1. Registry administrator

Perhepalvelukeskus Kotisatama Oy (y-tunnus 3393752-9).

www.perhepalvelukeskus.fi

Phone number : 0403648119 (also whatsapp)

2. Contact information for data protection matters 

All communications and requests relating to data protection and the processing of personal data should be addressed in the first instance to:

kotisatama@perhepalvelukeskus.fi

The Data Protection Officer can be contacted by e-mail for guidance and advice on processing personal data.

3. Processing of personal data in Kotisatama

Kotisatama Oy's employees are committed to protecting the privacy of each of our customers. We comply with all applicable legislation on the processing of personal data in all our activities.
This notice explains what personal data we process, for what purposes, on what lawful grounds and how we process it. We also explain people's rights at the end of the privacy notice and provide guidance on how you can exercise your rights. The purposes and purposes of processing are often related to your relationship with us. We have therefore structured this privacy notice in such a way that we try to explain the processing of data separately for our different categories of customers. It may be that you use more than one of our services, in which case information about our processing of your data may appear in more than one section.  

Our general privacy policy is common to all our offices. Kotisatama Oy generally acts as a processor of personal data for municipalities, cities or welfare areas. If you use services that are contracted by one of the above, you may need to make some requests for information through them. However, we will guide you should this situation arise. We will update the factsheet regularly and we will always try to inform everyone affected by important changes.

4. Processing of our customers' data

As a rule, the controller of our customers' data is the municipality, city or welfare region that is legally responsible for organising the service in question. All processing is agreed between the service provider and us and is subject to what we have agreed between us. In addition, our activities are also governed by legislation, in particular with regard to sensitive and special categories of data. The use of the services and the processing of personal data may be related to a legal obligation of the service provider, to the public interest or to the exercise of official authority by a public authority, or to any other commitment that defines your relationship with us. We will never process our customers' data for our own purposes without first informing you. If we need to process your data for our own purposes as a data controller, the processing will generally be based on consent, which will be explained to you in more detail when you give it to us. If we process data about you on the basis of our legitimate interests, we will always tell you in the context of such processing what those interests are, what the purpose of the processing is and how you can object to the processing if you disagree with its necessity. As a general rule, at least the following data will be processed in relation to a customer relationship: Name, personal identification number, date of birth, sex, contact details and municipality of residence. And other information relating to the customer relationship and the provision of the service and treatment, which may differ from one customer to another.

4.1 Sources of information

Sources of information may include social services, educational institutions, the client themselves or information on the client's health care from the caregiver, and information generated by the client's own activities. Other authorities may also disclose information to us on a case-by-case basis.

4.2 Disclosures and transfers of data within or outside the EEA

We only disclose information to service providers (municipalities, cities, welfare regions) and their officials. Our customer data will not be disclosed or transferred outside the EEA unless the service provider has so specified as the controller.

4.3 Data retention period

At the end of the client relationship, our clients' data is disclosed to the client's social worker or other service provider. After that, the data will be deleted from us and we will not use it for any other purpose.

5. Foster families

The data stored on foster families is used for the implementation of commissioned family care in child protection and for other purposes in accordance with the law and consents. The register keeps a record of persons who have expressed an interest in working as a family carer or are undergoing training to prepare for family care, prior to the start of family care and the conclusion of a commissioning contract.
The processing of personal data is governed by the legislation on family care (Family Care Act 263/2015)
The personal data processed include:

• name, personal identification number, telephone number, postal address, e-mail address, occupation, education, name of family members, age of the family carer and spouse.
• Information on the family's home life and living conditions. Information about the pre-process and process coaching for foster parents provided by the family carer and spouse.
• Information about the criminal records check.
• A description of the family and the overall situation of the family.
• Children placed in a family for a short or long period
• Specific skills and training for family carers. Whether the family is a short-term or long-term family carer.
• How many children a family can take into care
• Are there any restrictions on the investment, e.g. with regard to allergies.
• Information on contact with the family carer, changes in the family carer's or family's circumstances and when the subscriber was informed.

5.1 Sources of information

The source of information is the data subject himself and the social services of the municipality of residence.

