Privacy notice: Processing personal data of persons taking part in ESF
Processing personal data of persons taking part in ESF
Privacy notice: Processing personal data of persons taking part in ESF: joint informative document for data subjects (Articles 13 and 14 of the General Data Protection Regulation [2016/679]).
Purposes of processing personal data
The purpose of data collecting is to demonstrate how well the ESF projects have succeeded in meeting the set objectives.
The aim of data collecting is to monitor that the ESF project measures are targeted at those persons whom the ESF funds were intended in the Finnish Structural Funds programme approved by the European Commission.
Legal basis for processing
The basis for processing personal data is public interest. Data is collected with the person’s consent. Data is collected using a paper form and, by signing it, the person gives his/her consent to record and use his/her personal data for project purposes as provided under the ESF rules and regulations. The person may refuse, completely or partially, to provide his/her personal data.
The processing of personal data is based on:
- EU General Regulation 1303/2013
- EU ESF Regulation 1304/2013
- Finnish Act on Regional Development and the Administration of Structural Funds (7/2014)
- Finnish Act on the Funding of Regional Development and Structural Fund Projects (8/2014)
- Finnish Government Decree on Regional Development and the Administration of Structural Funds (356/2014)
- Finnish Government Decree on the Funding of Regional Development and Structural Fund Projects (357/2014)
- Finnish Government Decree on the Eligibility for Support of Costs Part-financed by a Structural Fund (358/2014).
Personal data content and retention periods of the register
|Data category name|
|Personal identity code|
|Foreign background (yes/no)|
|Disability benefit or disability (yes/no)|
|Homelessness or under threat of homelessness (yes/no)|
The information shall be kept for 10 years from the project end date confirmed in the financing decision of the project.
The authority granting the financial support may continue the retention period pursuant to the fourth subparagraph of Article 140(1) of Regulation (EU) No 1303/2013.
The register contains information on the participants of ESF projects. By ‘participant’, it is referred to a person outside HAMK or HAMI taking part in the projects.
Regular sources of data
Personal data is obtained from the data subject.
Regular disclosures of data
Data is entered in the ESF Person system owned by the Finnish Ministry of Employment and the Economy. The designated persons of the Ministry of Employment and the Economy are entitled to review all data within the limits set by applicable laws and regulations.
The authority financing the project does not have the right to demand the project executor to disclose participant-level data. However, the financing authority does have the right to verify the existence of original forms and content on which the data in the register is based. The auditor of the authority granting finance has the right to request the project executor to show, however, not to disclose printouts or images, directly from the ESF Person system the participant data in order to verify the audit trail. The same applies to other national or EU-level authorities inspecting the project.
Principles of data protection of the register
A Manual material
Data is collected directly from data subjects using a paper form. Paper forms are retained in a safe and disposed of in a locked paper collection container.
Forms are not to be copied or saved in digital form.
B Data processed through automated data processing
Data is stored in the ESF Person system. The system is accessed using the Katso Identification System. Each project has their own password for the system. The password is communicated to designated persons involved in the project and designated persons in financial management. With regard to collaboration projects, only the main project executor is granted with access to the system.
No automated decision-making is performed on the recorded data.
Transfer of data outside the EU or EEA
No data is transferred outside the EU or EEA.