Services and instructions

A data permit is a fixed-term authorisation granted by a public authority to use individual-level personal data for a specific, clearly defined purpose, such as research or compiling statistics.

A permit is granted only for a justified reason, and the consent of each individual is not required. Authorities such as Findata, Kela, or wellbeing services counties are responsible for ensuring that data is used lawfully and responsibly.

The permit holder is given access only to the data necessary for the research. The dataset is delivered in pseudonymised form: names and personal identity codes are replaced with codes, so individuals cannot be identified. The data may only be processed in a secure processing environment without an internet connection, and only named individuals are granted access.

Read more:

• Data permits
• Conditions of data permit

Findata is the social and health data permit authority in Finland. It was established in 2019, and its operations are based on the Act on the Secondary Use of Health and Social Data, commonly known as the Secondary Use Act.

We grant data permits for the secondary use of health and social data when the data is needed from multiple public data controllers, from the private sector, from Findata’s ready-made datasets, or from the Kanta Services. We compile and preprocess the datasets with strict attention to protecting individuals’ privacy.

Findata also maintains the secure Kapseli® processing environment, where individual-level data is processed safely.

• Findata as an organisation
• Act on the Secondary Use of Health and Social Data (PDF file, 5.4 mb).

Before individual-level data obtained under a data permit is released to the permit holder, Findata processes it in a way that significantly reduces the possibility of identifying individuals.

Direct identifiers, such as names and personal identity codes, are removed from the dataset and replaced with codes. This is called pseudonymisation. In addition, precise data may be generalised. For example, a postcode may be replaced with a region, or a date of birth with a year of birth.

Pseudonymised data may only be processed in a secure environment without an internet connection. The permit holder commits to conditions that prohibit any attempts to identify individuals.

For statistical-level data requests, fully anonymous data is provided. This data describes population groups rather than individuals, and individuals cannot be identified from it.

Identifiable data is only released for particularly justified reasons.

The secondary use of social and health data is only permitted for purposes defined by law, such as:

• Education
• Scientific research
• Statistics
• Planning and reporting duty of an authority
• Development and innovation activities
• Knowledge management
• Steering and supervision of social and health care by authorities

Different types of data are available for different purposes:

• Individual-level, pseudonymised data is available for research, statistics, planning and reporting tasks of public authorities, and education.
• Anonymous, aggregated statistical data is available not only for the above-mentioned purposes, but also for development and innovation activities, knowledge management, and the steering and supervision of social and healthcare services.

In addition, wellbeing services counties and other service providers may use the data recorded in their own registers without a separate permit for purposes such as planning and evaluating their operations.

All data permit and data request decisions made by Findata are public. You can view them here: Issued permits

Permits granted by Findata cover register-based data from Finnish social and healthcare services. This refers to data generated when people use social and health services.

Register data is stored, for example, in patient and client information systems of wellbeing services counties, national registers, and the Kanta Services.

Findata grants data permits and data request decisions for the secondary use of health and social data when the application concerns:

• data from several public health and social sector data controllers
• register data from private social and health service providers
• data stored in the Kanta Services
• Findata’s ready-made datasets
• data from controllers that have transferred their permit authority to Findata

Read more: Data

Anyone may apply for a permit, but it is only granted for the purposes defined in law and for projects that meet the permit criteria and data protection requirements. Each application is assessed individually, and data is only released for necessary use.

Data permits and data request decisions are official administrative decisions. The decision process has two stages: the application handler acts as the presenter, and the Director of Findata or their deputy makes the final decision.

A proposed decision does not always lead directly to a permit being granted. Sometimes the application is returned for further preparation or requires modifications.

The secondary use of health and social data is governed by several laws that safeguard privacy and define the conditions under which data may be processed.

The EU General Data Protection Regulation (GDPR) regulates all processing of personal data across the EU. It applies whenever personal data is processed.

The regulation on the European Health Data Space (EHDS) creates a common EU framework for the use and exchange of health data, harmonises the use of health data across the EU, and strengthens individuals’ rights to their own data. The regulation entered into force in March 2025 and will be implemented gradually. The provisions concerning secondary use will apply from March 2029.