5.2 Disclosures and transfers of data within or outside the EEA

In line with the legislation on family care, data will only be disclosed to those involved in its implementation. Data will not be disclosed or transferred outside the EEA.

5.3 Data retention period

Personal data will be deleted at the end of the contract, with the exception of data necessary for the payment of fees or similar, which will be kept in accordance with the applicable regulations, including accounting legislation.

6. Processing of jobseekers' data

The purpose of the processing of personal data is the recruitment of staff for employment or self-employment on the premises of the company. The purpose of the processing of personal data may, depending on the situation, be related either to a specific vacancy or to the will of the jobseeker to be contacted by us or to receive job offers from us for any future vacancies that may arise.
The basis for processing personal data of applicants for employment is always consent. In the case of self-employed persons, the processing is based on a contract and activities related to the preparation of the contract.
The processing of personal data is always at the discretion of the job and the job advertisement may specify in more detail the data to be processed. However, as a general rule, the processing will include at least the applicant's contact details, professional rights, work history and educational background, employment preferences and process data generated during the recruitment process (including, for example, correspondence, interviews and aptitude assessments).

6.1 Sources of information

The primary source of personal data is the applicant himself/herself. If the applicant has provided references or other sources of information in connection with the job search, data may also be collected from them. Information may also be disclosed by previous employers or educational institutions to verify the validity of certificates. In addition, during the recruitment process, information will be collected, as appropriate, from industry-related public registers such as JulkiTerhikki.

6.2 Disclosures and transfers of data within or outside the EEA

Personal data will not be transferred or disclosed to other third parties, unless this has been expressly agreed in connection with the job search. Such parties may include, for example, the organisers of aptitude tests or other actors directly involved in the job search. No data will be transferred or disclosed outside the EEA.

6.3 Data retention period

Applicants' data will only be processed as long as the consent given in the job application is valid or until it is clear that, for example, no contract of engagement will be concluded between the parties.

7. Recipients of marketing communications and marketing

In marketing, personal data is processed in connection with newsletters, advertising, market research, marketing and direct marketing.
Direct marketing, in particular electronic direct marketing, is mainly carried out with the consent of the individual. In cases where personal data has been obtained directly from the individual himself/herself when he/she was a purchaser or user of our services, we may carry out direct marketing based on our legitimate interest in carrying out direct marketing and promoting our business. We also use the same legitimate interest when marketing our services to representatives of companies or entities.
People always have the right to withdraw their consent or object to direct marketing. This can be done either by clicking on the link in the newsletter or by notifying us as indicated in the section on data subject rights.  
People always have the right to withdraw their consent or object to direct marketing. This can be done either by clicking on the link in the newsletter or by notifying us as indicated in the section on data subject rights.

7.1 Sources of information

Data on business and community representatives are collected from public information sources such as municipal websites and from the contact details of our business partners and subscriber-customer relationships, such as municipalities and welfare districts. Data on individuals is never collected in this way, marketing is always related to the person's job description or role as a representative of their employer.

7.2 Disclosures and transfers of data within or outside the EEA

Personal data is not transferred or disclosed within or outside the EEA.

7.3 Data retention period

The data will be kept for as long as necessary for marketing purposes or until you object to the processing or withdraw your consent. If the individual wishes to opt-out of direct marketing instead of deleting the data, we will have to retain the contact information for this purpose, but it will no longer be used for marketing purposes.
The data will be kept for a maximum of 5 years from the date of collection, after which it will be updated or deleted. A separate regular process ensures that the data is kept up to date.

8. Website visitors

Our company does not collect behavioural, computer and other terminal information about visitors to our websites for the purpose of analysing the use of the website and for statistical purposes. Our websites also contain links to social media sites (Meta; Instagram and Facebook). By clicking on these links, Meta will also be informed about your visit to our website. If you are logged in to these services or have enabled their cookies on other pages, the social media provider will also receive information about your visit to our social media channels. The terms of use of third parties may differ from our own terms of use. If a visitor does not want our company or its partners to target advertising or content based on Internet behavior, the visitor can prevent this by disabling the cookies they want by using the consent tool on the site you are visiting or in the browser settings.

