Processing of personal data in the Tax Administration’s certificate service
Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, Articles 13 and 14.
Controller |
The Tax Administration Street address: |
---|---|
Data Protection Officer at the Finnish Tax Administration |
Noora Kontro Taito von Konow P.O. Box 325, FI-00052 VERO |
Purpose of the processing of personal data |
Personal data is processed in order to identify an individual data subject for giving them an authorisation for using the certificate service relating to the Tax Administration’s, the Incomes Register’s or the Positive credit register’s APIs. Personal data may also be processed for purposes of monitoring, when the Controller needs to examine the integrity of submitted data or when the Controller needs to prevent, examine or stop any abuse connected to data reporting. The Tax Administration also uses personal data for identifying contact persons in companies that use certificates. |
Categories of data subjects |
Data on the contact persons/authorised persons of companies and organisations that submit applications for a certificate |
Categories of personal data |
|
Categories of recipients of personal data |
Personal data is forwarded and disclosed to parties that use it for other purposes only in circumstances laid down in law. Under provisions of law, personal data can be forwarded and disclosed to public authorities and to other parties who are legally entitled to it. |
Disclosure of data to third countries |
Data will not be disclosed to third countries. |
Time limits for erasure of data categories |
Personal data saved in the certificate service is stored for varying periods depending on when the certificate expires and on the needs for storing event log information. A certificate is valid for two years at a time. After expiration of a certificate, the associated personal data is deleted when five (5) years have elapsed from the start of the calendar year that followed the year when the certificate expired. Information is stored after expiration in order to facilitate investigation of any crimes that may be committed with certificates. |