Data protection and the processing of personal data in public employment and business services

1 January 2023

Public employment and business services include employment brokerage, information and advisory, competence development, and business start-up and development services. In addition, public employment and business services include specialist evaluations related to private customers’ service processes and statutory support and compensation. Activities related to securing the livelihood of unemployed job seekers are carried out in accordance with the unemployment security act. Activities pursuant to the unemployment security act also include the provision of customer service and data exchange concerning the export of unemployment benefits for EU job seeking.

Services that support private customers in finding a job also support companies and other employers in finding employees. Employment and business services provided for companies and employers include employment brokerage, information and advisory services, pay subsidies, job coach services, joint procurement training, and business development services that are subject to a separate charge. Customers planning to start a business are supported by information and advisory services, assessments of entrepreneurial capabilities and business conditions, career coaching, work trials, entrepreneurship training, and start-up grants. The privacy policy also applies to the handling of customer information in the local government pilots on employment. Temporary pilots are regulated in the Act on Local Government Pilots for the Promotion of Employment.

More information about local government pilots and the participating municipalities is available on the websites of the Association of Finnish Municipalities and the Ministry of Economic Affairs and Employment.

The goal of the joint multisectoral service is to promote the employment of unemployed individuals by providing public employment services in accordance with their service needs, as well as social, healthcare and rehabilitation services, following a cooperation model in which TTE Office, Social Insurance Institution of Finland (Kela) and wellbeing services county assess the service needs of unemployed individuals, plan appropriate services for employment, and are responsible for the progress and monitoring of the employment process. At the local government pilots on employment, the municipality will take part at the cooperation model instead of the TE Office. 

Controller and contact details

The customer data system used in public employment and business services

In its role as the controller, the Development and Administration Centre for the ELY Centres (KEHA Centre) is responsible for the general functioning of the customer data system, the uniformity of the register’s functions, the maintenance and development of data systems, and other statutory tasks set for controllers. The KEHA Centre, TE Services and the municipalities participating in the local government pilot are joint controllers in the customer data system used in public employment and business services. TE Services and the municipalities participating in the local government pilot are responsible for the correctness of data about their customers in the customer data system and such tasks of the controller that have not been separately assigned to the KEHA Centre. The customer service centre of TE Services is responsible for the correctness of data saved in the customer data system in conjunction with its customer calls and other contact.

TE Services' appointment and video conferencing system

In the TE office, customer information is used to organize tasks in accordance with the law on public employment and business services. The experts of the municipalities participating in the local government pilots on employment use the information to carry out the tasks stipulated in the Act on Local Government Pilots for the Promotion of Employment. The division of responsibilities of the registrars of the TE appointment and video conferencing system is similar to that of the customer information system used in public labour and business services.

The information is used to book an appointment for the customer's on-site meeting, phone meeting, or video conference. The appointment booking system processes the following personal data: name, social security number, and phone number.

The information of all appointments is transferred in real time to the customer information system, and the appointment system does not store the information of appointments and related customers for a long time. Past appointments and related information are automatically deleted from the appointment system after 3 months.

When connecting to the video conference system, Suomi.fi identification is used. The video conferencing system does not save information about meetings and related customers.

Data is not processed outside the EU/EEA area.

Electronic Exchange of Social Security Information (EESSI) 

Section 17 of the Act on the Application of European Union Legislation Concerning the Coordination of Social Security Systems (EESSI Act) lays down provisions on Kela’s responsibilities: Kela maintains a point of contact in the name of the authorities, institutions and bodies referred to in sections 4–10 and ensures that its activities ensure IT capabilities for an electronic exchange of information. Kela also provides and maintains technical services related to the use of the point of contact.

In maintaining the data system service for the point of contact, Kela acts as the processor of personal data as referred to in Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). With regard to the identification service provided by Kela for the point of contact, Kela acts as the controller of personal data as referred to in the GDPR.

TE Services and their customer service centre act as controllers of data processed in their data system.

Customer data system for the joint multisectoral service

The act on multisectoral joint services promoting employment (1369/2014) The act on multisectoral joint services promoting employment (1369/2014)  (1369/2014) defines that the Development and Administration Centre for the ELY Centres (KEHA Centre) develop and maintain customer data and the customer data system for the joint multisectoral service to carry out the service. The KEHA Centre, TE Services, wellbeing service counties and Kela act as joint controllers as laid down in section 9 of the aforementioned act. TE Services, wellbeing service counties and Kela are responsible for the controller’s obligations set out in the GDPR regarding any data they have saved in customer data that have not been separately assigned to the KEHA Centre. At the local government pilots on employment, the pilot municipality takes care of the tasks instead of the TE Office and acts as a joint controller for its clients as laid down in section 9 of the aforementioned act.  

