Privacy Statement - 112 Suomi -application

3.9.2024

1. Name of data file

112 Suomi mobile application

2. Controller

Hätäkeskuslaitos
Satakunnankatu 3-5
PL 112
28131 Pori
E-mail: [email protected], phone 0295 480 112 (switchboard)

3. Contact person for enquiries concerning the data file

Senior Software Engineer Sami Suomalainen
PL 112
28131 Pori
E-mail: [email protected], phone 0295 480 112 (switchboard)

4. Data Protection Officer

Data Protection Officer
PL 112
28131 Pori
E-mail: [email protected], phone 0295 480 112 (switchboard)

5. Purpose and legal basis of personal data processing

The 112 Suomi mobile application (“the application”) is free to download from application stores to Android, Huawei, iPhone, Windows and Jolla smartphones, albeit updates are no longer available for the last two. When a call is made to the emergency number (112) via the application, the caller’s telephone number and exact location are automatically communicated to the dispatcher, which speeds up call handling. The telephone number and location data are also transmitted abroad in countries that are part of PEMEA when calling emergency number 112 via the app. Learn more about PEMEA and countries that have joined it.

The application is used to publish public safety alerts and other public announcements transmitted by the Emergency Response Centre Agency. Regional public safety alerts and other public announcements can be sent on the basis of telephone location data. In addition to public safety alerts and other public announcements, Fintraffic’s regional road traffic disruption bulletins are published in the application based on the telephone location data. The user can select whether they want to get notifications about road traffic disruption bulletins. 

The application’s service range includes a list of non-emergency telephone numbers and an option to call the numbers via the app. The list includes the following non-emergency telephone numbers: Maritime search and rescue, Medical Helpline, Police helpline, the national Road User’s Phone Service, Poison Information Centre, Public Service Info, Crisis Helpline, the Mannerheim League for Child Welfare’s helpline for children and young people, Nollalinja violence helpline, the Finnish Ministry for Foreign Affairs’ 24/7 service, the Emergency Response Centre Agency's international emergency number, and the European Missing Child Hotline.

The Services tab also contains a link to the symptom assessment survey on SoteDigi Oy’s Omaolo.fi online service. Information about the user will not be transmitted from the 112 Suomi app to SoteDigi Oy when they use the link to access the symptom assessment survey.

The app also provides a list of the nearest cardiac defibrillators based on the user’s phone location. Use of the service does not result in any information about the user being transmitted to third parties. The application takes the location of the user’s nearest defibrillators from the defi.fi database, which is managed by the Finnish Heart Association, the Finnish Red Cross and the Finnish Resuscitation Council.

The range of services includes a link to the Ministry for Foreign Affairs of Finland online service matkustusilmoitus.fi, where the user can submit a registration of Finns abroad with the Ministry for Foreign Affairs. The application does not communicate user information to the Ministry for Foreign Affairs.

The Emergency Response Centre Agency processes data subjects’ personal data on the basis of their consent pursuant to Article 6.1 of the EU General Data Protection Regulation.

6. Retention of personal data in the data file

The data are kept for a period of 24 hours, after which they are automatically erased.

7. Content of the data file

The application collects the following personal data from subscribers in the application:

  • Telephone number
  • Location data

8. Regular sources of data

After downloading the application on their phone, the user enters their mobile telephone number in the application. The other data are collected automatically via the application. Callers’ location is stored on the service provider’s cloud-based server for a period of one hour after they press the “Call 112” button. The data can only be accessed by the Emergency Response Centre Agency, and the ERC information system only tracks the caller’s location for the duration of the call.

When calling the maritime search and rescue emergency number via the application, the location data is stored on the service provider’s cloud-based server for a period of one hour. These data are only available to the maritime search and rescue command centres maintained by the Border Guard. Pursuant to section 3 of the Maritime Search and Rescue Act (1145/2001), the Border Guard is the maritime search and rescue authority in charge, directing and conducting, for example, maritime search and rescue operations.

The location of smartphones that are used to call the national Road User’s Phone Service via the application is also stored on the service provider’s cloud-based server for a period of one hour. Only the Road User’s Phone Service operator can access the data. Calls to the national Road User’s Phone Service are forwarded to the Road Traffic Centre. The Road Traffic Centres are operated by Fintraffic Tie Oy, which is in charge of managing road traffic on Finnish roads. Fintraffic Tie Oy is part of Fintraffic, which is a state-owned enterprise with a special mandate from the Finnish Ministry of Transport and Communications.

Public safety alerts and other public announcements are sent to all phones on which the application has been installed and that have the continuous use of location data enabled. In this way, the phone will check in the background if there are public safety alerts or public announcements issued in the area of the phone and send a notification to the phone if there is a valid announcement in the area.

Anonymised statistics will be collected on the coverage of the public safety alerts and public announcements. The EU General Data Protection Regulation does not apply to the processing of anonymous data to be used for statistical purposes. For data collection, each installation creates a unique GUID for the application. The GUID uses device data but does not store it anywhere.

To preserve anonymity, the identifying information used for sending statistical data is not used in the app for anything other than for sending statistical data. As a result, no data that could enable the linking of an identifier with a specific user will ever end up in the cloud service. 

