Data protection and the processing of personal data in public employment and business services

1 January 2023

Employment services, information and advisory services, competence development services, and business start-up and development services are offered as public employment and business services. Public employment and business services also include expert evaluations related to the personal customer's service process as well as statutory subsidies and compensations. Tasks related to safeguarding the income of an unemployed job seeker are carried out in accordance with the Unemployment Security Act. The tasks referred to in the Unemployment Security Act also include organising customer services and exchange of information related to the export of unemployment benefits related to job seeking in the EU.

Any service that supports the employment of an individual customer also at the same time supports the access to labour of an enterprise or other employer. Employment and business services offered to companies and employers include employment services, information and advisory services, pay subsidies, employment coaching services, joint procurement training and paid business development services. Start-up entrepreneurship is supported through information and advisory services, assessment of entrepreneurial skills and preconditions for business activity, career coaching, work placements, entrepreneur training, and start-up grants.

The privacy statement also applies to the processing of customer data in local government pilots on employment. Provisions on a fixed-term pilot are laid down in the Act on Local Government Pilots on Promoting Employment. Further information on the local government pilots and the pilot areas is available on the website of the Association of Finnish Local and Regional Authorities and the Ministry of Economic Affairs and Employment.

The aim of the multidisciplinary joint service is to promote the employment of the unemployed by offering public employment services in accordance with their service needs, as well as social, health, and rehabilitation services, through a cooperation model in which the TE Office, the Social Insurance Institution of Finland, and the wellbeing services county together assess the unemployed persons’ service needs, plan together the appropriate services for helping them find employment, and take responsibility for the progress and monitoring of their job-seeking process. In the local government pilots on employment, the municipality participates in the cooperation model instead of the TE Office.

Controller and contact details

Customer information system used in public employment and business services

As the controller, the Centre for Economic Development, Transport, and the Environment and the Development and Administrative Services Centre (hereinafter the KEHA Centre) is responsible for the overall functioning of the customer information system and the uniformity of register functions as well as for the development and maintenance of information systems and other duties of the controller laid down in law. The KEHA Centre, TE Offices, and municipalities in the pilot area are joint controllers of the customer information system used in public employment and business services. TE offices and municipalities in the pilot area are responsible for ensuring that the information regarding their customers contained by the customer information system is correct and for the controller’s tasks that have not been separately laid down for the KEHA Centre. The TE Customer Service Centre is responsible for the correctness of the information stored in the customer information system in connection with its customer calls and other contacts.

TE Services' appointment and video conferencing system

In the TE Office, data is used to organise tasks in accordance with the Act on Public Employment and Business Service. Specialists from municipalities participating in the local government pilot will use the information to perform the duties laid down in the Act on Municipal Experiments to Promote Employment. The division of responsibilities between the controllers of the TE Services’ appointment and the videoconferencing system is similar to that of the customer information system used in public employment and business services.

The data is used for booking an appointment for the customer’s on-site appointment, telephone appointment, or videoconferencing. The appointment system processes the following personal data: name, personal identity code, and telephone number.

The information on all meetings is transferred to the customer information system in real time. The appointment booking system is not used to store information about appointments and related customers for a long time. Previous appointments and related information are automatically deleted from the appointment system after 3 months.

When joining the videoconferencing system, Suomi.fi E-identification is used. The video conferencing system is not used to store information about appointments and related customers.

Data is not processed outside the EU/EEA area.

Electronic Exchange of Social Security Information (EESSI) 

Section 17 of the Act on the Application of European Union Legislation Concerning the Coordination of Social Security Systems (EESSI Act) lays down provisions on Kela’s responsibilities: Kela maintains a point of contact in the name of the authorities, institutions and bodies referred to in sections 4–10 and ensures that its activities ensure IT capabilities for the electronic exchange of information. Kela also provides and maintains technical services related to the use of the point of contact.

EESSI Act (finlex.fi)

In maintaining the data system service for the point of contact, Kela acts as the processor of personal data as referred to in Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). With regard to the identification service provided by Kela for the point of contact, Kela acts as the controller of personal data as referred to in the GDPR.

TE Services and their customer service centre act as the controllers of data processed in their data system.

Customer data system for the joint multisectoral service

The Act on Multisectoral Joint Services Promoting Employment (1369/2014) defines that the Development and Administration Centre for the ELY Centres (KEHA Centre) develop and maintain customer data and the customer data system for the joint multisectoral service to carry out the service. The KEHA Centre, TE Services, wellbeing service counties and Kela act as joint controllers of the data referred to in section 9 of the above act. TE Services, wellbeing service counties and Kela are responsible for the controller’s obligations set out in the GDPR regarding any information they have saved in customer data that have not been separately assigned to the KEHA Centre. At the local government pilots on employment, the pilot municipality takes care of the tasks instead of the TE Office and acts as a joint controller for its customers as laid down in section 9 of the Act on Multisectoral Joint Services Promoting Employment.