8.1 Website forms

The website also collects personal data through forms entered by the user. This information is used only and exclusively for the purpose of the form, which is explained in detail on the form in question.

8.2 Disclosures and transfers of data within or outside the EEA

The data will not be disclosed outside the EEA.

8.3 Data retention period

No data is collected for the time being. You can change your cookie consent at any time by clicking on the icon at the bottom of the page.

9. Data security and storage of the register We follow the following five general principles for processing personal data.
10. personal data are processed lawfully and transparently in relation to the data subject. There is always a legal basis for all the personal data we process.
11. we collect and process personal data only for a specified purpose and to the extent necessary.
12. personal data is kept accurate and up to date.
13. Personal data will be kept in an identifiable form only for as long as there is a need to process it. The data retention periods are mainly based on existing specific legislation, such as the Ministry of Social Affairs and Health's Regulation on Patient Documents (289/2009) and the Act on Social Care Client Documents (254/2015).
14. personal data are treated confidentially and are always treated in confidence. We use appropriate organisational and technical measures to prevent unauthorised and unlawful processing. These measures also ensure that personal data are not accidentally lost, altered or destroyed.

Access to our customers' data is limited to those persons whose job duties require it. Our information systems support access management, which allows us to control and monitor the review and use of our customers' personal data. In addition, we regularly train our staff and they understand the importance of trust and data subject privacy.
Personal data is protected by appropriate technical and organisational measures. These measures include:

• Storing data in locked premises
• Restricting access to data with access rights
• Proper certification and protection of data
• Providing guidance on the secure use of data within the organisation
• Training employees in data processing and data protection practices

When we use external service providers or other third parties, we are equally concerned about the privacy of our customers. We also require confidentiality and legal compliance from service providers, as well as adherence to our organisation's privacy and security policies, guidelines and practices. We do not allow third parties to use our customers' information for their own purposes.

10. Rights of the data subject
    Data subjects' requests for the processing of their personal data can be sent either by e-mail to perhepalvelukeskuskotisatama@gmail.com

10.1 Rights in detail

Right of access to personal data

• You have the right to access the personal data stored about you. If you wish, you can also obtain a copy for yourself. However, your right of access may need to be limited for legal reasons and to protect the privacy of others.
  Right to rectification
• You have the right to request a correction of incorrect or incomplete information. An exception to this may be if the information previously provided is in some way material, for example, in relation to your relationship with us. In this case, we will not necessarily replace the old information, but will add the new information to the changed information.
  Right to erasure
• You have the right to request the deletion of your data. For example, deletion of data may be done in the following cases:
  • Retention is based on consent and you withdraw your consent to the processing of your personal data and there is no other ground for the processing.
  • The need for processing or retention has ceased and there is no other legal basis for its retention.
• If we do not have a legal right to process or retain the data and the need for the processing ceases, we will delete the personal data ourselves without your request. 
  Right to restriction of processing
• You have the right to restrict the processing of your personal data in situations where, for example, you have doubts about the lawfulness of the processing of your personal data or you have objected to the processing of your personal data, but the matter is still being resolved.
  Right to object
• You have the right to object to the processing of your data in situations where we process data on grounds of public interest (for example, scientific or historical research or statistics) or on the basis of our legitimate interests (for example, direct marketing).
  Right to data portability
• The right to data portability does not apply to data processed in relations between organisations where the processing is not based on the consent of the data subject or on a contract to which the data subject is a party. We have not identified any processing in our own activities for which this right could be exercised.
  Right to withdraw consent
• You have the right to withdraw your consent at any time, without prejudice to the lawfulness of the processing carried out before its withdrawal.

1. Disputes and right of appeal

You also have the right to lodge a complaint with a supervisory authority if you suspect that your personal data is being used inappropriately or unlawfully. However, we hope that you will always contact us first and we will try to resolve issues before they become problems.
The contact details of the Finnish supervisory authority are:
Office of the Data Protection Ombudsman
Visiting address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: P.O. Box 800, 00531 Helsinki
Switchboard: 029 566 6700
Registry: 029 566 6768
E-mail (Registry): tietosuoja(at)om.fi