The Finnish Data Protection Act complements the GDPR at national level. It specifies when sensitive personal data, such as health data, may be processed in Finland.

The Finnish Act on the Secondary Use of Health and Social Data (the Secondary Use Act) regulates the secondary use of health and social data in Finland. Findata’s operations are based on the Secondary Use Act. The Act was amended in 2025.

Other key laws include:

• Act on the Processing of Client Data in Healthcare and Social Welfare
• Medical Research Act
• Clinical Trials on Medicinal Products for Human Use Act
• Act on the Medical Use of Human Organs, Tissues and Cells
• Biobank Act

Read more:

• Legislation
• European Health Data Space (EHDS)
• Act on the Secondary Use of Health and Social Data (PDF file, 5.4 mb).

Using health and social data for secondary purposes, such as registry-based research, benefits society in many ways.

By combining registry data from large populations, it is possible to generate new knowledge that helps develop, for example, treatments for diseases or practices in social services.

Practical benefits for citizens include:

• When treatment guidelines are studied and developed, it ensures that care is based on up-to-date research evidence
• Medicines can be made safer and their side effects can be monitored
• New health technology can be developed, such as applications and devices that support treatment
• Hospital and health centre services can be improved and streamlined as processes can be developed and studied
• Research evidence supports decision-making that promotes public health and reduces wellbeing gaps

Read more: Issued permits

Several authorities supervise Findata’s operation to ensure that the granting of data permits and the processing of data are carried out in accordance with the law.

Key supervisory bodies include:

• Data Protection Ombudsman, who supervises the processing of personal data and compliance with data protection legislation
• Parliamentary Ombudsman, who oversees the lawfulness of authorities’ activities
• Finnish Supervisory Agency, who supervises secure processing environments

In addition, Findata’s operation is guided and developed by a steering group appointed by the Ministry of Social Affairs and Health, which includes representatives from the ministry and data controllers.

When you object to the secondary use of your data through Findata:

• Your request is recorded in the case management system maintained by the Finnish Institute for Health and Welfare (THL).
• Your data will be removed from datasets received by Findata based on your personal identity code. Therefore, we must retain and process your personal identity code to implement the request.

The European Health Data Space (EHDS) is a regulation of the European Union that establishes a common framework for the use and exchange of health data in EU countries. The aim of the regulation is to strengthen citizens’ rights to their own electronic health data and to enable the secure cross-border secondary use of health data.

The EHDS regulation is similar to the current Finnish Secondary Use Act, but it also introduces changes. The regulation includes partly different purposes of use, some of which are reserved only for public or EU entities. In addition, new operating models will be introduced for processing data requests and permit applications.

The regulation entered into force in March 2025 and will be implemented gradually over the coming years. The parts concerning secondary use will begin to apply in March 2029.

Findata’s legal basis for processing personal data are:

• Article 6, (1)(e) of the EU’s General Data Protection Regulation: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
• Article 4(1)(2) of the Data Protection Act: processing of data that is provided for by the law or that is directly attributable to the controller for the task prescribed by the law

We also process data belonging to special categories of personal data, formerly known as sensitive data. Such data includes, for example, a person’s health data.

The grounds for processing this kind of personal data are:

• Article 9(2)(g) of the EU General Data Protection Regulation: processing is necessary for the performance of a task carried out in the public interest or the exercise of public authority
• Section 6(1)(2) of the Data Protection Act: processing is necessary and proportionate for the performance of a task carried out in the public interest by a public authority

See more information on how we process personal data

Anonymisation means the transformation of personal data into a form that irreversibly prevents the identification of an individual person. This may mean, for example, removing direct identifiers and simplifying the data to a general level so that personal data cannot be reconstituted in any way.

Pseudonymisation refers to the transformation of personal data, for example into a coded form. In this case, names and personal identifiers can be removed and replaced by another unique identifier, i.e. a code. Often a code key is kept to restore direct personal data to the data. Pseudonymised data are still personal data.

