Date / edited on 21 February 2023
1. Controller
Crisis Management Centre Finland (CMC Finland)
Contact details:
Ratapihantie 9, 6th floor
00520 Helsinki
tel. +358 295 480 171 (Ministry of the Interior’s switchboard)
2. Contact person in matters concerning the filing system
Chief Specialist
Jari Mustonen
tel. +358 295 453 695
jari.mustonen(at)cmcfinland.fi
Ministry of the Interior’s Data Protection Officer:
Mikko Levämäki
tel. +358 295 488 351
tietosuojavastaava.sm(at)govsec.fi
3. Name of the filing system
Register of experts in civilian crisis management
4. Purpose of the processing of personal data / purpose of the filing system
The data entered in the register may be used for recruiting experts to crisis management missions, for employers’ personnel management, for training and exercise activities, and for maintaining information on employment relationships, operational information and situation awareness.
CMC Finland can use the data for research, which aims to develop the Centre’s statutory core functions and international crisis management.
The register of experts is intended for storing data on experts trained by the Crisis Management Centre and recruited for civilian crisis management missions. The data is stored in accordance with the current legislation. (Chapter 3 of the Act on the Participation of Civilians in Crisis Management (1287/2004).
5. Content of the filing system
The register of experts contains personal data on experts and information on their education and work experience. The register also contains information on the availability and employment relationship of experts.
The following data is stored in the register of experts:
• name, personal identity code or date of birth, nationality and mother tongue, driving licence categories and bank account details
• contact details: home address, email addresses (personal, work, mission), telephone numbers (personal, work, CMC phone, satellite)
• name and telephone numbers of next of kin
• information related to employment relationship and information on candidature proposal for crisis management missions
• information and appendices relating to compensations paid under the Act, salary and compensations for conditions
• information on education and knowledge and skills
• work experience (actual employer)
• completion dates of maintenance flights
• leaves of absence
• checklist on departure and return preparations for HR personnel
• consent to disclose information:
o consent to disclose contact details for educational and research purposes
o consent to disclose contact details for the media
6. Regular sources of data
All personal data stored in the register is provided by the person themselves when they participate in crisis management training or exercises or when the person is a candidate for expert tasks. When applying for different activities, the person fills in a personal data form.
Training specialists, HR specialists and HR assistants maintain and update the data in the register. The data to be updated in the register is provided by the person themselves or obtained in connection with an official action concerning the expert.
7. Disclosure or transfer of data outside the European Union or the European Economic Area
Individual pieces of data in the register of experts may be disclosed, also with the aid of a technical interface, to international organisations or actors carrying out a crisis management mission for the purpose of recruiting the expert in question. Before disclosing data, the party requesting the data must provide a statement detailing the appropriate protection of the data.
The data in the register is stored physically in data centres within the EU. No data is transferred outside the EU/EEA.
8. Recipients of data
The data in the register is received by Sympa Oy Finland, which acts as the processor of personal data and which is the service provider and administrator of the register of experts of the Crisis Management Centre.
A limited number of members of the service provider’s service delivery, maintenance, security and service teams have access to stored data to the extent that this is necessary for the functionality of the system and the maintenance of the service. A security clearance is conducted on the employees.
The service provider has ISO 9001 quality management systems certificate and ISO 27001 information security management systems certificate.
The data in the register of experts may be disclosed, also with the aid of a technical interface, to the Ministry for Foreign Affairs, the Ministry of the Interior, the European Union, international organisations or other actors carrying out the mission for recruitment, training and research purposes.
9. Principles of filing system protection
Users have a personal user ID and password. Users have access only to the part of the register they need. The data in the register is strongly encrypted. Customer data is backed up every day and full backups are made once a week.
In other respects, the Act on the Openness of Government Activities (621/1999), the EU’s General Data Protection Regulation (2016/679) and the Data Protection Act (1050/2018) apply to the non-disclosure and disclosure of data.
10. Data storage period
As provided by law, data is stored in the register for ten years after the end of the person’s last employment relationship, training or exercise unless they have requested that the data on them be erased sooner.
(Section 20 of the Act on the Participation of Civilians in Crisis Management (1287/2004))
For those who have only been proposed as candidates for a position but have not been in an employment relationship, training or exercise over the period of ten years, the data is stored for twelve months after the actor carrying out the mission has announced that the application process has ended.
11. Right of access
The person has the right to access the data stored in the filing system. The right of access is in accordance with the legislation in force.
Requests can be sent by email to: hr(at)cmcfinland.fi or by post to: Crisis Management Centre, PO Box 1325, 00521 Helsinki.
Read more about sending a request for access to data:
When you want to inspect your data | Office of the Data Protection Ombudsman
12. Right to request rectification
A data subject has the right to request that the controller rectify inaccurate and incorrect data concerning the data subject.
Requests for rectification of the data can be sent by email to: hr(at)cmcfinland.fi or by post to: Crisis Management Centre, PO Box 1325, 00521 Helsinki.
Read more about sending a request for rectification:
If you want to have your data rectified | Office of the Data Protection Ombudsman