Maaseudun Terveys- ja Lomahuolto

Tuettuja lomia ja tukihenkilötoimintaa

Privacy statement

1. Name of the personal data register
Holiday support register

2. Data controller
Maaseudun Terveys- ja Lomahuolto (referred to as MTLH below)
Ruoholahdenkatu 8, 4th floor
00180 Helsinki

Contact person in matters related to the register:
Executive Director Anne Ylönen
+358 (0)10 504 5758
lomat@mtlh.fi

3. Addressing the requests of the data subject
Written requests related to the rights of the data subject in line with the sections 11–16 are sent using the following address:
Matters related to personal data
MTLH
Ruoholahdenkatu 8, 4th floor
00180 Helsinki

4. Grounds for the processing of personal data
MTLH has the right to process personal data as the data describes the position of a person, their duties or the performance of these duties in a public sector entity, business and industry, activities of a civil society organisation, or other corresponding activities, in so far as the objective of the processing is of public interest and the processing is proportionate to the legitimate aim pursued (Section 4 of the Data Protection Act).

The criteria for making personal data processing legitimate is the voluntary and informed consent of the data subject, i.e. applicant of the supported holiday, that has been clearly expressed in the holiday support application.

5. Purposes of use
The personal data in the holiday support register of MTLH is processed for the following purposes of use:

  • in line with the data protection legislation and specific legislation such as the Act on Discretionary Government Transfers (688/2001) and the Government Decree on State grants to non-profit organisations and foundations for the promotion of health and social welfare (1552/2016) in order to grant holiday support that is funded by means of STEA funding and ruled by the Government, to make financial aid decisions and to handle other related duties

6. Data contents
The following personal data of the holiday support applicant are stored in the holiday support register of MTLH:

  • Information needed to identify the applicant, their partner and children:
  • First and last names
  • Social security number
  • Contact information
  • Marital status
  • Applicant’s holiday requests
  • Information about any holiday support previously applied for by and granted to the applicant and their partner.
  • Information related to the financial position of the applicant and their partner (such as income information)
  • The reasonings provided by the applicant related to their health or social position that support their application
  • Contact and communication with the applicant
  • Supported holidays granted to the applicant and the decisions to financially support the applicant
  • Information related to invoicing
  • Information about the involvement of any external authorities or parties in the implementation of the holiday

7. Use of cookies
The use of cookies and other online identifiers in the online service of MTLH (www.mtlh.fi) ensures the implementation of online services and improves the safety and user friendliness of the service. Cookies are small text files that are sent to the user’s browser when they visit a website. They are used, for example, for compiling statistics on visitor traffic on the website or to save visitor-specific settings.

Based on the information collected in the online service, MTLH can analyse and develop its services by knowing which contents are interesting for the users and how the online service is being utilised by visitors.

The user of the online service may consent to or prohibit the use of cookies in their browser settings or by utilising a specific service. If the cookie function is disabled, it is possible that some of the services of the MTLH website will be unavailable.

8. Regular sources of data
Personal data is collected from the data subject themselves based on the consent they have given in their holiday support application. Personal data of the applicant’s partner or children may also be collected by utilising the holiday support application within the limits permitted and required by valid legislation.

9. Data disclosures and the transfer of data
MTLH can disclose data within the limits permitted and required by valid legislation.

MTLH may disclose data essential data to service providers in order to organise and provide a holiday.

MTLH may disclose data to the authorities or other external parties where necessary in order to verify the data subject’s right for a holiday and to carry out invoicing.

Personal data will not be transferred outside the EU or EEA. MTLH can disclose data within the limits permitted and required by valid legislation.

10. Automatic decision-making
Data subjects have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. Automated decision-making is permitted if the decision is necessary for entering into, or performance of, a contract between the data subject and a data controller.

11. Right to inspect your data
Data subjects have the right to inspect which of their personal data has been stored in the register.
The inspection request must be sent in writing containing the data subject’s signature (contact information can be found under section 3).
The inspection request can also be presented in person at the premises of MTLH at the above-mentioned address.

12. Right to data portability
The data subject is entitled to receive as a file the personal data processed by the information systems that applies to them, which they have supplied to the controller and whose processing is based on the data subject’s consent or an agreement with the data subject. The data subject may also request that the controller transfer the data in question to another controller if this is technically possible.

13. Right to rectification
The data subject is entitled to require that inaccurate personal data be rectified.
The changes in personal data will primarily be made in connection with use of the service following authentication.
The request must contain a name and identity number, a specific and justified request for rectification and an explanation of how the information should be rectified.

14. Right to object
The data subject has the right at any time to object to the processing of personal data concerning them on the basis of their personal specific situation.

The data controller is then no longer allowed to process the personal data unless it can demonstrate that there is a substantial and justified reason for the processing such that it overrides the interests, rights and freedoms of the data subject or the processing is necessary for the establishment, presentation or defence of a legal claim.

15. Right to restriction of processing
The data subject may request that MTLH limit the processing of their personal data when:

The accuracy of the personal data is contested by the data subject.
The processing is verifiably and justifiably unlawful and the data subject opposes the erasure of the personal data.
When MTLH expresses that it no longer requires the personal data that has been requested to be restricted for the purposes of the processing as specified in the privacy statement, but the data subject requires them for the establishment, exercise or defence of legal claims.
The data subject has objected to the processing of the personal data, pending verification of whether the legitimate grounds of the controller override those of the data subject.
The request must contain a name and identity number, and a specific and justified request for restriction.

16. Retention periods and right to erase data
MTLH retains personal data for as long as any one of the processing grounds presented in section 4 of this privacy statement is valid and the personal data is necessary for its purposes.

Personal data shall also be erased, if necessary, when the data subject objects to the processing of personal data based on a legitimate or general interest, and there are no other grounds for the processing.

17. Right to appeal to regulatory authorities
A data subject has the right to refer a matter to the Data Protection Ombudsman for consideration if they consider that the relevant legislation is being infringed in the processing of personal data concerning them.

18. Principles of registry protection
At MTLH, information security and the protection of personal data are an integral part of the functionality and architecture of the information systems. Requirements for the information systems’ security and the integrity, confidentiality, availability and continuity of the data processing are always established beforehand when the systems are designed. MTLH processes all personal data securely and in the manner prescribed by legislation and systematically develops and inspects information security.