Findata grants most permits to projects based in Finland. However, the permit holder may also be located in another EU or EEA country. Even in such cases, the data must be processed in a secure environment and only for the purposes defined in the permit.

As a rule, Findata does not transfer personal data outside the EU or EEA. Exceptions may only be made for a specific reason and when the legal requirements for data protection and information security are met.

Findata does not sell data.

We operate as the Finnish Data Permit Authority, responsible for granting permits for the secondary use of social and health data only when there is a statutory basis, such as public interest, and a defined purpose, such as scientific research. Data permits are always granted for a fixed period, after which the datasets are destroyed.

We do not set our own service fees. Our charges are based on the fee decree issued by the Ministry of Social Affairs and Health.

You have the right to object to the processing of your personal data for secondary use, such as research. Once you submit an objection request to Findata, we will no longer disclose your data for secondary use to permit holders.

An objection request submitted to Findata:

• is valid indefinitely
• does not remove data that has already been disclosed from existing datasets
• can be submitted via Findata’s e-service (asiointi.findata.fi), by post, or in person at THL

An objection submitted to Findata does not prevent other data controllers from disclosing your data for secondary use. Therefore, objections must be submitted separately to each data controller.

See Findata’s instructions: How to exercise your rights

Primary use means the purpose for which the data was originally saved in the customer register and/or patient register.

The primary purpose may be, for example,

• examination, treatment and rehabilitation of the patient,
• the service received by a social welfare customer,
• or the processing of benefits by the Social Insurance Institution of Finland (Kela).

Secondary use means the use of the same data for purposes other than the primary use.

Legitimate secondary purposes of use include

• scientific research,
• statistics,
• development and innovation activities,
• education,
• knowledge management,
• steering and supervision by authorities and
• the planning and reporting duty of an authority.

Different purposes of use are subject to different regulations. Only aggregated statistics from which individuals cannot be identified may be obtained for development and innovation activities.

1. Contact data controllers directly for additional information on data or variables.
   • Data controllers provide additional information about their own datasets.
   • You may also request a cost estimate and an assessment of the feasibility of the data extraction.
   • Use the extraction description form to define your data extractions.
     • Extraction description form (download Word file, 51.2 kb)
   • Use tabulation plan to describe the statistics generation if you are applying for a statistical data.
     • Tabulation plan (download Excel file, 19,2 kB)
   • If you agree on any special arrangements with the data controller, please mention these in the Additional information section of your application.
2. Submit your application via Findata’s e-service
   • Log in to the e-service: asiointi.findata.fi
3. Findata reviews the application and invites you to an online meeting
   • We review applications within approximately one week of submission.
   • We invite the applicant to a Teams meeting to go through the application and ask clarifying questions if needed.
   • We may ask you to supplement the application.
4. Findata requests cost estimates and additional information from data controllers
   • Once the extraction descriptions are complete, we will send requests for additional information and cost estimates to the relevant data controllers.
   • Data controllers have 15 working days to respond.
   • If further clarification is needed, data controllers may send questions via Findata to the applicant.
5. Findata compiles the cost estimates from data controllers and Findata’s own data processing costs and sends them to the applicant.
   • After receiving the cost estimates from data controllers, we assess the working time and costs required for data processing.
   • We then deliver the final extraction description and cost estimate to the applicant.
   • The extraction description must be approved before a permit can be granted.
     • Extraction terms cannot be changed after approval. Any later changes to the extracted data require a separate application.
6. Findata issues a decision
   • Data permits are for a fixed period.
   • If data needs to be retained, for example for research verification purposes, or if permit renewal or regular updates of data extractions are expected, please indicate this in the application.

