You are here

Data Protection in the City of Vaasa

Most of the services of the City of Vaasa are based on the implementation of a statutory obligation, public interest or the exercise of public authority.

The processing criterion for personal data

Most of the services of the City of Vaasa are based on the implementation of a statutory obligation, public interest or the exercise of public authority. In such cases, we do not require you to provide separate consent for the processing of your personal information as a data subject. However, as some of the services are personal, to which your personal information is collected based on your consent, we need to ask you to agree to the processing of your information. You also have the right to withdraw your consent at any time.

The EU's Data Protection Regulation (GDPR)

The application of the European Union's Data Protection Regulation (GDPR) began on 25.5.2018. This will not require any action from data subjects, residents or City of Vaasa customers.

The most significant changes will be the even safer handling of registered data and improved rights of registered users.

Rights of a (registered) person

Below are the rights of a data subject. If you wish, you can access the new Privacy Policy in its entirety here.

Right to information

  • A data subject has the right to know what, why and how personal data about him/her is handled. Art13 (Art14)

The right to restrict the processing of data

• If a data subject does not wish to have his/her data handled, the operation must be suspended until the legality of the processing is verified. Art18

Right to rectification of data

• The data user has the right to demand that incorrect or inaccurate information about him/her be corrected without undue delay. Art16

Right to be forgotten

• A data user has the right to request the deletion of his/her personal data from the controller. Art17

The right to access information

• A data subject has the right to know if we are processing personal information about you. If personal data are being processed, a copy of this information must be provided to the data subject. The deadline for submitting the information is one month after the receipt of the request. The deadline for a complex or extensive request for information may be extended by two months. Art15

The right to object

• A data subject has the right, at any time, to object to the processing of his/her personal data, even if it is based on the performance of a task in the public interest or the exercise of public authority. In this case, the data can only be processed if there is a significant and well-reasoned cause that can be demonstrated. Art21

Information on a data breach

• The controller must report a personal data breach to the data subject without undue delay. Art34

The right to lodge a complaint with a supervisory authority

• The data subject has the right to lodge a complaint, in particular to a supervisory authority based on his/her permanent residence or place of work if he/she considers that the processing of personal data violates the EU's general data protection regulation. Art77

User Rights

The City of Vaasa ensures that the rights of the data subject are fulfilled. In practice, this means visiting in person if the information is not accessible through an electronic service. An electronic service, for example via, requires strong identification with bank identifiers, a certificate card, or a mobile certificate, so that the data user can be identified reliably.

Examples of using personal data

The City of Vaasa uses personal data through law-based rights, either to arrange education, for example, or to request personal information (consent) when issuing a library card or renting out a mooring berth, etc.


Personal data is used to implement the service to which it has been provided. Information is only used by the people who need it in their work and are bound by the confidentiality requirement. Personal data processed by computer technology is used with modern information technology that is protected by other firewalls and constantly updated antivirus software.

Additional information

For more information on the databases in use and their privacy statements, please contact the relevant agency/service or the data protection officer tietosuojavastaava(at)