Privacy statement for Occupational safety qualification training
1. Controller
The Centre for Occupational Safety, Työpajankatu 13 A, 00580 Helsinki, Finland, tel. 09 616261, email: info@ttk.fi (you will be redirected to another service)(siirryt toiseen palveluun)
2. Contact person
Tuomas Nissinen, Senior Specialist, tel. 050 317 2650, email: kortti@ttk.fi (you will be redirected to another service)(siirryt toiseen palveluun)
3. Purpose and grounds for processing personal information
The subjects of the processing of personal information are the holders of Occupational Safety Cards, representatives of the organisers of occupational safety training, those who have completed the PSK 6803 training of the Centre for Occupational Safety and the users of the electronic Occupational Safety Card search.
The purpose of the processing of personal information is to maintain the system of Occupational Safety Card holders and persons who have completed the PSK 6803 training and to provide employers, commissioners and cardholders with access to qualification information through an open interface.
Personal data is processed on the basis of the Centre for Occupational Safety’s legitimate interests. The legitimate interest of the Centre for Occupational Safety is based on its purpose of acting as an organisation that promotes a high level of workplace and occupational safety and is responsible for the labour market Occupational Safety Card system in the labour market, among other things. In addition, the Centre for Occupational Safety may, on the basis of legitimate interest, provide customer and guidance services related to the Occupational Safety Card. Furthermore, through the open interface, data subjects can demonstrate and check their own qualification information and the employer/commissioner can check the qualification information, if necessary. The instructor of the Occupational Safety Card course has the right to check the information of individuals registered in the database if they are enrolling in the Occupational Safety Card refresher course
With the consent of the Occupational Safety Cards holders and persons who have completed the PSK 6803 training organised by the Centre for Occupational Safety, the Centre for Occupational Safety may also send information related to the operations of the Centre for Occupational Safety to the cardholders.
A balance test has been carried out on the processing activities in accordance with this privacy statement.
4. Information content of the register
The following information is processed about the representatives of the organisers of occupational safety courses:
first name, last name, email address, telephone number, qualification information, teaching languages, industry-specific special competence and the name of the organisation.
The following information about the holders of Occupational Safety Cards is processed:
- first name, last name, Occupational Safety Card number and validity period, date of birth, email address, telephone number, address and information on the training industry.
The following information about the participants in the PSK 6803 training course is processed:
- first name, last name, PSK 6803 card number and validity period, date of birth, email address, telephone number and address.
The following information is processed about the users of the open Occupational Safety Card search:
- For the users of the open register, the following are saved: acceptance of the terms of use, information about the user provided through strong identification, results of searches carried out and usage timestamps.
A person may not necessarily be granted an Occupational Safety Card or qualification of PSK 6803 training completion unless they provide all the information necessary for registering the card. The email address is used for taking electronic tests, communications and the mobile card.
Data subjects may also provide their telephone number for contacting purposes.
5. Storage period of personal information
The information of Occupational Safety Card holders and those who have completed the PSK 6803 training is stored for 12 months after the expiry of the validity period of a registered Occupational Safety Card.
The information of the representatives of the organisers of occupational safety courses will be stored for 12 months after the end of their co-operation with the Centre for Occupational Safety. If, during the above-mentioned period, there is a justified reason to store the information for a longer period, for example, due to the investigation or preliminary investigation of an occupational accident or a legal claim, the information may be stored for a longer period.
Personal information collected from the users of the open Occupational Safety Card search and a log of whose information has been viewed are processed for 1 year after the search has been carried out. The information may be stored for a longer period if there is reason to suspect misuse in violation of the terms of use.
6. Regular sources of information
As a rule, the information is collected from the Occupational Safety Card holders, organisers of the Occupational Safety Card training and persons who have completed the PSK 6803 training themselves.
Information about Occupational Safety Card holders can also be collected through representatives of the organisers of occupational safety courses.