7. Findata sends data extraction requests to controllers who extract the data
   • Each controller has 30 working days to submit the requested data to Findata.
   • The extraction may involve multiple steps, such as:
     • Extraction of the target group
     • Extraction of controls
     • Extraction of additional data
   • Each step can take up to 30 working days, potentially totaling up to 90 working days.
8. Findata pre-processes the extracted data
   • We will review, combine, and pseudonymise the data or generate statistics according to the data request.
9. Findata delivers the data to the permit holder
   • The processed data will be provided to a secure processing environment (SPE), typically in CSV format.
   • Data may be disclosed to any SPE compliant with the Act on Secondary Use.
   • The target time for delivering the data is 60 working days.
     • This timeframe may be extended if the target group is not provided immediately, if extraction is conducted in multiple stages, if there are delays from controllers, or if the data is particularly complex.
10. Permit holder reviews the data
    • You have three months to review the data and notify Findata of any discrepancies or comments.
    • Thoroughly check the data, as errors can lead to additional work.
      • For example, errors that occur during extraction can accumulate, such as if the target group is formed incorrectly, requiring additional extractions from other controllers.
    • If you find omissions or errors, email Findata at data@findata.fi with detailed descriptions of how your data differs from the extraction description.
11. Findata deletes the data from its own processing systems once the retention period has expired.
    • We remove the datasets from our systems four months after delivery.
    • We retain the code keys for pseudonymised data to allow reproduction if needed.
    • Data permits are for a fixed period.
      • If you need to save data for purposes like research verification, plan to renew the permit, or require regular updates, include these needs in your application.

Submit your data permit, data request or amendment permit application to Findata if you want to apply for:

• Data from several public social and health sector controllers covered by the Secondary Use Act.
• Data from a single public controller that has transferred the right to issue permits to Findata (see list of these)
• Data from one or more private social welfare and health care service organisers.
• Customer data saved in the Kanta Services.
• Findata’s ready-made dataset.

You can check authority with Application Assistant.

A data controller is a person or organisation that decides on the processing of personal data. They are responsible for ensuring that data processing is carried out securely and appropriately, and that the data is either destroyed or archived properly once the research is completed.

If the researcher is employed by the organisation conducting the research, that organisation acts as the data controller. However, an independent researcher or research group can act as the data controller themselves.

If multiple organisations jointly decide on the processing of personal data, they act as joint data controllers. In such cases, it is important to clearly agree on the responsibilities of each party.

Data authorised by Findata can be processed in the same processing environment as other data, such as data collected by the applicant themselves or data obtained under a separate permit. At Findata, this is referred to as combining data.

Combining data is possible in:

• the centralised permit model (Findata as the sole permit authority), and
• the distributed permit model (multiple organisations granting permits, one of which is Findata)

As a rule, combining data is the responsibility of Findata or Statistics Finland.

Read more: Combining datasets authorised by Findata with other data sources

Data controllers deliver the extracted datasets to Findata via secure Tunnel and Supertunnel transfer services.

Instructions for data controllers on delivering extracted datasets: Data transfers

You can apply for data from Findata for your thesis if you are working on a thesis for at least a higher university degree. In your application, please specify your educational institution, the degree being pursued, the thesis author, and the thesis supervisor.

The licence fees for theses are reduced. The reduced thesis licence fee applies when producing a single thesis. If the project produces multiple theses or other outputs unrelated to the thesis, the normal or extended licence fee will apply.

1. Consider necessity: Determine if textual data is essential for conducting your research.
   • The need for unstructured data must always be justified. Often, similar information can be extracted in a structured format.
   • We mask direct identifiers in textual data, which affects the usability of the data.
   • Processing textual data takes time and significantly increases costs.
2. Request insights from the data controller on appropriate keywords.
   • The data controller is best positioned to assess which keywords will yield the most comprehensive results without extraneous information.
   • For example, the keyword pressure will produce all records related to pressure, such as blood pressure, eye pressure, etc. If the research focus is on blood pressure, the extracted textual data will contain a substantial amount of unnecessary information.
3. Specify the length of the text snippet to be extracted on a variable-by-variable basis.
   • The text snippet should be as short as possible.
   • Request the data controller’s view on the length of the text to be extracted.
     • For instance, keyword +/- 50 characters.
4. Ensure the extraction is scoped appropriately.
   • If the extraction can be limited to the information from a specific department or field of treatment instead of the entire healthcare district’s database, the amount of text to be extracted and the processing costs will be significantly lower.

