Suomeksi På Svenska

Privacy Statement

Etusivu / Privacy Statement

This Privacy Statement describes how the Federation of Professional and Managerial Staff collects, processes and discloses personal data in its operations.

 

1. Data Controller

  • Federation of Professional and Managerial Staff (YTN), Ratavartijankatu 2, FI-00520 Helsinki, Finland ytn@ytn.fi
  • Contact person in matters concerning the register: tietosuojavastaava@ytn.fi
  • Name of the register: YTN’s general personal data register

2. Purpose of processing personal data

The Federation of Professional and Managerial Staff (YTN) is a private sector negotiation organisation at Akava. We are responsible for the negotiations and contracts on behalf of professional and managerial staff. In order to carry out its activities, YTN processes personal data, for example, in order to ensure the operating conditions of personnel representatives (e.g. training, information, certificates for  employers) and to support workplace activities through, for example, staff associations and clubs. In addition, YTN uses personal data, for example, to communicate with YTN officials (named employees of member unions, employees of YTN’s internal bodies), to train them and for YTN’s basic operations. Personal data is also used to develop the services provided by YTN and to organise employee representative elections for workplaces. You can read more about the operations here.

3. Data content of the register and legal basis for processing

YTN processes data relevant to lobbying and communications, among other things:

  • personnel representatives’ notifications of their roles at the workplaces.
  • information related to personnel representatives’ training, including registrations, maintenance of training history and logins to online training.
  • staff associations and their governance.
  • company-specific information on cooperation negotiations concerning senior salaried employees and local bargaining negotiations.
  • Officials participating in YTN’s practical work (employees of YTN’s offices and member associations, members of YTN’s Board of Directors) and preparation and background groups, members of staff association boards.
  • private sector members of YTN’s member unions covered by YTN’s lobbying. The information in the register is obtained from the notifications of the member unions.
  • the contact details (email address) of the persons entitled to vote in the personnel representative elections at an individual workplace, which will be erased after the elections.
  • information provided by members who participated in a strike for the payment of strike allowance.

The following personal data may be collected in the register from the personnel representative’s e-service notifications:

  • first name, last name, social security number, contact details such as two email addresses, home address, postal code, city, two telephone numbers, member union.

In addition, the personnel representative may provide the following information or part of the following information in the notification of a position of trust:

  • start date, end date, contract branch, applicable collective agreement, role, number of represented employees, staff association and workplace information; company Business ID, company name, the name of the branch, the postal address of the branch, the postal code of the branch and city/town. In addition, personnel representatives register for training in the register, at which time the following information is collected about them: the name of the course and the name of the enrollee, which forms the training history.

The following information about the members of member unions can be collected in the register:

  • last name, first name, title, trade union, date of birth, social security number, telephone number, two email addresses, address, city and postal code, date of data transfer, and workplace information; employer, the name of the workplace, business ID, address, city/town and postal code.

In addition, when applying for strike allowance, the members state their bank account number and strike dates.

In addition, YTN may use cookies on its website to analyse the use of the website. You can read more about the cookies we use at the bottom of this page.

The legal basis for processing personal data is consent or, in the case of personal data received from member associations, legitimate interest. The processing of data processed on the basis of legitimate interest is necessary for YTN’s operations, and YTN’s processing of personal data cannot be considered surprising or particularly extensive. Trade union membership data is processed in connection with YTN’s lawful operations and this data is protected by appropriate safeguards.

Personal data is not used for automated decision-making.

4. Regular sources of information

Information is submitted to the register by YTN personnel representatives, company association members, other YTN members and applicants for strike allowances, co-operation notifications, YTN officials themselves and YTN member associations.

