Privacy notice – Information about participants in the Hygiene Passport test

Controller

Finnish Food Authority

PL100, 00027 RUOKAVIRASTO (Alvar Aallon katu 5, 60100 Seinäjoki)

029 530 0400 (switchboard), kirjaamo@ruokavirasto.fi 

Contact person in matters related to the register

Satu Meririnne

PL 100, 00027 RUOKAVIRASTO (Mustialankatu 3, 00790 Helsinki)

029 530 0400 (switchboard), hygieniapassi@ruokavirasto.fi 

Contact details of the Data Protection Officer

Hanna Westinen

PL100, 00027 RUOKAVIRASTO (Alvar Aallon katu 5, 60100 Seinäjoki)

029 530 0400 (switchboard)

tietosuojavastaava@ruokavirasto.fi 

Purpose and legal basis of personal data processin

The register is kept for the purpose of issuing a Hygiene Passport in accordance with Section 19 of the Food Act (297/2021). The maintenance of the register is based on section 79 subsection 4 section 1 and section 80 subsection 4 of the Food Act.

Register information content

The register stores information about the name and Finnish personal identity code or date of birth of the persons who participated in the Hygiene Passport test, the time and place of the Hygiene Passport test, the passing of the test and the date of issuance of the Hygiene Passport. The register contains information about some of the persons' completed food industry degree or training.

Regular sources of information

The information about the registrant is the information provided by the Hygiene Passport Examiner who issued the Hygiene Passport. When the Examiner issues a Hygiene Passport and uses the interface from the Food Authority's Hygiene Passport datasystem to the Digital and Population Data Service Agency, the person's valid name information comes through the interface based on the Finnish personal identity code.

Regular disclosure of information

Information will be released upon request based on the Act on the Openness of Government Activities (621/1999), if the requested document has become public. Disclosure of non-public documents is done at discretion.

When a Hygiene Passport Examiner orders a Hygiene Passport through the Hygiene Passport datasystem, the Food Authority hands over the persons information to the printing house that prints the Hygiene Passports.

Transfer of data outside the EU/EEA or to an international organisation

Data from the register will not be disclosed outside the EU/EEA area.

Retention period of personal data

The data collected in the register will be stored only as long as and to the extent necessary in relation to the original or compatible purposes for which the personal data have been collected.

According to the Food Authority's regulation on hygiene competence, Hygiene Passport Examiners and in some cases the Food Authority keep the paper documents on the basis of which they have issued Hygiene Passports for five years from the moment the Hygiene Passports were issued, and rejected test forms for three months from the date of the test. The documents are destroyed when the prescribed filing period has been reached.

The storage periods of the registered data in the Hygiene Passport datasystem are defined in the data control plan.

The information of the registrants is temporarily stored in the electronic information system of the printing house that prints the Hygiene Passports. The information is destroyed 45 days after the information has been received to the printing house.

Principles of the protection of the register

The security of the register and the confidentiality, integrity, and availability of personal data are ensured by appropriate technical and organisational measures.

Only the Hygiene Passport Examiner has access to his/hers own paper document archive. Only members belonging to the maintenance group of the Food Authority's Hygiene Passport system have access to the paper document archive located at the Food Authority.

The information of the registrants is protected in the electronic Hygiene Passport datasystem as follows, so that only persons belonging to the maintenance group of the Food Authority's Hygiene Passport system have access to the register data. These persons are verified as correct in the Hygiene Passport datasystem with strong identification. At the request of the Food Authority the administrator of the Hygiene Passport datasystem can process register data. The administrator of the Hygiene Passport datasystem takes a backup of the registry data every day. Hygiene Passport Examiners have the right to see the register's electronic information about persons to whom they have issued Hygiene Passports for five years since they issued the Hygiene Passports. Hygiene passport Examiners are verified as correct in the Hygieniapass information system with strong identification.

The data of the registrants in electronic form is protected in the printing house that prints the Hygiene Passports, so that only persons authorized to access the printing house's electronic system have the right to see the data.

Rights of the data subject

The registrant's rights are determined according to Articles 15-22 of the EU Data Protection Regulation.

Right to review and rectify the data

The inspection request must be submitted in a manually signed document. Review requests cannot be made over the phone. Anyone requesting information under the right to review the data may also request a review in person by visiting the controller. You need to be prepared to prove your identity. When information is requested, the information necessary for searching for and supplying the information must be provided. These include, for example, name, address, and e.g. a social security number if necessary, the relevant data to be reviewed, and whether all data or data for a specific period are to be reviewed.

The form for requesting review can be found at www.ruokavirasto.fi 

An individual request for review or rectification is made by submitting the request to the controller (kirjaamo@ruokavirasto.fi) or the Data Protection Officer (tietosuojavastaava@ruokavirasto.fi).

Right to complain with a supervisory authority

The data subject has the right to complain to the supervisory authority if the data subject considers that the processing of their personal data violates the applicable data protection regulations. The supervisory authority is the office of the Data Protection Ombudsman, whose contact details can be found at www.tietosuoja.fi

Page last updated 8/13/2024