Data subjects do not have the right to have the processing of the data laid down in section 9 restricted as referred to in Article 18 of the GDPR.

Information system register data

Overall functionality and consistency of the customer information system

Data protection officer for ELY Centres, TE Offices, and the KEHA Centre: tietosuoja.keha@ely-keskus.fi

Processing of personal data

Personal data are stored in personal data files only when there is a justified reason for doing so. Personal data is obtained to the register from the data subjects themselves and also collected to the register from the E-services during customer transactions, on the telephone and in connection with visits.

Data is obtained from the personal data registers of other government agencies, municipal authorities, Kela, unemployment funds, the Finnish Centre for Pensions, the Employment Fund, the provider of public employment and business services, and organisers of local government pilots as laid down in chapter 4, section 5 (chapter 12, section 6, subsection 1 of the Act on Public Employment and Business Service).

Information on recruitment decisions related to vacancies and concerning individuals is obtained from employers.

Once personal data saved in the register have been obtained from sources other than data subjects, the source from which the data were obtained and the person who saved the data in the register will be indicated in the register.

The customer data that we store includes the following:

  • identification and contact data
  • data related to customer relationships of TE Services and the use of their services
  • data about education, work history, and professional skills
  • data about service needs and plans
  • data about job offers and presentations to employers
  • data about health and other data required by the provision of employment services
  • employment policy statements
  • data about services and benefits in the administration of economic affairs and employment
  • customer data of multisectoral joint services related to certain social situation that have an effect on employment

Data is needed for the performance of statutory tasks, for the implementation of services, and for communication, as regulated by the following laws (finlex.fi):

Customer interactions are mainly carried out using electronic customer services. On-site services, telephone-based services, and mail-based services are also available.

The Matomo analytics tool is used to collect statistical data in the “Vacancies” service and the E-Services of TE Services.

Examples of such data include

  • the number of visitors in the services,
  • the devices used to access the services,
  • the URL used to access the services, and
  • individual pages visited.

The data collected by the analytics tool never includes the person's name, social security number, or other similar identifying data. TE Services does not use this data to attempt to identify individual website visitors. If the user has configured “Do Not Track” in the web browser, the analytics tool will not collect or monitor browsing data.

For security reasons, we do not recommend communication by email. However, if an individual customer uses email, the customer themselves must take care to use adequate email security measures. We either provide answers by email at a general level or respond using secure email. In connection with the management of statutory tasks, we can email the customer information about services promoting employment at the general level.

Personal data submitted is only processed in connection with the performance of statutory tasks. It is processed by employees of TE Services in the performance of their work duties and by contract-based service providers together with their subcontractors. The TE Office has set the requirement that service providers carry out the processing of personal data in accordance with the requirements of the Data Protection Regulation. Customer information is confidential and the personnel handling it have a duty of confidentiality.

Personal data are also processed to provide customer service for the export of employment benefits for job seeking in the EU. The purpose of the processing of personal data in the electronic exchange system for social security data (EESSI) is to exchange data about the export of employment benefits when people move from one EU Member State to another between the EU/EEA Member States or the competent employment and unemployment security authorities of Switzerland.

Anonymised data are used to develop the information system and services. The persons engaged in this development work are either persons in an employment relationship who are subject to confidentiality regulations and the personnel of a service provider with a contractual obligation of professional secrecy.

The storage of data is governed by legislation. The customer data system information and the related storage periods are listed in the data control plan, the maintenance of which is the responsibility of the KEHA Centre. As a rule, customer data in the customer data system used in public employment and business services are erased four years after the end of a customer relationship. In accordance with the Archives Act (831/1994), some of the customer data have been designated by the National Archive for permanent storage. The data designated for permanent storage is transferred to the National Archive after being removed from the customer data system.

Disclosure of data

We can only provide employers with the data that are required to fill a position and that can be disclosed based on each customer’s written consent. Such data include:

  • a job seeker’s name and contact data, native language, other linguistic skills, and nationality
  • a job seeker’s education and vocational qualifications, and their content and grades where applicable
  • work history, including data indicated in references
  • specialist skills, work and training preferences, and a job seeker’s presentation for employers
  • data on the person’s uninterrupted unemployment during the previous 12 months to identify the conditions for entering into a fixed-term employment contract

Health data provided by customers for TE Services or obtained based on their consent can only be disclosed to employers based on a specific written consent.