5. Regular disclosures and transfers of data

Data is disclosed or transferred:

  • for the lobbying needs of members’ unions’ experts and salaried employees.
  • to YTN officials for contract branch-specific communications and the verification of membership information.
  • for use by employees of YTN member unions responsible for the payment of strike allowances
  • to shop stewards and other personnel representatives in order to identify those represented and manage communications and lobbying
  • to personnel representatives if they represent the persons in question at their own workplace and the personnel representative does not receive information from the person’s employer, for example, for the purpose of informing or organising elections (at a workplace without a personnel representative, the information is also provided to the person/group organising the election)
  • to other persons registered in the online service, if you have given your consent to this
  • to enable you to log in to other services we provide using SSO
  • for the implementation of communications, including the use of a newsletter tool such as
    • Liana Technologies Oy
  • for research purposes, including conducting surveys
  • For IT service providers such as
    • Mediamaisteri Oy
    • Microsoft
    • Somic Oy
    • Valve Branding Oy
    • Vitec Oats Oy
    • Webropol Oy
  • to financial management service providers such as
    • Fennoa Oy
    • Taloushallinta Uniikki Oy
  • travel service providers such as
    • Elämys Travel Design Oy
  • when we estimate that disclosing personal data is necessary in order to enforce our rights, protect your or others’ safety, investigate misuse or respond to requests by authorities
  • data is not disclosed for direct marketing purposes

6. Data transfers outside the EU or the EEA

As a rule, data is not transferred outside the EU or the European Economic Area. However, our service providers may process personal data outside the EU or EEA, but always with the safeguards required by the EU General Data Protection Regulation (GDPR), such as using standard contractual clauses approved by the EU Commission or applying the EU-US Data Privacy Framework. You can read more about the grounds for transferring personal data on the Data Protection Ombudsman’s website: https://tietosuoja.fi/en/transfers-of-personal-data-out-of-the-eea.

7. Principles of register protection and information security

Access to personal data is strictly restricted by standard technical safeguards. There must be a reason for viewing data, and each data view is recorded in logs. Personal data is protected from external access and the use of member data is monitored.

The register is used by member unions’ personnel, including the contract branch representative, experts, communications personnel, assistants and other officials responsible for lobbying, as well as YTN’s office personnel. YTN’s coordination group decides on the granting of usernames.

The register data is stored on servers that are controlled by the technical service providers for the register, such as Vitec Avoine Oy, or its subcontractor and located in the EU/EEA. The register is protected against external access and access is restricted to those persons who need the data in order to perform their duties. Users of the register have personal usernames and passwords, as well as mandatory two-factor authentication.

A more detailed description of the main register provider’s security measures and data processing principles can be found here (in Finnish): https://www.vitec-avoine.com/turvallisuus/

8. Your rights and storage of personal data

Every data subject has the right of access to review the data recorded about them in the register. You can access the data yourself at: https://asiointi.ytn.fi/ or by sending a request for data access by email to tietosuojavastaava@ytn.fi, which you can also contact if you wish to exercise your other rights.

Every data subject has the right to request the rectification or erasure of incorrect data in the register. You can correct incorrect information yourself at https://asiointi.ytn.fi/ or by sending a rectification request by email to tietosuojavastaava@ytn.fi.

You have the right to receive the data you have provided to us in a machine-readable format and to transfer the data from one system to another if the processing is based on consent and the processing is carried out automatically.

We may process your personal data on the basis of a legitimate interest as part of our operations. In such situations, you have the right to object to the processing of your personal data.

You may have the right to request restriction of the processing of your personal data. Insofar as our processing is based on your consent, you have the right to withdraw your consent at any time by contacting tietosuojavastaava@ytn.fi by email.

You have the right to request the erasure of your personal data from the register. Your data will be deleted when there is no longer a legal basis for processing. Personal data will be erased in any case when it is no longer required for the purpose, unless applicable laws require otherwise for the storage of personal data. The data erasure times are as follows:

  • Members of YTN member unions: the data erasure times depend on how often the member unions submit data to YTN. This period varies, but the maximum erasure time is from weekly erasure up to the erasure of the member’s data within 126 days after the member has resigned from the trade union or requested the deletion of their data from the trade union’s register.
  • YTN officials, YTN’s own employees and YTN’s background group members and board members, personnel representatives, information on the board members of staff associations: within one year after the end of the last official position.

If you think that we are not processing your personal data in accordance with the EU General Data Protection Regulation, you can lodge a complaint with the supervisory authority. In Finland, this authority is the Data Protection Ombudsman.

9. Changes to this Privacy Statement

This Privacy Statement may be updated if necessary, for example, in the event of changes in YTN’s processing or legislation. This Privacy Statement was last updated on 5 February 2025 (YTN’s Board of Directors), published on 12 November 2025.