Information security and register description

Regulation (EU) 2016/679 of the European Parliament and of the Council 
Issue date 16 May 2018 

Updated on 27 August 2019 – modified in accordance with the new service package 

Updated on 12 December 2019 - added to section 5. "Analytics and feedback system" and supplemented to sections 7 and 11-13

Updated 27 November 2020 - changes to cookies after autumn updates (section 15)

Updated 19 November 2021 - added to section 5 - EURES profile

1. Controller 

KEHA-keskus 
P.O. Box 1000, FI-50101 Mikkeli, Finland 
+358 295 020 000, kirjaamo.keha(at)ely-keskus.fi 

2. Contact person for matters concerning the register 

Ville Koivula

P.O. Box 1000, FI-50101 Mikkeli, Finland 
tyomarkkinatori.keha@ely-keskus.fi 

3. Name of the register 

Job Market Finland (the Service) 

4. Purpose of personal data processing 

The register data contained in the information system is only used for employment services purposes. 

5. Register’s data content 

With regard to private customers, the data recorded in the Service register is based on the data retrieved from the Population Information System and the data provided by the customer. 

With regard to employer customers, the data is based on the Business Information System and partly on the data provided by the employer or the employer's representative. 

The following information concerning identified private customers will be stored: 

  • personal identification data: personal identity code, name, email address, phone number 

  • data concerning education, work experience and expertise 

  • transaction data time stamps 

The following information concerning identified employer customers or their representatives will be stored: 

  • personal identification data: personal identity code, name, email address, phone number 

  • the information recorded in the job posting by the employer customer 

  • basic information concerning the organisation and the customisable marketing data  

In both cases, the following is stored for the duration of the log in session: 

  • authorisation data 

In addition, the following information is stored concerning users who publish their profile on the EURES portal:

  • Gender
  • Country of residence
  • Working languages
  • Citizenship

The job postings, including the information content, are transferred from the customer information system of the Employment and Economic Development Office to the Service.   

The Service user is responsible for the correctness of data they have supplied themselves. 

Analytics and feedback system

The Job Market Finland service uses the Matomo analytics tool to collect statistical data. Examples of such data include:

  • the number of visitors on the services website
  • terminal devices which have been used to access the service
  • web addresses from which visitors to the services originate
  • individual pages that visitors have viewed.

The data collected by the analytics tool never includes the person's name, social security number, or other similar identifying data. The IP address collected by Matomo is also encrypted so that the user cannot be identified. In addition, Job Market Finland does not use this data to attempt to identify individual website visitors. If the user has configured "Do Not Track" in the web browser, the analytics tool will not collect or monitor browsing data. 

In addition, the service may save contact details given by the user - usually email address - if the user leaves feedback. Feedback is used to improve the service, and non-mandatory contact information can be given if the user wishes to receive a response for their feedback. Feedback and contact data are removed from the Zendesk feedback system every 4 months.

6. Regular sources of information 

With regard to private customers, the data recorded in the Service register is based on the data retrieved from the Population Information System and the data provided by the customer.

With regard to employer customers, the data is based on the Business Information System and partly on the data provided by the employer or the employer's representative.

As data sources, the register uses the data resources and services connected to the Service: 

  • suomi.fi identification (Population Information System, requires the data subject’s consent) 

  • suomi.fi e-Authorizations (Business Information System) 

  • customer data system of the Employment and Economic Development Office  

  • data provided by the User 

7. Regular disclosures of data 

Personal data or other information in the service will not be disclosed to an authority or other body without the consent of the user or a party authorised by the user or without the right to obtain information as defined in legislation.

8. Transferring data outside of the EU or the EEA 

The data shall not be transferred outside of the EU or the EEA. 

9. Data protection principles of the register 

The data is on a cloud server that is protected by physical and software protection by, for example, encrypting the databases and data communication.  

The Service uses secure connections, and the users are identified (using strong identification). 

10. Data storage period  

The data will be stored until the user deletes the account or requests the controller to delete the account.  

11. Right to review 

The registered person has the right to check the data stored in the personal data file. You can check the data under “My information” in the “My own pages” section (the Account Manager tab). Preferably, you should inspect the data yourself. It is also possible to submit an inspection request by e-mail to: tyomarkkinatori.keha(at)ely-keskus.fi.

12. Right to demand rectification of data 

Data subjects shall be entitled to demand for rectification of erroneous data in the register. If you do not succeed in correcting the data on your own, a request for rectification should be sent by e-mail to: tyomarkkinatori.keha(at)ely-keskus.fi.

13. Right to erasure 

Data subjects shall be entitled to erase their personal data in the register or to demand for personal data in the register to be deleted. Primarily, the data subjects delete the information themselves under "My Data" in the "My Pages" section ("Manage My Account” window). This removes the data from the service immediately upon deletion. Users may also forward a request to delete data by e-mail to: tyomarkkinatori.keha(at)ely-keskus.fi. In this case, the data will be erased within 30 days of the request. No separate verification of the erasure will be provided.  

14. Other rights related to the processing of personal data 

Personal data are neither used nor disclosed for the purpose of direct advertising, distance marketing or other directing marketing, market and opinion research, registers of individuals, or genealogies. 

15. Cookies 

Cookies are used in the Service. A cookie is a small text file, sent to the user's computer and stored in the computer, that enables the service to identify frequent visitors to a website, facilitate the login process of visitors to a website, and enable the preparation of combined data on visitors. Cookies do not cause any damage to users’ computers or files. When cookies are used, customised information and services can be provided to the users of the Service depending on their needs. 

If you do not want to allow cookies, you may block cookies from the banner appearing at the bottom of the site or from your Internet browser settings. Some cookies are necessary for the functioning of the service and for this reason, the use of the service requires accepting them. However, the user can block the use of cookies related to analytics.

Read more about the use of cookies in Job Market Finland:

16. Log data 

Log files are compiled on the use of the Service that contain event rows related to data security and the operation of the service. Data stored in the log file does not contain information saved by the user; the only stored user data are the user ID and IP address. Data in the log file are only used for investigating any disruptions in the Service and possible data security threats and violations. Access to the log data is only permitted to persons who participate in the resolving of the above-mentioned issues. 

17. Notifications and complaints concerning the processing of personal data 

If necessary, a user can lodge a complaint or appeal with the Data Protection Ombudsman concerning the processing of their personal data.