Users of the Kapseli agree to abide by the standard terms and conditions, which can be found below.
- Anyone who as a need or desire to use the FinData Environment must submit a separate order to Findata. The order is made by filling in the electronic order form using strong identification and sending it to Findata. Findata accepts the order if the requirements for approval are met. Findata has the right to refuse to accept an order if there is no legal basis for it.
- An order requesting use of the Environment can be made for data for which Findata has made a permit decision and/or for other data. A requirement for the export of other data into the Environment is that Findata has been able to verify the reliability of the data in question and that the appropriate permits or other legal grounds for processing the data are in place. Findata has the right to refuse to export data to the Environment if Findata considers that there is no legal basis for providing it.
Export of data to the Environment
- Findata exports the data to the Environment once the order has been approved, the data has arrived to Findata from the controllers, and Findata has reviewed them and, if necessary, pre-processed, pseudonymised or anonymised them.
- In the case of data for which Findata itself has granted a permit, Findata ensures that the data in question is exported to the Environment and notifies the permit holder when the data is ready for processing.
- In the case of other data, Findata gives instructions to the customer on the format required and how the customer should deliver the data to Findata for export to the Environment.
Logging in to the Environment
- Logging in to the Environment takes place in two stages: a Suomi.fi login combined with a separate link via mobile connection.
- Findata provides more detailed instructions on how to log in to the Environment for those who do not have the opportunity or who cannot log in using Suomi.fi e-Identification.
- Individuals who have received access rights must take care to ensure the secure use and storage of the identification tools used for logging in.
Checking the data and reporting errors
- The permit holder must check that the data is as it should be. Any suspected errors or deviations must be reported to Findata without delay and no later than 30 days after the permit holder has obtained access to the data.
- The data must be processed in the Environment for the purpose and in the manner required by either the official permit concerning the data, any decision of the ethics committee, or any other legal basis for the processing.
- When processing the data, it must be ensured that confidential information is not passed on in any way to third parties.
Processing of personal data: controller and personal data processor
- Findata subcontracts the technical maintenance and development of the Environment to IT Center for Science Ltd (CSC). CSC handles the personal data on behalf of Findata. CSC staff have received the basic Finnish Security Intelligence Service security clearance. CSC has granted access to the Environment only to those persons who require this in order to carry out their duties. When using CSC as a personal data processor, Findata complies with the requirements for the use of a separate data processor as referred to in Article 28 and sections 2 and 4 of the GDPR.
- Under the GDPR, the controller is responsible for responding to requests from data subjects regarding the data in the Environment. Findata shall, where possible, assist the controller with appropriate technical and organisational measures to fulfil the controller’s obligation to respond to requests relating to data subjects’ rights under the GDPR. Findata has the right to charge the controller for the costs incurred in these assistance tasks.
- Findata helps the controller to ensure compliance with their obligations under Articles 32–36 of the GDPR concerning data processing security, data security breaches and data protection impact assessments and related prior consultations, while taking into account the nature of the data processing and the information available to Findata.
Prices and invoicing
- The use of the Environment is subject to a fee. The prices are listed on the FinData website.
- Findata confirms the prices at regular intervals. Findata reserves the right to change the prices for use of the Environment where there are justified grounds for doing so.
- Findata has the right to remove the customer’s access rights if the subscriber fails to pay the invoice for use of the Environment despite receiving a payment reminder.
Terminating use of the Environment
- The data may be processed in the Environment for as long as the relevant official permit or other legal basis for the processing of the data remains valid. A further requirement is that the order is valid and the invoices for use of the Environment have been paid.
- Findata stores the data for 6 months after the expiry of the permit, unless the permit expressly states otherwise.