the right to object to the processing of their personal data based on a specific personal situation. Nevertheless, the data controller can continue to process data on significant and justified grounds. If the aforementioned grounds do not exist, data subjects can request their personal data to be erased. If a data subject considers their data to be inaccurate, processing can be restricted in order to verify the accuracy of the data.
Right to file a complaint with the supervisory authority Data subjects have the right to file a complaint with the supervisory authority of the member state in which their permanent place of residence or business is, or in which the suspected breach of the GDPR has taken place if the data controller has refused your right to access your personal data or have your data rectified. You can file a complaint about the matter with the Finnish Data Protection Ombudsman.
Is the provision of personal data a statutory or contractual requirement or a requirement needed to enter into an agreement? Do data subjects need to provide personal data? What are the consequences of any non-provision of personal data? Provision of the data is voluntary.
Information about the existence of automated decision-making, including profiling, and significant information about the processing-related logic, at least in these cases, and the significance of specific processing and any consequences for data subjects. No automated decision-making is used.