Data subjects do not have the right to have the processing of the data laid down in section 9 restricted as referred to in Article 18 of the GDPR.

Registered data in the data system

General operation and integrity of the customer data system

Data protection officer for ELY Centres, TE Services and the KEHA Centre  

tietosuoja.keha@ely-keskus.fi

Processing of personal data

Personal data are only saved in personal registers on appropriate grounds. Personal data are obtained from data subjects, and they are collected in the register in different customer service situations, including E-services for private customers, by telephone and during customer visits.

Data are obtained from the personal data registers of other government agencies, the Digital and Population Data Services Agency, municipal authorities, Kela, unemployment funds, the Finnish Centre for Pensions, the Employment Fund, the provider of public employment and business services, and organisers of local government pilots as laid down in chapter 4, section 5 (chapter 12, section 6, subsection 1 of the act on the Act on Public Employment and Business Service).

Data about recruitment solutions related to and targeted at job offers are obtained from employers.

Once personal data saved in the register have been obtained from sources other than data subjects, the source from which the data were obtained and the person who saved the data in the register will be indicated in the register.

We save the following customer data, for example:

  • Identification and contact data
  • Data related to customer relationships of TE Services and the use of their services
  • Data about education, work history and professional skills
  • Data about service needs and plans
  • Data about job offers and presentations to employers
  • Data about health and other data required by the provision of employment services
  • Employment policy statements
  • Data about services and benefits in the administration of economic affairs and employment
  • Customer data of multisectoral joint services related to certain social situation that have an effect on employment

The data are required to carry out statutory tasks, provide services and maintain contact as laid down in the following acts (finlex.fi): 

Services are mainly used through e-services. Using in-person and telephone services and sending regular mail are also possible.

The Matomo analytics tool is used to collect statistical data in the “Avoimet työpaikat” (Vacancies) service of TE Services and the service for starting a job seeking process for private customers. 

Such data include:

  • The number of visitors in the services
  • The devices used to access the services
  • The URL used to access the services
  • Individual pages visited

The data collected by the analytics tool never include individuals’ names, personal identity codes or other similar identification data. TE Services do not aim to identify individual website users based on their data. If a user has selected the “Do Not Track” setting in their browser, the analytics tool will not collect or monitor any browsing data.

We do not recommend the use of email for information security reasons. If a private customer uses email, they must see to a sufficient level of email protection. We only give general responses by email or respond using a secure email service. With regard to statutory tasks, we can send general data about various employment-promoting services to customers by email.

The personal data given are only processed to carry out statutory tasks. Data are processed by TE Services’ employees as required in their tasks and by contractual service providers, as well as their subcontractors. TE Services obligate their service providers to comply with the requirements of the GDPR in the processing of personal data. Customer data are confidential and all employees who process them are bound by a secrecy obligation.

Personal data are also processed to provide customer service for the export of employment benefits for EU job seeking. The purpose of the processing of personal data in EESSI is to exchange information about the export of employment benefits when people move from one EU Member State to another between the EU/EEA Member States or the competent employment and unemployment security authorities of Switzerland.

Anonymised data are used to develop the data system and services. Development is carried out by employees who are in a public service relationship and are bound by secrecy obligations or by a service provider’s personnel who have a contractual secrecy obligation.

The retention of data is based on law. The customer data system’s data and their retention periods are listed in the data control plan maintained by the KEHA Centre. As a rule, customer data in the customer data system used in public employment and business services are erased four years after the end of a customer relationship. The National Archives of Finland has defined that part of customer data must be retained permanently in accordance with the archives act (831/1994). Any data to be retained permanently will be transferred to the National Archives once they have been erased from the customer data system.

Disclosure of data

We can only provide employers with the data that are required to fill a position and that can be disclosed based on each customer’s written consent. Such data include:

  • A job seeker’s name and contact data, native language, other linguistic skills and nationality
  • A job seeker’s education and vocational degrees, and their content and grades where applicable
  • Work history, including data indicated in references
  • Special skills, employment and education requests, and a job seeker’s presentation for employers
  • Data on each person’s uninterrupted unemployment during the previous 12 months to identify the conditions for entering into a fixed-term employment contract

Health data provided by customers for TE Services or obtained based on their consent can only be disclosed to employers based on a specific written consent.

