The wellbeing services county of Vantaa and Kerava county´s customer feedback system ROIDU

Privacy Notice, General Data Protection Regulation (679/2016)

Prepared 29.4.2026

1 Name of the register

The wellbeing services county of Vantaa and Kerava county’s customer feedback system ROIDU

2 Data controller

Name:
The wellbeing services county of Vantaa and Kerava county’s executive

Postal address:
PL 1000, 01088 Vantaan ja Keravan hyvinvointialue

Other contact information:
Wellbeing services county exchange 09419191
kirjaamo.vantaanjakeravanhyvinvointialue@vantaa.fi

3 Person responsible for matters regarding the register and data protection officer

Person responsible for register:
Director for group services
Mikko Hokkanen

Data protection officer:
tietosuojavastaava@vakehyva.fi

4 The purpose of processing personal data and legal basis of processing

The purpose of processing personal data is to monitor and develop services by sending customer questionnaires via text messages, reporting responses, handling freely written feedback, and contacting the feedback provider when requested.

Legal grounds under GDPR (2016/679):

  • Article 9(2)(a): explicit consent of the data subject
  • Article 9(2)(a): processing necessary for administration of health and social care services

Additionally, internal guidelines and policies of the wellbeing services county are followed.

5 Data content of register

Web feedback may include name, telephone number, or email address if the person wants a response. Feedback can also be given anonymously.

For SMS surveys, the following data is transferred from the Apotti system:

  • technical Event ID
  • phone number
  • visit date and time
  • visit type
  • mother tongue
  • age
  • municipality
  • unit OID code

6 Lawful data sources

  • From the feedback giver
  • From the customer and patient data system (Apotti)

7 Lawful transfer of data and transfer outside EU/EEA

Data is processed within EU/EEA systems.

It is not normally transferred outside the EU/EEA. In certain cases, transfer may occur to countries with an adequate level of protection or with appropriate safeguards (e.g. standard contractual clauses).

8 Storage times of data

  • Contact information: removed quarterly
  • Feedback: stored for 5 years

9 Principles for protecting the register

Manual data:
Stored securely and destroyed after being transferred to the system

Electronic data:

  • Systems protected according to security regulations
  • Access based on work role
  • Personal user IDs and passwords
  • Passwords changed regularly
  • Access removed after employment ends
  • Staff have signed confidentiality commitments

10 The data subject’s rights

The data subject has the right to:

  • access their data
  • request correction
  • request deletion (non-statutory data)
  • restrict processing
  • object to processing
  • transfer data
  • withdraw consent
  • not be subject to automated decision-making

Requests can be made:

  • via online service: https://asiointi.vakehyva.fi/ (Tietopyynnöt section)
  • via printed form from www.vakehyva.fi/fi/tietopyynnot
  • at service points

Service locations:
Vantaa Info (Korso, Myyrmäki, Tikkurila)
Kerava (Sampola service centre, Health Centre)

Identity verification is required.

If a request is denied, a written explanation is provided and the right to complain is explained.

11 Automated decision-making, including profiling

No automated decision-making or profiling is used.

12 Other matters regarding processing of personal data

Unfounded or excessive requests may result in:

  • a reasonable fee, or
  • refusal to act

13 Right to appeal

The data subject may lodge a complaint with the Data Protection Ombudsman if they believe GDPR has been breached.

Contact details:
Lintulahdenkuja 4, 00530 Helsinki
PO Box 800, 00531 Helsinki
Tel: 029 56 66700
tietosuoja@om.fi