Processing of Personal Data

EU General Data Protection Regulation (GDPR) and processing of personal data in Vörå municipality

The European Union’s General Data Protection Regulation (GDPR) entered into force in May 2016 and has been applied nationally since 25 May 2018. The GDPR is directly applicable legislation that must also be adhered to in municipal activities. It specifies and unifies rules for the processing of personal data in EU member states. The GDPR shall be applied to the processing of personal data both within the public and private sector. Its purpose is to ensure the people’s right to protect their personal data and, consequently, their right to privacy in the age of digitalization.

Processing of personal data in Vörå municipality

Vörå municipality processes personal data in a legal and appropriate manner and in accordance with the provisions of the EU General Data Protection Regulation and other laws defining the secure processing of personal data. The personal data register or processes connected to personal data managed by the municipality are necessary for the management of services provided and administered by the municipality and for which it is responsible. Each personal data processing that the municipality carries out contains only such information that is absolutely necessary for a specific purpose. The register primarily contains personal data such as a person’s name, social security number, address, phone number, and electronic addresses. Pursuant to the GDPR, the data subject shall have the right to know upon request what data is stored about himself of herself in a register and on which legal grounds the data is processed. By exercising his or her right of access, the data subject can also demand the rectification of inaccurate data.

How does Vörå municipality process your personal data?

The purpose of the GDPR is to prevent the violation of a person’s privacy due to unsafe or incorrect processing. An individual’s personal data may be processed if there is a legal basis or obligation to do so or if consent has been given in accordance with the GDPR. Vörå municipality collects personal data solely for specific and predetermined purposes; in other words, personal data is not collected unnecessarily. The legal basis for the processing of personal data in the municipality is based on the exercise of public authority, legal obligation, or that the processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into such a contract.

Vörå Municipal Executive Board has decided that the municipality’s Municipal Committees shall act as data controllers within their area. Data Protection Officer: Sofia Nordback

If you have questions concerning the municipality’s processing of personal data, please contact the municipality via e-mail, dataskydd@vora.fi.