Data protection

The EU General Data Protection Regulation 2016/679 sets out the principles for the processing of personal data.

Under the GDPR, a person must be informed if his or her personal data are recorded in a personal register. The purpose of the Personal Data Act is to implement the fundamental rights to privacy in the processing of personal data and to promote the development of and compliance with good data processing practices. Personal data include, inter alia, name and address. Personal data may be collected and stored, for example, when there is a material connection between the controller and the data subject, such as a customer, service or student relationship.

Rights of the data subject

The data subject must be informed of the purposes of the processing, the purposes for which the data will be disclosed and the data subject’s rights. By exercising his or her right of access, the data subject may also, as a data subject, request the correction of inaccurate data.

The data subject has the right to obtain confirmation from the controller that personal data concerning him or her are or are not being processed. The controller shall provide a copy of the personal data being processed upon request. If the data subject requests more than one copy, the controller may charge a reasonable fee based on administrative costs.

The controller shall provide the information without undue delay and in any event within one month of receipt of the request. This period may be extended by a maximum of two months where necessary, taking into account the complexity and volume of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request and of the reasons for the delay. If the controller does not take action on the basis of the data subject’s request, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons and of the possibility to lodge a complaint with a supervisory authority and to exercise other legal remedies.

Access to own data on request, information provided under Articles 13 and 14 of the EU General Data Protection Regulation and all information and measures based on Articles 15 to 22 and 34 are free of charge.

If the data subject’s requests are manifestly unfounded or excessive, in particular if they are repeated, the controller may either.

(a) charge a reasonable fee taking into account the administrative costs of providing the information or communication or of carrying out the requested action; or

(b) refuse to carry out the requested action.

In such cases, the controller must demonstrate that the request is manifestly unfounded or unreasonable.

For more information on personal data legislation

Requests relating to the rights of the data subject

Requests relating to the rights of the data subject shall be delivered to the registry office of the City of Kemijärvi (Hallituskatu 4) with proof of identity on the spot.

You can come to the Registry to collect the information you have requested, or it can be sent to you by registered post.

Privacy policy

This page contains the data protection and register descriptions of the City of Kemijärvi. Each service and responsibility area is responsible for the accuracy and timeliness of its own register descriptions.