Kela (Kansaneläkelaitos) - Social Insurance Institution of Finland
Nordenskiöldinkatu 12, 00250 Helsinki
PO Box 450, 00056
Tel. 020 634 11
Contact person for data file-related issues
Kanta Services customer service firstname.lastname@example.org
You can send enquiries to the Kanta Services’ data protection officer by e-mail: email@example.com.
Name of data file
MyKanta log data
Purpose of processing personal data / purpose of the data file
The Social Insurance Institution of Finland (hereinafter ‘Kela’) processes personal data in accordance with the EU's General Data Protection Regulation and other laws regulating the processing of personal data.
Under section 6 of the Act on the Electronic Processing of Client Data in Healthcare and Social Welfare (784/2021) and section 17 of the Act on Electronic Prescriptions (61/2007), Kela is responsible for the technical provision and maintenance of the citizen's user interface (hereinafter referred to as MyKanta).
Kela acts as the controller of MyKanta log data file under section 4 of the Act on the Electronic Processing of Client Data in Healthcare and Social Welfare (784/2021).
Logging in to MyKanta requires strong individual identification on the Suomi.fi site using online banking codes, a certificate card or a mobile certificate. The Digital and Population Data Services Agency is responsible for the joint Suomi.fi identification service for public administration e-services.
Information on identification and acting on behalf of another person in MyKanta is stored in the log data file.
The log data are used to verify identifications and transactions carried out on behalf of another person. The data makes it possible to, upon request, ascertain who has logged in to MyKanta and used functions for acting on behalf of another person, when, from which IP address, and on whose behalf.
Log data are also used to compile user statistics and to resolve problem situations (e.g. security-related problems, in which case Kela must verify the user data for the service).
Content of the data file
The data file contains the following data:
- the logged in user’s personal identity code
- time of login
- IP address
- the personal identity code of the person acting on behalf of another person
- the time at which the user acted on behalf of another person
- the grounds for acting on behalf of another person (custody, right of access or authorisation)
- right to act on behalf of another person (information on whether acting on behalf of another person is permitted).
- Data retrieved from the Population Information System (storage 5 years)
- record of death
- date of death
- domicile (permanent place of residence)
Regular sources of data
Log data are recorded when a citizen logs in to MyKanta. The citizen themselves selects an identification method / certification service provider and agrees to provide a personal identity code to the service provider in the identification.
The record of death, the date of death, the name, domicile and the personal data of minor dependants are transmitted by the Population Information System of the Digital and Population Data Services Agency.
The right to act on behalf of another person is provided by the Suomi.fi e-Authorizations service.
Regular disclosure and transfer of data outside the EU or the European Economic Area
No regular disclosure. The data will not be transferred outside the EU or the European Economic Area.
Period for which the personal data are stored
In accordance with the current regulations drawn up by the Ministry of Social Affairs and Health (section 24 of the Decree of the Ministry of Social Affairs and Health on Patient Documents (298/2009) and section 5 of the Decree on Electronic Prescriptions (485/2008)), the period for which the log data are stored is 12 years from their creation.
The data retrieved from the Population Information System contained in the log data are stored for five years, after which the data are destroyed (section 20 of the Act on the Population Information System and the Certificate Services of the Digital and Population Data Services Agency 661/2009).
Principles of data file security
Kela has a data security plan in place to ensure data protection and data security. Kela has a named data protection officer. Kela provides written instructions on the processing of client data and the procedures to be followed, and it ensures that personnel have sufficient expertise and capabilities to process client data as part of their own operations.
The information stored in the MyKanta log data file is technically protected from alteration and erasure. Only certain members of Kela's personnel have individually restricted access to the MyKanta log data file in order to carry out statutory maintenance tasks. Kela is responsible for managing user rights.
Physical protection of locations and devices
Kela's data centres and the physical locations where data are held are in Finland. Access to the data centres is restricted to Kela's technical maintenance personnel as required by their duties.
Right to lodge a complaint with a supervisory authority
If a client finds that their personal data has been processed in breach of the applicable data protection regulations, the client is entitled under Article 77 of the EU’s General Data Protection Regulation and section 21 of the Data Protection Act to lodge a complaint with the competent supervisory authority. In Finland, the supervisory authority is the Data Protection Ombudsman.
Other rights related to the processing of personal data
The client is entitled to request their MyKanta log data from Kela.
The client may act using a power of attorney or as a legal representative on behalf of an adult and request the right to access their MyKanta log data. Kela will verify the person's right to receive the data. The disclosure of data may be refused on legal grounds.
A guardian may request the right to access information on a minor stored in the MyKanta log data. Kela will verify the validity of the custody upon a guardian’s request to access a minor's data. The disclosure of data may be refused on legal grounds.
The log data request can be made using the log data request form, which is available from social welfare and health care service providers, pharmacies and Kela customer service points that have joined the Kanta service. Requests for log data should be directed to Kela (Registry, P.O. Box 450, 00056 Kela). A request for log data may also be made by contacting Kela's Registry by phone or email (firstname.lastname@example.org).
Access to log data dating further back than two years will not be granted without a legitimate reason. The client may not use or disclose the log data received for any other purpose.
The client has the right to receive the same data again if there is a legitimate reason to do so in order to safeguard the client's interests and rights. Kela has the right to charge a fee to cover the costs of providing data that have already been provided.