Employers also have the right to know whether any of their former employees is a job seeker in TE Services when fulfilling their re-employment obligation laid down in the Employment Contracts Act.

TE Services, Kela, unemployment funds, and foreign organisations that are authorised to process individuals’ job seeking and unemployment security data have the mutual right to exchange information related to job seeking and unemployment security that have an impact on individuals’ right to receive an unemployment benefit (chapter 11, section 4a, and chapter 13, sections 1 and 3 of the Act on the Application of European Union Legislation Concerning the Coordination of Social Security Systems).

The responsibility for organising public employment services will be transferred from the government to municipalities on 1 January 2025. The KEHA Centre will transfer the data on the transferred customers that is necessary for the preparation of the implementation to the municipalities or joint municipal authorities responsible for organising employment services as of 1 August 2024. Personal data contained in the data file may only be processed for the purpose specified in law and only to the extent necessary for the preparation of the implementation (section 14 of the Act on the Implementation of the Act on the Organisation of Employment Services and Certain Related Acts 383/2023).

Customer information is disclosed to other authorities if the disclosure of the information is provided by law or if the customer gives their consent to such disclosure. The content of the information to be disclosed is determined by the scope of jurisdiction of the requesting authority. Authorities that have the right to request information about the customer include the Employment and Economic Development Centre, the Local Government Pensions Institution, the Finnish Immigration Service, the police, social welfare authorities, and judgment execution authorities. Customer data can also be disclosed to providers of public employment and business services and providers of services promoting employment as agreed in the employment plan or its replacement plan if the data are required to provide the services (chapter 12, section 6, subsection 2 of the Act on Public Employment and Business Service).

Employment service statistics

The employment service statistics of the Ministry of Economic Affairs and Employment are compiled monthly based on the customer data system’s data.

Disclosure of data for research purposes

Based on a research authorisation granted by the KEHA Centre, customer data can be disclosed for research purposes, including statistics, scientific research, and planning processes of the authorities. The content of the data to be disclosed is determined in the research plan attached to the research authorisation application.

Rights of service users

Service users have the right to know what data about them are saved. Service users can inspect the data collected by TE Services and update them if necessary.

Right to inspect personal data, and have data rectified and supplemented

The Job Market Finland website provides access to the E-Services of TE Services for personal customers. The E-services bring together the online services of personal customers. Through E-Services, you can view your own customer data. The E-Services will undergo an update and the users will gradually transition to the new E-services at Job Market Finland.

Service users have the right to examine the customer information in the customer data system. This can be done primarily through E-Services. If needed, you can request the rectification of any incorrect information. It takes around one day for any changes to the dates to be updated to the service.

If the user does not have access to the strong identification required by E-Services (bank identification, mobile certificate, certificate card), an inspection request can be placed by submitting a written request. In addition, any request for rectification must always be made in writing and must also be signed. The written request must specify which personal data file the inspection request or rectification request applies to.

The signed data inspection or rectification request must be submitted to the local office of TE Services or local government pilot that is responsible for the customer relationship.  The request form can be sent to the registry office of the local office or local government pilot that is responsible for the customer relationship by post or email or by visiting the office in person. When sending email, the sender must see to appropriate encryption to ensure privacy protection.

After receiving a written inspection request, the office responsible for the customer relationship will send the customer data saved in the customer data system as a registered letter, which can be picked up from the nearest Posti service point. If the response is picked up from the registry office of the office responsible for the customer relationship, the customer’s identity will be checked from a passport, identity card, or driving licence.

The office responsible for the customer relationship can offer the option to view the data jointly. If no data are available in the customer data system, the customer will be notified of this by post. Responses to rectification requests are also sent by post. Rectified registered data will be sent attached to the response. If a local office of TE Services or a municipality participating in the local government pilot that acts as a controller refuses to make the rectification requested, the office responsible for the customer relationship will give a written response with reasons.

Log data produced by the data system do not comprise customer data saved in the personal data register. Log data can only be disclosed to the authorities based on a separate data request. The log data produced will only be used to investigate any suspected misuse.

Restricting the processing of personal data

The right to object to the processing of personal data does not apply to the statutory tasks of the authorities.

Withdrawing consent to use data

The consent to the disclosure of data can be requested to be withdrawn from the party to which the consent was given.

Complaint or appeal concerning the processing of personal data

If required, you can give a notification or lodge an appeal regarding the processing of your personal data with the Office of the Data Protection Ombudsman.

For more information about the processing of your personal data, contact the local office that is responsible for your customer relationship or the data protection officer.

TE Services: tietosuoja.keha@ely-keskus.fi

Municipalities participating in local government pilots: municipal data protection officers

Read more

 

te-updated 11.09.2024