Privacy statement for the case and document management system
Finnish Patent and Registration Office (PRH)
Mailing address: Finnish Patent and Registration Office, FI-00091 PRH, Finland
Street address: Sörnäisten rantatie 13 C, Helsinki, Finland
Tel. +358 29 509 5000
Representative of controller
Ms Marja Hakkarainen
Tel. +358 29 509 5925
Data protection officer
Tel. +358 50 413 65003
Purpose of and legal basis for processing personal data
The case and document management system is a register (record) and electric archive for general administrative matters and documents at the Finnish Patent and Registration Office (PRH).
The system contains information about the PRH’s statutory duties, administration, procurements and permit matters, internal documents, recruitments, correspondence with authorities and ministries, and the like.
The system is also used for processing matters related to auditor oversight, the Print Register of housing companies, the monitoring of organisations for collective management of copyright, and the industrial property attorney board.
The result areas of the PRH also use separate case management and record systems called substance registers, such as the Finnish Trade Register and the Finnish Trademark Register.
The PRH uses the case and document management system to monitor the processing of pending general administrative matters and to give information about their progress, processing steps and the related decisions.
The case and document management at the PRH complies with the Finnish Act on the Openness of Government Activities, the General Data Protection Regulation, and the instructions and regulations based on them.
The reason for the processing is the management of matters related to the controller’s legal obligations.
Personal data and categories of data subjects in the register
The case and document management system contains personal details about pending and resolved matters. Such details include:
- details about the party initiating the matter and other parties involved, i.e. the name, address and contact details of the person, company or organisation; and
- other specifying details required for processing the matter, such as the personal identity code, Business ID, and occupation and education details.
In addition, the system is used for storing descriptive data about the matters and documents and information about the processing and decisions.
The matters and documents to be registered may contain sensitive data, i.e. details included in special categories of personal data, or confidential data.
Categories of data subjects related to general administrative matters at the PRH:
- the PRH’s employees (for maintenance and changes of the employment relationship); and
- persons who have applied for a post or fixed-term public-service position at the PRH.
Categories of data subjects related to the PRH’s procurements:
- representatives of tenderers and other economic operators interested in the PRH’s procurements;
- employees or persons in charge, subcontractors, ordering parties and contact persons set out by the tenderers for their products or services; and
- suppliers’ representatives and contact persons.
Categories of data subjects related to the substance areas of the PRH:
- the PRH’s customers (for prohibitions of registration, customer contacts and the like);
- contract clients of the Trade Register’s information service Virre;
- persons who have registered for an auditor examination, and persons entered in the Register of Auditor Examinations and the Register of Auditors;
- persons who have registered for an industrial property attorney examination, and persons entered in the Register of Industrial Property Attorney Examinations and the Register of Industrial Property Attorneys;
- customers for the monitoring of organisations for collective management of copyright; and
- the persons concerned and other parties involved in judicial matters.
Sources of information
The data recorded in the system are obtained from documents submitted to or drawn up at the PRH, and from customers and users of the system.
Disclosure of personal data to third parties
The data can only be disclosed within the limits that the legislation in effect will oblige and permit, or with the controller’s consent.
The documents are public documents as referred to in the Act on the Openness of Government Activities (621/1999), and they are available for viewing on request. Public documents are disclosed on request according to the requirements in sections 13 and 16 of the Act.
Confidential data are only disclosed and available for viewing with the consent of the person in question, or to a party involved, or based on a legal right.
Transfer of personal data to countries outside the EU or the EEA or to international organisations
No data are transferred to countries outside the EU or the EEA or to international organisations.
Storage periods of personal data
The storage periods of the registered personal data are based on a filing plan. The storage periods vary depending on the matter and type of document.
Profiling and automated decision-making
The registered data are not used for profiling, and no automated decision-making is performed on the data.
Right of access to personal data
The data subject has the right to check what personal data about them have been entered into the register, or to find out that there are no such register entries. The data subject can ask the controller for access to their personal data. Read our instructions on how to request access to data.
Right to rectification of data
The data subject has the right to demand that the controller rectify without undue delay any inaccurate or incorrect personal data concerning them. Read our instructions on rectification of data.
Right to restriction of processing
The data subject has the right to demand that the controller restrict the processing of data, if the data subject contests the accuracy of the personal data. The idea is to restrict the processing while the controller verifies the accuracy of the personal data.
Right to lodge complaint with supervisory authority
The data subject has the right to lodge a complaint with the supervisory authority (the Data Protection Ombudsman).