SOLMU project consortium data security and treatment of personal data

SOLMU customer register

SOLMU – New services for Helsinki region mobility hubs

The SOLMU project develops mobility services in cooperation with businesses, focusing on mobility hubs and launching an ecosystem for regional transport service development.

This statement describes how your personal data is processed in the joint project of the City of Helsinki, the City of Espoo, and Forum Virium Helsinki (hereinafter FVH).

Register owners

The register controllers referred to in the EU General Data Protection Regulation (EU) 2016/679 (”GDPR”) are:

Helsingin kaupunki
Kansakoulukatu 3 (PL 70)
00099 Helsingin kaupunki

Espoon kaupunki
PL 12
02070 Espoon kaupunki

Forum Virium Helsinki Oy
Unioninkatu 24
00130 Helsinki

Project contact persons for register

The persons to whom questions regarding the processing of personal data can be addressed are: for the City of Helsinki, Jari Honkonen, jari.honkonen@hel.fi; for the City of Espoo, Kati Borgers, kati.borgers@espoo.fi; and for FVH, Jussi Knuuttila, jussi.knuuttila@forumvirium.fi.

Requests for exercising the data subject’s rights should be directed to the City of Helsinki’s Data Protection Officer at tietosuoja@hel.fi, the City of Espoo’s Data Protection Officer at tietosuoja@espoo.fi, or FVH’s Chief Information Officer Juhani Kantola at juhani.kantola@forumvirium.fi.

The purpose of the register

The project focuses on the business development of mobility services, particularly those at mobility hubs and their commercial offerings. It also aims to create a regional ecosystem for transport service development. The project seeks to enhance the appeal and functionality of mobility services like public transport and travel chains, while promoting equal access to mobility.

Within the project, events and workshops will be organized. Personal data will be collected for communication purposes based on the individual’s consent.

Stakeholder surveys will be conducted to support the project’s activities. For these surveys, personal data will be collected from openly available sources found on the internet. The personal data will be processed by a project team of approximately 10 individuals who are employees of the City of Helsinki, the City of Espoo, and Forum Virium Helsinki.

No automated decision-making or profiling will be carried out with respect to personal data.

Legal basis for processing personal data

Personal data is processed on the following grounds, in accordance with Article 6(1) of the EU General Data Protection Regulation:

Data subject’s consent

In cases where the processing of personal data is based on consent, the individual who provided the personal data has the right to withdraw the consent that allowed for its processing.

Register data

The processing of personal data concerns the following groups of data subjects and categories of personal data. For each data subject, only the necessary personal data will be processed.

Groups of data subjects

Individuals invited to and/or participating in project activities.
Individuals providing expert support for project implementation.
Individuals representing the project’s partners, network, and communication partners.
Basic and contact information of the individual, such as name, position in the organization, organization, email address, and phone number.
Information collected through surveys and interviews, such as organization size, industry, interest in the project, project ideas, and collaboration opportunities with the project consortium.
Participation details for events, webinars, or workshops.

The project does not collect or process special (sensitive) personal data.

Data sources for collected personal data

Personal data based on consent is collected directly from the individual using communication tools (e.g., name, organization, job title, email, and phone number), interviews, and questionnaires.

Personal data corresponding to the categories of personal data may also be collected to support the project from openly available data sources, such as via the internet, or through the project’s funder (ERDF/Uusimaa Regional Council) or collaborating parties, network, and communication partners.

Disclosures of personal data outside the project consortium

Personal data may, if necessary, be disclosed to the project’s partners (such as event organizers or trainers) or other personal data processors who participate in the implementation of the project’s activities. Otherwise, personal data will not be disclosed outside the project’s project team.

Personal data of representatives of SMEs participating in the project may be disclosed to the authorities funding the project in connection with project reporting, insofar as their participation meets the criteria for the project’s indicators.

For annual reports, research activities, etc., only statistical data that does not contain personal data will be released from the system.

Data Systems of the register

The personal data register processes information using the following different information systems, applications, software, and electronic services.

City of Helsinki

For email communication, the City of Helsinki uses its Microsoft Exchange email system. This email system operates on servers located in Finland. Additionally, personal data may be processed in the Microsoft Dynamics 365 system.

City of Espoo

For email communication, the City of Espoo uses its Microsoft Exchange email system. This email system operates on servers located in Finland. Additionally, personal data may be processed in the Microsoft Dynamics 365 system.

Podio

The joint register’s storage system is Podio. The system’s servers are located in the EU/EEA area (Denmark).

Forum Virium Helsinki

For email communication and file archiving, Forum Virium Helsinki uses its Google Workspace system. This system operates on Google’s servers within the EU/EEA region.

EURA 2021

In accordance with the project funder’s instructions, personal data is also processed in reports submitted to the funder’s EURA 2021 system.

Project duration and personal data processing after project completion

The project duration is October 1, 2024 – December 31, 2026. The funder has defined archiving requirements for the project material. After the project ends, the joint register will be closed, but the data used in the project will be archived in FVH’s electronic archive in accordance with the funder’s requirements. Only Chief Information Officer Juhani Kantola will have access to the archived data. In addition, access to the archive will be granted to auditors for the duration of the audit.

The parties of the project consortium must submit a report on the progress of the project for project monitoring (monitoring report) in connection with each payment application. The parties must follow the instructions in the EURA 2021 system when preparing the monitoring report. The report must show how the objectives set for the project, including quantitative objectives, and other information in accordance with the conditions of the support decision, have been achieved. The monitoring report is submitted in the EURA 2021 system.

The beneficiary must retain accounting records and other project material for at least five years from the beginning of the year following the year in which the last payment installment of the project was paid to the beneficiary, unless national legislation or European Union law concerning minor or state aid requires a longer retention period. All material referred to above must be readily available for inspections.

For purposes defined by the funder, only the following personal data will be archived: first name, last name, email address, company name, business ID, and participation details (event name and time). Other personal data will be deleted from the systems.

Principles of personal data protection

In the management of the register, the information security and data protection guidelines of the City of Helsinki, the City of Espoo, and FVH are followed. Access to databases and systems, as well as the use of personal data, is restricted to those who have the right to process personal data by virtue of their work. Individuals who have the right to process personal data are committed to observing confidentiality or are subject to appropriate statutory confidentiality obligations. Manual material is stored in a locked space, and access is restricted to authorized parties.

Data processed in information systems is protected by:

Usernames
Passwords

Processing of identification data

Direct identifiers are removed during the analysis phase.

Right to inspect, correct or remove personal data

The data subject’s rights are determined according to Articles 15-22 of the EU General Data Protection Regulation as follows:

Withdrawal of consent and deletion of consent-based data
Right to access and rectify data
Restriction of data processing
Portability of consent-based data from one system to another
Right to object to the processing of personal data

City of Helsinki Data Protection Officer: tietosuoja@hel.fi

City of Espoo Data Protection Officer: tietosuoja@espoo.fi

FVH Controller Contact Person: Juhani Kantola, Chief Information Officer, juhani.kantola@forumvirium.fi

You have the right to lodge a complaint with the Office of the Data Protection Ombudsman if you believe that the processing of your personal data has violated applicable data protection legislation.