Privacy statement

 

This Privacy Statement describes, in accordance with the General Data Protection Regulation (EU) 2016/679, how the Bank of Finland processes the personal data of data subjects stored in this personal data file system and the rights of the data subjects. 

 

1. Name of the personal data file system 

 

Statistics users’ 2025 prize draw register 

 

2. Name and contact details of controller and contact details of data protection officer 

 

Bank of Finland 

Business ID 0202248-1 

PO Box 160 

00101 Helsinki 

 

Contact details of the person responsible for the personal data file system: 

Harri Kuussaari 

Email: harri.kuussaari(at)bof.fi 

Tel. +358 9 1831 (switchboard) 

 

Contact details of the data protection officer: 

Email: tietosuojavastaava(at)bof.fi 

Tel. +358 9 1831 (switchboard) 

 

3. Purpose of the processing of personal data and the legal basis for the processing 

 

The purpose of the processing is to organize the prize draw. Personal data cannot be combined with the answers given in the survey.  

 

The registered person has given their consent to the processing of their personal data for the prize draw. 

 

4. Categories of data subjects and categories of personal data 

 

Categories of data subjects: 

  • Those who participated in the prize draw 

Categories of personal data: 

  • First and last name 
  • Email address 
  • Address 

 

5. Recipients or categories of recipients of the personal data 

 

The Bank of Finland may disclose personal data to the competent authorities or other parties subject to the requirements presented in a manner based on the legislation in force at any given time. 

 

6. Notification of possible transfer of personal data to a third country or an international organization 

 

Data are not transferred outside of the EU or the EEA. 

 

7. Period for which the personal data will be stored, or the criteria used to determine that period 

 

Personal data is stored for as long as is necessary to carry out the processing of personal data in accordance with this register. The data is deleted when its storage period has expired. 

 

8. General description of technical and organizational security measures 

 

In order to protect personal data against unauthorized access, disclosure, destruction or other unlawful processing, appropriate technical and organizational security measures are used, taking potential risks into consideration. These measures include the use of secure equipment premises as well as administrative and technical information security solutions. 

 

9. Rights of data subjects 

 

The data subjects have the right: 

  • to request from the controller access to personal data concerning them and the rectification or restriction or erasure of such data or to object to processing as well as the right to transfer data from one system to another.  
  • to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.  
  • to lodge a complaint about the processing of personal data with a supervisory authority. 

 

10. Statutory or contractual requirement to provide data and consequences of failure to provide such data 

 

If the data subject does not provide the necessary information for registration the data subject cannot participate in the draw.