Applications received by Findata are confidential, while Findata’s decisions are public. If a data controller has a statutory right to access information about the application’s contents, Findata may, on a case-by-case basis, provide the data controller with information about the data to be extracted and the formation of the target group.

A data utilisation plan refers to a research plan, project plan, or a similar plan.

The plan must specify:

• the purpose of using the data as stated in the permit application,
• the data controller and processors,
• the legal basis for processing, and
• essential aspects related to data protection and information security covering the entire data lifecycle (storage, disposal, or archiving of data).

The essential elements of the data utilisation plan are addressed in Findata’s application forms.

Common criteria for scientific research include, for example:

• the research is based on an appropriate research plan,
• the research has a responsible person or a responsible group,
• the research participates in scientific discourse, meaning the results are intended to be published according to scientific principles, for example in scientific journals or as a thesis,
• the research produces new knowledge or promotes public health or wellbeing,
• the research has a research permit granted by the relevant organisation, if such a permit is required,
• medical research has a favourable statement from an ethics committee.

An appropriate scientific research plan typically includes, for example:

• background information,
• definition of the information needs the research aims to address,
• setting goals and research questions,
• description of the required data and methods, and
• consideration of ethical perspectives.

Processing time for your application depends on several factors, including the clarity of your application, our current processing load, and response times from data controllers. To expedite the process:

• Complete the application carefully ensuring all sections are filled out thoroughly and accurately.
• Attach all previous permit decisions to your application.
• Attach to your application all previous non-disclosure agreements (NDA). Each person handling the material to be added must have their own NDA.
• Use Findata’s advisory service for additional support and clarification.

For more information, visit the Data page or check the Data Resources Catalogue (aineistokatalogi.fi).

The European Health Data Space (EHDS) is a regulation of the European Union that establishes a common framework for the use and exchange of health data in EU countries. The aim of the regulation is to strengthen citizens’ rights to their own electronic health data and to enable the secure cross-border secondary use of health data.

The EHDS regulation is similar to the current Finnish Secondary Use Act, but it also introduces changes. The regulation includes partly different purposes of use, some of which are reserved only for public or EU entities. In addition, new operating models will be introduced for processing data requests and permit applications.

The regulation entered into force in March 2025 and will be implemented gradually over the coming years. The parts concerning secondary use will begin to apply in March 2029.

Personal data are pieces of information that can be used to identify an individual either directly or indirectly.

Examples of personal data that allow direct identification include:

• name,
• personal identity code,
• email address based on the person’s name, and
• biometric identifiers such as fingerprints, facial images, voice, and iris patterns.

Examples of personal data that allow indirect or partial identification include:

• gender,
• age,
• education, and
• nationality.

Indirect or partial identifiers can also be combined to identify a person. Therefore, removing or replacing direct personal identifiers does not necessarily mean that the data no longer contains personal data.

Special categories (or sensitive) personal data include, for example:

• ethnic origin,
• sexual orientation or behaviour,
• health data,
• biometric data, and
• genetic data.

Highly protected personal data include, for example:

• psychiatric data,
• social welfare data, and
• data related to sexually transmitted diseases and medical genetics.

For instructions on how data controllers can submit extracted data, see the Data transfers to Findata -page.

Anonymisation means the transformation of personal data into a form that irreversibly prevents the identification of an individual person. This may mean, for example, removing direct identifiers and simplifying the data to a general level so that personal data cannot be reconstituted in any way.

Pseudonymisation refers to the transformation of personal data, for example into a coded form. In this case, names and personal identifiers can be removed and replaced by another unique identifier, i.e. a code. Often a code key is kept to restore direct personal data to the data. Pseudonymised data are still personal data.

Yes, you can, if this is okay with the controller. The controller has the right to determine independently the manner in which it carries out the extraction, and it has the right to use an external processor to carry out the data extraction.

If such processors are used, the EU General Data Protection Regulation (GDPR) requires that a data protection agreement (DPA) covering the processing of personal data is signed with them. The controller is ultimately responsible for ensuring that the personal data is processed in a legal manner. The processor, meanwhile, is responsible for ensuring that it complies with the terms of the DPA and the instructions of the controller.