In relation to the announcements, the following information is collected for statistical purposes in an anonymised manner:

  • Type of the event to be included in the statistics. For example, alert-activated means that the announcement has been displayed to the user. 
  • Details of the event by type.
  • Unique identifier of the application installation. A random unique identifier created during application installation for linking together the statistical data obtained from the relevant device.
  • Timestamp when the statistics were generated on the device
  • Device distance from the announcement area at the time of occurrence (zero if within the area)
  • Device operating system (for example, Android or iOS) and version
  • Device manufacturer and model
  • Application identifier, always the same for the time being (112 Suomi)
  • Application version

The app asks for permission to access the user’s location and the user’s fitness and exercise data. This permission is used to reduce battery consumption. If the user does not grant permission, this may result in higher battery consumption on the phone. A library included in the app detects when the user is stationary or moving and updates the phone location data accordingly. If this permission is not granted, the location data will be updated even when the user does not move. However, the app works as normal even without this permission. 

9. Transmission, disclosure and recipients of data

Personal data collected via the application in connection with emergency calls are shared with emergency response centres. ERCs get access to the callers’ exact location and telephone number.

The operation of ERCs is governed by the Finnish Act on Emergency Response Centre Operations (692/2010). The details of emergencies reported to ERCs are entered into the ERC information system pursuant to the provisions of the Act.

When calling from the application to the maritime search and rescue emergency number, the location information is provided to the Border Guard, which will associate the information to the maritime search and rescue database for rescue incidents. The disclosure of location information to Border Guard in relation to maritime search and rescue is communicated on the application screen in connection with the phone number in question.

Personal data collected via the application in connection with calls to the national Road User’s Phone Service are shared with the Road Traffic Centre. The application notifies callers of the disclosure of their data to the operator of the Road User’s Phone Service before they dial the number.

The controller has authorised Digia Finland Ltd to process subscribers’ personal data on its behalf. The 112 Suomi application is a co-creation of the Emergency Response Centre Agency and Digia. Digia Finland Oy is a Finnish information technology company that supplies information systems to a number of security authorities. Subscribers’ personal data may also be disclosed on a case-by-case basis to any public authority that makes a request to that effect by virtue of its statutory right to access such data.

Users should note that although the 112 Suomi app only uses the user’s location data and the phone number entered by the user and anonymised statistical data from bulletins, the phone’s operating system may store information on the use of the app and/or the data it generates in accordance with the operating system’s own use cases, terms and conditions. The Emergency Response Centre Agency has no control over this type of data storage and/or usage.

10. Transmission of data tocountries outside of the EU or the EEA

Personal data are never transmitted to countries outside of the EU or the EEA.

11. Technical and organisational protection measures

Data collected about subscribers are stored in a system that the processor has protected by means of information security software and features of the operating system. Access to the system requires a personal password. The processor has also set up a firewall and taken other technical measures to protect the system. The data held in the system can only be accessed and processed by specific employees of the controller and the processor who have been properly trained and instructed on secure data processing practices. The data are held on the processor’s premises, which are kept locked and equipped with a security system.

Personal data collected via the application are stored on Digia Finland Oy’s cloud-based 112 server for a period of 24 hours, after which the information will be automatically destroyed The server is located in Finland.

12. Possibility of automated decision-making

The Emergency Response Centre Agency never makes decisions based solely on automated processing. The Emergency Response Centre Agency also does not use the personal data it processes to profile subscribers.

13. Access to personal data

Data subjects have the right to access any personal data concerning them that are held in the data file. Requests to this effect must be made in writing and e-mailed to [email protected] or sent by post to the Emergency Response Centre Agency at PO Box 112, FI-28131 PORI, Finland, with enough personal information to enable the controller to identify the data subject. When requesting information, please note that the location data provided by the app and the user’s phone number are retained in the cloud service only for 24 hours after the Call button is used, after which the information will be automatically destroyed. 

14. Data subjects’ rights

Data subjects have the right to receive information on the processing of their personal data, the right to access their data, the right to rectify data, the right to erase data (the right to be forgotten), and the right to restrict data processing. 

The controller must notify every recipient to whom the personal data has been disclosed in the event of the rectification, erasure or restriction of processing of the data unless this proves impossible or requires unreasonable effort. The controller must notify a data subject of these recipients if the data subject so requests.

The procedure for requesting access to personal data is described above in section 13. 

15. Withdrawal of consent

Data subjects can withdraw their consent by uninstalling the 112 Suomi application or by disabling location services on their smartphone.

16. Other rights of data subjects in the context of personal data processing
-

17. Right to lodge a complaint with a supervisory authority

Any grievances concerning the processing of personal data should primary be addressed to the controller or the Data Protection Officer. However, data subjects also have the right to complain about the controller’s decisions to a national supervisory authority, which in Finland is the Data Protection Ombudsman. Furthermore, anyone can alert the Data Protection Ombudsman to any potentially unlawful processing of personal data.

Website of the Data Protection Ombudsman: Home | Data Protection Ombudsman’s Office (tietosuoja.fi)
Visiting address: Ratapihantie 9, 6th floor, FI-00520 Helsinki
Mailing address: PO Box 800, FI-00521 HELSINKI, Finland.

The Data Protection Ombudsman’s e-mail address is [email protected] and the telephone number for general enquiries is 0295 666 700.

18. Further information

An electronic version of the privacy policy is available on the Emergency Response Centre Agency’s website at www.112.fi. 

Emergency Response Centre Agency
Satakunnankatu 3–5, PO Box 112, 28131 Pori, FINLAND
[email protected]
+358 (0)29 548 0112 (general enquiries).