Employers also have the right to know whether any of their former employees is a jobseeker in TE Services when fulfilling their re-employment obligation laid down in the Employment Contracts Act.

TE Services, Kela, unemployment funds and foreign organisations that are authorised to process individuals’ job seeking and unemployment security data have the mutual right to exchange information related to job seeking and unemployment security that have an impact on individuals’ right to receive an unemployment benefit  (chapter 11, section 4a, and chapter 13, sections 1 and 3 of the Act on the Application of European Union Legislation Concerning the Coordination of Social Security Systems).

Customer data can be disclosed to other authorities if the disclosure of data is based on law or customer consent. The content of the data disclosed is based on the scope of the powers of the authority requesting data. Authorities that have the right to request customer data include the Finnish Centre for Pensions, Keva, the Finnish Immigration Service, the Police of Finland, providers of social services, and the National Enforcement Authority of Finland. Customer data can also be disclosed to providers of public employment and business services and providers of services promoting employment as agreed in the employment plan or its replacement plan if the data are required to provide the services (chapter 12, section 6, subsection 2 of the Act on Public Employment and Business Service).

Employment service statistics

The employment service statistics of the Ministry of Economic Affairs and Employment are compiled monthly based on the customer data system’s data.

Disclosure of data for research purposes

Based on a research authorisation granted by the KEHA Centre, customer data can be disclosed for research purposes, including statistics, scientific research and planning processes of the authorities. The content of the data to be disclosed is determined in the research plan attached to the research authorisation application.

Rights of service users

Service users have the right to know what data about them are saved. Service users can inspect the data collected by TE Services and update them if necessary.

Right to inspect personal data, and have data rectified and supplemented

Through Job Market Finland, private customer can access the E-services of TE Services where online services intended for private customers are provided on a single page. Service users can view their customer data in the E-services. E-services of TE Services are currently being reformed, and Job Market Finland's new service will be coming into use in stages.

Service users have the right to inspect their customer data in the customer data system. The E-services are the primary channel for doing this. If required, service users can request any incorrect data to be rectified. Data are updated with a delay of approximately one day.

If a service user cannot use the strong identification required by the E-services (online banking codes, mobile certificate, certificate card), a request to inspect data can be placed by submitting a written form. In addition, any requests to have data rectified must always be made in writing, and such requests must also be signed. The written request must specify what personal data register the data inspection or rectification request concerns.

The signed data inspection or rectification request must be submitted to the local office of TE Services or local government pilot that is responsible for the customer relationship.  The form can be sent to the registry office of the local office or local government pilot that is responsible for the customer relationship by post or email or by visiting the office in person. When sending email, the sender must see to appropriate encryption to ensure privacy protection.

After receiving a written inspection request, the office responsible for the customer relationship will send the customer data saved in the customer data system as a registered letter, which can be picked up from the nearest Posti service point. If the response is picked up from the registry office of the office responsible for the customer relationship, the customer’s identity will be checked from a passport, identity card or driving licence.

The office responsible for the customer relationship can offer the option to view the data together. If no data are available in the customer data system, the customer will be notified of this by post. Responses to rectification requests are also sent by post. Rectified registered data will be sent attached to the response. If a local office of TE Services or a municipality participating in the local government pilot that acts as a controller refuses to make the rectification requested, the office responsible for the customer relationship will give a written response with reasons.

Log data produced by the data system do not comprise customer data saved in the personal data register. Log data can only be disclosed to the authorities based on a separate data request. The log data produced will only be used to investigate any suspected misuse.

Restricting the processing of personal data

The right to object to the processing of personal data does not apply to the statutory tasks of the authorities.

Withdrawing consent to use data

The consent to the disclosure of data can be requested to be withdrawn from the party to which the consent was given.

Notification or appeal concerning the processing of personal data

If required, you can give a notification or lodge an appeal regarding the processing of your personal data with the Office of the Data Protection Ombudsman.

For more information about the processing of your personal data, contact the local office that is responsible for your customer relationship or the data protection officer.

TE Services: tietosuoja.keha@ely-keskus.fi

Municipalities participating in local government pilots: municipal data protection officers

te-updated 06.07.2023