The collected data must be delivered to Findata securely via the transfer service Tunneli, after which we combine and pre-process them.

Unfortunately, you cannot yourself modify an application after it has sent.

If you want to supplement an application that has already been sent, send us an email to info@findata.fi and tell us your application’s ID (e.g. 2022/53). We will return the application so you can supplement it.

1. Check whether Findata is the competent authority to issue a permit for the data you need.
   • Use Application assistant
   • If you are unsure where your application should be submitted, please contact our advisory service before submitting your application: info@findata.fi.
2. If you need more information about the data or variables, contact the relevant data controllers directly.
   • Data controllers provide advisory services for their data and can guide you on data extraction methods.
   • You may also agree on the details of data extraction directly with the data controller. If you do so, please include the name of the person you have agreed this with in your application.
   • Read more: Links to data controllers’ websites and data descriptions
3. Specify your data needs and dataset extraction requirements as precisely as possible for each data controller.
   • Use the extraction description form to define your data extractions: Extraction description form (Word file, 51.2 kb)
   • Use tabulation plan form to describe the statistics generation if you are applying for a statistical: Tabulation plan (Excel file, 19,2 kB)
   • Use the Data Resources Catalogue (aineistokatalogi.fi)
4. Ensure appropriate scope of data extraction
   • The disclosure of personal data is governed by the GDPR principle of data minimisation. This means that only the data that is strictly necessary may be disclosed.
   • Data extraction may still be broad, as long as the need for the data is justified.
5. Complete your application carefully
   • Pay particular attention to basic information such as the applicant, the data controller of the dataset to be disclosed, billing details, and any other datasets to be linked.

Before logging in, make sure your username has been registered and is ready to use.

If you’re unsure, contact your Findata contact person or the Kapseli helpdesk: kapseli@findata.fi.

How to log in to Kapseli

1. Install and activate the Duo Mobile app (duo.com)
   • Download Duo Mobile (by Duo Security Inc.) from your phone’s app store.
   • If you’ve already installed and activated the app, skip to step 2.
   • After ordering Kapseli, you will receive an activation message at the phone number you provided.
   • Open the message and click the link to activate Duo Mobile.
2. Log in to Kapseli
   • Go to kapseli.findata.fi using your computer’s browser.
   • Select the identification method you chose when registering.
   • Choose your processing environment. (If you only have one, the system moves on automatically.)
3. Complete two-factor authentication
   • A login notification will appear in Duo Mobile on your phone.
   • Tap Approve in the app to continue.
4. You are now logged in to the Kapseli environment.

If you get an error message, e.g. “400 bad request header field too long”, try the following:

• Make sure you are using your organisation’s network (VPN).
• Try to log in to Kapseli with another browser. Supported browsers are Chrome and Firefox. Please note that the Virtu-service does not work in Firefox.
• Try logging in to Kapseli in incognito mode or delete cookies from your browser.

The problem may also occur because you are trying to log in from a different IP address than the one you have provided to Findata.

The IP address you have provided may be a private one, or it may be a single address from a wider network range of the organisation, in which case it may vary within the range. In these cases, please check with your organisation’s support to find out what your correct IP address is. It can be a single public IP address or the IP address of an entire network domain. Deliver your correct IP address to the Kapseli helpdesk so that the firewall can be opened.

Verify your IP address here (apps.csc.fi)

If these steps do not help, please contact the Kapseli helpdesk and explain the steps you have taken in your message.

Kapseli Helpdesk: kapseli@findata.fi

There are two ways to stop using the remote desktop.

• Sign out is located behind the human figure at the bottom left. You should use this option when you have finished processing the data. When you exit from Sign out, you release the resources on the remote workstation.
• Disconnect is located behind the Power button. Use this option if you need to leave analyses  running when you leave the workstation. The resources will then remain reserved.

After both options, you will see the options Reconnect and Logout. Select Logout when stopping the use of the system. Close your browser unless you want to log back in.

