This privacy policy applies to the public kanta.fi website. This privacy policy describes how Kela, as controller, processes data about users of the kanta.fi website.
Controller
The Social Insurance Institution of Finland
Nordenskiöldinkatu 12, 00250 Helsinki
Postal address PO Box 450
Postal code 00056
Phone number 020 634 11
Person responsible for register-related issues or contact person
Clients can direct enquiries about the Kanta Services client register to Kanta Services’ customer support at kanta@kanta.fi.
In matters concerning the rights of a data subject, please email enquiries to the Kanta Services’ Data Protection Officer at tietosuoja@kanta.fi.
What data is collected
Essential cookies
The Kanta.fi website only uses cookies that are necessary for the website to function. For example, cookies make it possible for users to log in to kela.fi and remain logged in for the duration of the visit.
Some of the pages of the kanta.fi online service use a chatbot to help the user to find information on the Kanta Services they need more easily. Users interact with the chatbot anonymously. The chatbot does not store any data about the user. The chatbot uses essential cookies only, so no user consent is required.
Visitor statistics
We collect visitor statistics on all visits to our website kanta.fi. You cannot be identified from the data we collect. You can accept or refuse the collection of web analytics data
We use the Matomo analytics tool to collect visitor statistics. Matomo does not store cookies or any other information on your device, such as your phone. The Matomo analytics tool is not used for digital services such as MyKanta. Web analytics data is also not combined with Kanta Extranet’s login data.
For more information about cookies, web analytics statistics and their retention periods, please see Cookies and web analytics.
Social media data
The Kanta Services have social media accounts on Facebook, Instagram, LinkedIn and YouTube. The social media channels and Kela are joint controllers of web traffic data.
For further information on personal data processing, please see the privacy policy for each social media channel.
Information on forms
There are forms on the Kanta.fi website that may require you to fill in personal data.
Below are explanations of the purpose of each form and of how the responses submitted using these forms are stored.
Contact form
Private individuals can send feedback or ask questions about the Kanta Services using the contact form. Messages sent using this form are processed by the Kanta Services’ customer service. These messages are not forwarded to health care services, and customer service does not deal with matters regarding personal care or treatment. Name and address details entered on the contact form are only used for responding to a question or feedback submitted by a customer. The data are collected for one-off use.
The data are not used for any other purpose. If the contact leads to a request for action, the stored data will be stored for a maximum of 6 years. The data are retained for the purpose of investigating disruption, for confirming any changes made, and for making entries in the change and disruption logs specified in the Kela information management plan.
Accessibility feedback or request form
The accessibility feedback or request form is for submitting feedback on the accessibility of the kanta.fi website or for submitting an accessibility request. Messages sent using this form are processed by IT customer support. Name and address details entered on the form are only used for responding to a question or feedback submitted by a customer. The data are collected for one-off use. The data are not used for any other purpose. If the contact leads to a change request, the stored data will be stored for a maximum of 6 years. The purpose of data storage is to verify and record changes in accordance with Kela's information management plan.
The Order brochures form
Kela orders brochures and forms for partner organisations through a contract supplier’s online store. The contract supplier receives address data in connection with order, which results in the forming of an address data file.
Read more at Privacy Policy for Kela’s brochure and form supplier’s address data file.
Right of access to your data
In accordance with Article 15 of the EU General Data Protection Regulation (2016/679), data subjects have the right to access the data stored about them on the client register.
The representative of the client organisation is entitled to check the data recorded of themselves in the client register. A free-form and individualised request is sent by email to kirjaamo@kela.fi.
Right to request rectification of inaccurate data
According to Article 16 of the EU General Data Protection Regulation (2016/679), the data subject has the right to obtain the rectification of inaccurate personal data concerning them.
A client using the Kanta service may correct their contact details related to their client account in the Kanta Ekstranet service or request correction via the Kanta service customer service kanta@kanta.fi.
Right to lodge a complaint to the regulatory authority
If a client finds that their personal data have been processed in breach of the applicable data protection regulations, the client is entitled under Article 77 of the EU General Data Protection Regulation and section 21 of the Data Protection Act to lodge a complaint with the competent supervisory authority. In Finland, the supervisory authority is the Data Protection Ombudsman.
Other rights related to the processing of personal data
The client register of the Kanta services is a service implemented and maintained by Kela. Kela’s operations are based on the national legislation. As a result of this, the data subject's right to erasure of data by virtue of Article 17 of the EU's General Data Protection Regulation and the data subject’s right to transmit the data from one system to another by virtue of Article 20 of the regulation shall not be applied to data recorded in the Kanta client register. The client data recorded in the client register will be destroyed after the retention period.