Deficient wage information has been generated on some credit register extracts between October 1 and November 6. The deficiency only applies to a part of credit register extracts requested at this time period. Missing data has been transferred to the register on November 7. Wage information will be correctly shown on the extracts as of 7.11. We apologize for the inconvenience and any harm it may have caused. Read more in the news.

Customer information

Purpose of processing data

We process personal data to identify natural persons, to allocate the data reported by lenders to the correct individual, and to send a notification to the data subject through Suomi.fi Messages when a credit register extract is requested about their data.  

The purpose of the processing is to ensure that the data in the Positive credit register is correct, to help the data subject to monitor the use of their data, and to perform the other tasks of the Tax Administration’s Incomes Register Unit laid down in the Act on the Positive Credit Register.

What data do we process?

In our customer relationship management system, we process the following identifying and contact information about people entered into the Population Information System and having a Finnish personal identity code:

  • name
  • identifying information, such as personal identity code
  • addresses
  • non-disclosure for personal safety
  • mother tongue and contact language.

In our customer relationship management system, we process the following identifying and contact information about small businesses contained in the Business Information System.

  • identifying information (Business ID and personal identity code)
  • addresses
  • contact language.

Where does the data come from?

We have received the data from the Incomes Register, which shares data with the Positive credit register by virtue of the act on the Incomes Information System (Laki tulotietojärjestelmästä 53/2018). The data has been stored in the Incomes Register from the Population Information System and the Business Information System.

Under the Act on the Positive Credit Register, the Incomes Register Unit has the right to update their data from the Population Information System and check a natural person’s personal data in order to verify its accuracy. The Incomes Register Unit has the right to update and check the Positive credit register’s data on a natural person’s business activities from the Trade Register and the Business Information System.

On what basis do we process data?

We process personal data to comply with the Incomes Register Unit’s statutory obligation (General Data Protection Regulation (EU 2016/679), Article 6 (1) (c)). The processing is provided for in the Act on the Positive Credit Register (739/2022).The personal identity code is processed so that a notification can be sent to the data subject through Suomi.fi Messages when a credit register extract about their data is requested from the register. The personal identity code is also processed to provide a service in the public interest (in accordance with Article 6 (1) (e) of the General Data Protection Regulation (EU 2016/679) and section 4, subsection 1, paragraph 2 of the Data Protection Act (1050/2018)).

Disclosure of data

Lenders and other businesses with the right of access to data specify the personal identity code of the target person when they request a credit register extract. We respond to the request by sending a credit register extract containing the personal identity code specified in the request and any registered data allocated to the personal identity code in question.

If the data subject has activated Suomi.fi Messages, they will receive a notification through Suomi.fi Messages if a lender requests a credit register extract about their data. The personal identity codes of the data subjects about whose data lenders request credit register extracts are therefore shared with the Digital and Population Data Services Agency, which uses the personal identity code to check whether the person in question has activated Suomi.fi Messages and then send a Suomi.fi message to notify the data subject that a credit register extract has been requested. The personal identity code is not shared with the Digital and Population Data Services Agency if the data subject has disabled notifications in the Positive credit register’s e-service. The controller of the Suomi.fi Messages service is the Digital and Population Data Services Agency.

We do not disclose other customer details on a regular basis.

Processors

The operational services of our customer relationship management system are provided by Tietoevry Corporation. The Positive credit register has been implemented on the Microsoft Azure cloud service platform. We use the following service providers for application management services, such as troubleshooting: Innofactor Software Ltd, Gofore Plc, Gofore Verify Oy, Fujitsu Finland Oy and Advania Finland Oy. When processing personal data, application management uses a service management system provided by ServiceNow.

Transfer of personal data to third countries

In principle, we do not disclose data to countries outside the EU/EEA. However, in exceptional individual cases, Microsoft may have access to personal data during support and maintenance activities. In data transfer, the transfer basis under the General Data Protection Regulation is the European Commission's decision on the adequacy of data protection under Article 45(1) (Adequacy decision for the EU-US Data Privacy Framework, C(2023) 4745 final) or, where necessary, standard contractual clauses published by the European Commission.

Retention of data

With regard to data retention, we comply with the Tax Administration's information management plan. We retain the data only for as long as necessary for the performance of the Incomes Register Unit's statutory task.

The identifying and contact information of natural persons is deleted no later than 10 years after the end of the year in which the natural person died or was declared dead.

The identifying information submitted to the Digital and Population Data Services Agency about credit register extracts and the data on the sending of notifications through Suomi.fi Messages will be removed after 3 years.

Your data protection rights regarding the processing of personal data

As a controller, the Income Register Unit is responsible for enforcing your data protection rights based on the EU's General Data Protection Regulation. You can make a free-form written request regarding your data protection rights and send it to us to the address below:

POSITIVE CREDIT REGISTER
P.O. BOX 2
FI-00055 Incomes Register

You can find more information about your data protection rights on the website of the Office of the Data Protection Ombudsman.

If you need help in exercising your rights, you can contact our customer service.

Right to view personal data

You have the right to know if we are processing your personal data. You are also entitled to receive a copy of your personal data that we process.

You can submit us a request to view your personal data with the paperform or contact form below.

Request to view personal data

Contact form

Right to rectify data

You have the right to request us to rectify your inaccurate or incorrect personal data without any undue delay.

Right to restriction of processing

If you think the data we are processing about you is incorrect, if the data is processed against the law or if you have opposed the processing of your data, you can request us to restrict the processing of your personal data.

Right to oppose data processing

When the processing of your personal data is not based on our statutory obligation, you have the right to oppose the processing. In such a case, we may no longer process your personal data, except if there is a justified reason of great importance that supersedes your interests, rights and freedoms, or if the processing is necessary for the purpose of preparing, presenting or defending a legal claim.

If you do not want to receive notifications of requested credit register extracts through Suomi.fi Messages, you can disable them in the Positive credit register’s e-service.

Right to file a notification with the supervisory authority

You have the right to file a notification with the Data Protection Ombudsman regarding the processing of your personal data. Further information and instructions on how to file a notification are available on the website of the Office of the Data Protection Ombudsman.

Page last updated 4/22/2024