Yes, it is possible to install your own software in Kapseli if certain conditions are met.

The software can be either open access or licence-based. If a licence is required, you are responsible for obtaining and providing it. The software must be installable and usable in a closed environment, as Kapseli is not connected to the internet.

Before installation, Findata will assess the software’s information security and compatibility with the Kapseli environment. However, we cannot test the software or guarantee that it will function as intended.

To request an installation, you must:

• Test the software to ensure it works in Kapseli.
• Provide a valid licence (if required)
• Include clear installation instructions
• Ensure the software can be used without internet access
• Supply all necessary information to install and use the software

Installation costs will be charged even if the software cannot be used in Kapseli as intended.

See pricing here: Pricing

You can pause your Kapseli processing environment, after which the current machine package will be disabled for the duration of the pause. During the pause, we maintain the processing environment and the materials within, but the users do not have access to it.

The pause service is subject to a fee.

Read more: Kapseli pause service

SPSS, SAS and Stata require a valid software licence to work.

Please send an email to kapseli@findata.fi with the Kapseli ID (e.g. A01) and the software for which the license needs to be updated.

The activation link is valid for 7 days.

If the link has expired, contact the Kapseli Helpdesk to request a new activation link.

Kapseli Helpdesk: kapseli@findata.fi

Contact the Kapseli Helpdesk and request a new activation link.

Kapseli Helpdesk: kapseli@findata.fi

Log out of Kapseli by clicking on the Log out button. Note: Do not disconnect! The Logout button can be found in the bottom left corner of the Windows Start menu. It is located behind the character icon. Once you have logged out of the Kapseli, log back in. This will end the entire session and often helps in situations where temporary files are the cause of a hang or memory loss.

You can check your machine’s resource usage during analyses from the Performance and Users tabs of the Task Manager. This allows you to see if the program is running out of memory and how much each user is consuming resources. You can find Task Manager in the Windows menu.

If these measures do not help, contact the Kapseli Helpdesk and tell them about the measures you have taken in your message.

Kapseli Helpdesk: kapseli@findata.fi

If you have not logged into Kapseli for three months, your DUO Mobile activation period will expire. You will receive a message saying “User not enrolled in Duo”.

In these cases, please contact the Kapseli Help Desk and ask to reopen your DUO connection.

Kapseli Helpdesk: kapseli@findata.fi

Make sure that you have disconnected or logged out of Kapseli after receiving a response from the administrator that repairs or changes have been made. Some changes do not take effect in the middle of a session, so you will need to log back into Kapseli for them to take effect.

If the problem is not resolved after logging back in, please report it to the Kapseli Helpdesk: kapseli@findata.fi.

If your account is locked out, you will receive an error message saying “Your account has been locked out due to excessive authentication failures. Please contact your administrator.”

Account lockout is usually caused by too many login attempts. A locked account will usually unlock within 20 minutes. If your account does not unlock within 20 minutes, please contact the Kapseli Helpdesk: kapseli@findata.fi.

This depends on the controller. The data controllers determine their own collection fees on the basis of their own regulations.

Findata’s prices are based on the decree of the Ministry of Social Affairs and Health on charges for work carried out by the Health and Social Data Permit Authority.

With the exception of Kapseli, the service prices are for actions under public law that are based on cost value (VAT 0 %). The prices for Kapseli’s services are commercially priced paid services with 25,5% VAT.

The data controllers determine their own costs on the basis of their own regulations.

On the page Average costs estimates (in Finnish), you can find the average, range and median calculated from the maximum cost estimates. The data is updated quarterly.

You can find the average, the range and the median calculated from the maximum cost estimates for data extractions in Finnish on the Average Cost Estimates page. We update the data quarterly.

Possibly. Any inconsistencies between the applicant and the invoiced party (e.g. the payer is not the applicant) can be clarified where necessary in the ‘Additional information’ section.

E-invoicing is the primary invoicing method. Paper invoices are only possible in exceptional cases. As a rule, however, the invoice recipient are organisations that only accept e-invoices. If necessary, ask for more information from your organisation’s financial department.