7. Regular disclosure of information and groups of recipients
The Finnish Centre for Occupational Safety discloses information about Occupational Safety Card holders only through the open interface mentioned in this privacy statement. In this case, the first name, last name, card number, validity period, industry information of the training and the place of completion of the training are disclosed about the Occupational Safety Card holders. The recipients of personal information are mainly employer and client organisations.
We have outsourced processing tasks to external service providers in accordance with and within the limits set by data protection legislation. We transfer personal information to an external service provider for the purpose of maintaining the applications.
8. Transfer of information outside the EU or EEA
Personal information is not transferred outside the European Union or the European Economic Area.
9. Principles of register protection
The information is stored on appropriately protected servers, whose technical information security is often managed in a variety of ways. Access to information is managed through work role-based access management.
The purpose of the measures described above is to ensure the confidentiality, availability and integrity of the personal information stored in the register and the realisation of the rights of the data subjects.
10. Automated decision-making
Personal information will not be used for automated decision-making that would have legal or similar effects on the data subject.
Occupational safety training electronic tests are partly reviewed automatically.
11. The data subject’s right to object to direct marketing
The data subject can channel-specifically consent or refuse the Controller’s use of their data for direct marketing.
12. Other rights of the data subject
The data subject’s right of access (right of inspection)
The data subject has the right to check what data about themselves is stored in the register. For example, the data subject can log in to the mobiili.tyoturvallisuuskortti.fi service with their own credentials and view their own information. If the person does not have their own credentials, they can make an inspection request by contacting the contact person for the register. Some data subjects can also view their data through the open interface. It is recommended that other data subjects (organisation representatives) contact the contact person. In principle, the exercise of the right of inspection is free of charge.
The data subject’s right to request rectification, erasure or restriction of processing
Insofar as the data subject can act on their own, they must, without undue delay after becoming aware of an error or, after discovering an error on their own initiative, correct, delete or supplement the information that is contrary to the purpose of the register, incorrect, unnecessary, incomplete or outdated. Insofar as the data subject is unable to correct or delete the information themselves, the request for rectification or erasure is made by contacting the Controller’s contact person in accordance with the “Contact requests” section.
The data subject also has the right to require the Controller to restrict the processing of their personal data, for example, if the data subject awaits the Controller’s response to a request for rectification or erasure of their information.
The data subject’s right to object to the processing of personal information
In relation to their personal special situation, the data subject has the right to object to processing activities that the Controller targets at the data subject’s personal information, to the extent that the processing is based on the Controller’s legitimate interest. In connection with the request, the data subject must specify the particular situation on the basis of which they object to the processing. The Controller may refuse to comply with an objection requests on grounds provided for by law.
The data subject’s right to transfer information from one system to another
Insofar as the data subject has personally submitted information to the register that is processed for the implementation of the agreement between the data subject and the Centre for Occupational Safety or on the basis of the data subject’s consent, the data subject has the right to receive the information in a machine-readable format and to transfer it to another Controller.
Right to withdraw consent
If the processing of personal information is based on the data subject’s consent, the data subject has the right to withdraw their consent by notifying the Controller of this in accordance with the “Contact requests” section of this privacy statement.
Right of the data subject to lodge a complaint with a supervisory authority
The data subject has the right to lodge a complaint with the competent supervisory authority if the Controller has not complied with the applicable data protection regulations in its operations. The competent supervisory authority in Finland is the Office of the Data Protection Ombudsman (tietosuoja.fi)
13. Contact requests
In all questions related to the processing of personal information and in situations related to the exercise of personal rights, the data subject should contact the Controller. The data subject can exercise their rights by sending an email to kortti@ttk.fi(siirryt toiseen palveluun)
14. Amendments to the description of file
The Centre for Occupational Safety may make changes to this privacy statement if the methods or purposes of processing personal information change. However, we recommend you regularly check the content of the privacy statement.