Updated on 25 February 2022
1. Name of the register
Maritime Search and Rescue Register
2. Data controller
Headquarters of the Finnish Border Guard
Vilhonvuorenkatu 6
00500 Helsinki, Finland
Switchboard +358 295 420 000
[email protected]
P.O. Box 3
00130 Helsinki, Finland
3. Contact person in matters concerning the register
Lieutenant Commander Maija Laukka
Headquarters of the Finnish Border Guard
tel. +358 29 542 1113
[email protected]
4. Data protection officer for the data controller
Senior Officer Sami Piispanen
Headquarters of the Finnish Border Guard
tel. +358 29 542 1000
[email protected]
5. Legal basis for processing personal data
- Maritime Search and Rescue Act (1145/2001) sections 12-20.
- Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation)
- Data Protection Act (1050/2018)
- Border Guard Act (578/2005)
- Act on the Processing of Personal Data by the Border Guard (639/2019)
6. Purpose of processing personal data
In order to appropriately perform the duties of maritime search and rescue services and subsequently clarify emergency situations and the related search and rescue measures, the Headquarters of the Finnish Border Guard (data controller) uses automated data processing to maintain a national Maritime Search and Rescue Register of action plans prepared for emergency situations and the emergency notifications it receives as well as the measures taken based on them.
7. Data sources
The source data primarily comes from the person in distress or the person submitting the emergency notification. The information may be received by telephone, radio or a technical system. After this, information is collected from other possible data sources and maritime search and rescue units as permitted by the Maritime Search and Rescue Act.
Official registers provide the information needed to update personal data.
A. Manual data:
- various reports (e.g. printout of an event summary report)
- lists of measures (printout from the maritime rescue information system, which is then archived)
- separate messages, such as faxes and e-mails
- bulletins
- audio, image and video material
- register data for the subject (e.g. