Privacy Statement - 112 Suomi -application

19.12.2023

1. Name of data file

112 Suomi mobile application

2. Controller

Hätäkeskuslaitos
Satakunnankatu 3-5
PL 112
28131 Pori
E-mail: [email protected], phone 0295 480 112 (switchboard)

3. Contact person for enquiries concerning the data file

Senior Software Engineer Sami Suomalainen
PL 112
28131 Pori
E-mail: [email protected], phone 0295 480 112 (switchboard)

4. Data Protection Officer

Data Protection Officer
PL 112
28131 Pori
E-mail: [email protected], phone 0295 480 112 (switchboard)

5. Purpose and legal basis of personal data processing

The 112 Suomi mobile application (“the application”) is free to download from application stores to Android, Huawei, iPhone, Windows and Jolla smartphones, albeit updates are no longer available for the last two. When a call is made to the emergency number (112) via the application, the caller’s telephone number and exact location are automatically communicated to the dispatcher, which speeds up call handling. This works when calling in Finland and abroad in a country that has joined PEMEA. Read more about PEMEA and the member countries.

When you go from the application to Kela’s Interpreting Service for the Disabled to make an emergency call in sign language, your phone number and exact location are automatically given to the Emergency Response Centre.

The application is used to send public safety alerts to subscribers. The application makes it possible to identify the public safety alerts that are relevant to subscribers based on the location of their smartphone. The application is also used to send other official public announcements to subscribers. The application makes it possible to identify the public announcements that are relevant to subscribers based on the location of their smartphone. In addition to other public announcements, the application is also used to publish location-based, regional road traffic disruption announcements sent by Fintraffic. The user can select whether they want to get announcements about road traffic disruptions. Other additional features in the application include a list of non-emergency telephone numbers, which can also be called via the application. The list includes the following non-emergency telephone numbers: Maritime search and rescue, Medical Helpline, Police helpline, the national Road User Line, Poison Information Centre, Public Service Info, Crisis Helpline, the Mannerheim League for Child Welfare’s helpline for children and young people, Nollalinja violence helpline, the Finnish Ministry for Foreign Affairs, The international number of the Emergency Response Centre Agency and the European missing children hotline. In addition, the 112 Suomi application provides a link to SoteDigi Oy’s Omaolo.fi online service for self-assessment of COVID-19 symptoms. When proceeding to the Omaolo.fi online service via the link and filling in the COVID-19 check-up in the online service, no information about the user is communicated to SoteDigi Oy.

Furthermore, the application lists the nearest automatic external defibrillators based on the location of the phone. Retrieving the list in the application does not communicate any information about the user to third parties. The application takes the location of the user’s nearest defibrillators from the defi.fi database, which the Finnish Heart Association, the Finnish Red Cross and the Finnish Resuscitation Council manage.

In addition, the 112 Suomi application provides a link to Finnish Ministry of Foreign Affairs’ matkustusilmoitus.fi online service where one can leave one’s travel plans and details to the Ministry of Foreign Affairs. When proceeding to the matkustusilmoitus.fi online service via the link, no information about the user from 112 Suomi application is communicated to the Ministry of Foreign Affairs. 

The Emergency Response Centre Agency processes subscribers’ personal data on the basis of their consent pursuant to Article 6.1.a of the EU’s General Data Protection Regulation.

6. Retention of personal data in the data file

The data are kept for a period of 24 hours, after which they are automatically erased.

7. Content of the data file

The application collects the following personal data from subscribers:  telephone number and location.

8. Regular sources of data

Subscribers are asked to enter their mobile telephone number when they first download the application. The other data are collected automatically via the application.

Callers’ location is stored on the service provider’s cloud-based server for a period of one hour after they press the “Call 112” button. The data can only be accessed by the Emergency Response Centre Agency, and the ERC information system only tracks the caller’s location for the duration of the call.

The location data is stored for one hour on the service provider’s cloud-based server after selecting Go to the remote interpreting service. The data can only be accessed by the Emergency Response Centre Agency and the ERC information system only tracks the caller’s location for the duration of the emergency call made by an interpreter from the remote interpreting service.
The location of smartphones that are used to call the maritime search and rescue emergency number via the application is also stored on the service provider’s cloud-based server for a period of one hour. These data are only available to the maritime search and rescue command centres maintained by the Border Guard. Pursuant to section 3 of the Maritime Search and Rescue Act (1145/2001), the Border Guard is the maritime search and rescue authority in charge, directing and conducting, for example, maritime search and rescue operations.

The location of smartphones that are used to call the national Road User Line via the application is also stored on the service provider’s cloud-based server for a period of one hour. Only the helpline operator can access the data. Calls to the national Road User Line are forwarded to the Traffic Management Centre. The Traffic Management Centres are operated by Fintraffic Tie Oy, which is in charge of managing road traffic on Finnish roads. Fintraffic Tie Oy is part of Fintraffic, which is a state-owned enterprise with a special mandate from the Finnish Ministry of Transport and Communications.

Public safety alerts and other public announcements are sent to all phones on which the application has been installed and that have the continuous use of location information allowed. The location specified in the public safety announcement or other public notification determines whether the user’s phone issues a notification. The public safety alert or other public announcement feature does not communicate the user’s location to a cloud service or elsewhere.
Regional road traffic disruption alerts (“traffic alerts”) are sent to all phones on which the application has been installed that have continuous use of location information as well as the option Traffic alerts shown enabled. The location specified in the traffic alert determines whether the user’s phone issues a notification. The traffic alert feature does not communicate the user’s location to a cloud-based server or elsewhere.

The app asks for permission to access the user’s location and the user’s fitness and exercise data. This permission is used to reduce battery consumption. If the user does not grant permission to access the fitness/exercise data, it may lead to higher battery consumption. A library included in the app detects when the user is stationary or moving and updates the phone location data accordingly. If this permission is not granted, the location data will be updated even when the user does not move. However, the app works as normal without this permission.

9. Transmission, disclosure and recipients of data

Personal data collected via the application in connection with emergency calls are shared with emergency response centres. ERCs get access to callers’ exact location and telephone number. Also when you go from the application to Kela’s remote interpreting service to make an emergency call in sign language, the application gives your exact location and phone number to the ERC’s if an emergency call is made by an interpreter from Kela’s remote interpreting service. The disclosure of location information to Emergency Response Centres is communicated on the application screen in connection with the link to the service. The operation of ERCs is governed by the Finnish Act on Emergency Response Centre Operations (692/2010). The details of emergencies reported to ERCs are entered into the ERC information system pursuant to the provisions of the Act.

When calling from the application to the maritime search and rescue emergency number, the location information is provided to the Border Guard, which will associate the information to the maritime search and rescue database for rescue incidents. The disclosure of location information to Border Guard in relation to maritime search and rescue is communicated on the application screen in connection with the phone number in question.

Personal data collected via the application in connection with calls to the national Road User Line are shared with the Traffic Management Centre. The application notifies callers of the disclosure of their data to the operator of the Road User Line before they dial the number.

The controller has authorised Digia Finland Ltd to process subscribers’ personal data on its behalf. The 112 Suomi application is a co-creation of the Emergency Response Centre Agency and Digia. Digia Finland Oy is a Finnish information technology company that supplies information systems to a number of security authorities.

Subscribers’ personal data may also be disclosed on a case-by-case basis to any public authority that makes a request to that effect by virtue of its statutory right to access such data.

Users should note that although the 112 Suomi app only uses the user’s location data and the phone number entered by the user, the phone’s operating system may store information on the use of the app and/or the data it generates in accordance with the operating system’s own use cases, terms and conditions. The Emergency Response Centre Agency has no control over this type of data storage and/or usage.

10. Transmission of data tocountries outside of the EU or the EEA

Personal data are never transmitted to countries outside of the EU or the EEA.

11. Technical and organisational protection measures

Data collected about subscribers are stored in a system that the processor has protected by means of information security software and features of the operating system. Access to the system requires a personal password. The processor has also set up a firewall and taken other technical measures to protect the system. The data held in the system can only be accessed and processed by specific employees of the controller and the processor who have been properly trained and instructed on secure data processing practices. The data are held on the processor’s premises, which are kept locked and equipped with a security system. Personal data collected via the application are stored on Digia Finland Oy’s cloud-based 112 server for a period of 24 hours. The server is located in Finland.

12. Possibility of automated decision-making

The Emergency Response Centre Agency never makes decisions based solely on automated processing. The Emergency Response Centre Agency also does not use the personal data it processes to profile subscribers.

13. Access to personal data

Data subjects have the right to access any personal data concerning them that are held in the data file. Requests to this effect must be made in writing and e-mailed to [email protected] or sent by post to the Emergency Response Centre Agency at PO Box 112, 28131 Pori, FINLAND, with enough personal information to enable the controller to identify the data subject.

14. Data subjects’ rights

Data subjects have the right to receive information on the processing of their personal data, the right to access their data, the right to rectify data, the right to erase data (the right to be forgotten), and the right to restrict data processing. 

The controller must notify every recipient to whom the personal data has been disclosed in the event of the rectification, erasure or restriction of processing of the data unless this proves impossible or requires unreasonable effort. The controller must notify a data subject of these recipients if the data subject so requests.

The procedure for requesting access to personal data is described above in point 13.

15. Withdrawal of consent

Data subjects can withdraw their consent by uninstalling the 112 Suomi application or by disabling location services on their smartphone.

16. Other rights of data subjects in the context of personal data processing
-

17. Right to lodge a complaint with a supervisory authority

ny grievances concerning the processing of personal data should primary be addressed to the controller or the Data Protection Officer. However, data subjects also have the right to complain about the controller’s decisions to a national supervisory authority, which in Finland is the Data Protection Ombudsman. Furthermore, anyone can alert the Data Protection Ombudsman to any potentially unlawful processing of personal data. Website of the Data Protection Ombudsman: www.tietosuoja.fi, visiting address: Ratapihantie 9, 6th floor, 00520 Helsinki, mailing address: PO Box 800, 00521 Helsinki, FINLAND. The Data Protection Ombudsman’s e-mail address is [email protected] and the telephone number for general enquiries is +358 (0)29 566 6700. 

18. Further information

An electronic version of the privacy policy is available on the Emergency Response Centre Agency’s website at www.112.fiOpens in a new tab, Opens in a new tab, and copies can be requested from the registry (Emergency Response Centre Agency, Satakunnankatu 3–5, PO Box 112, 28131 Pori, FINLAND, [email protected], +358 (0)29 548 0112 (general enquiries).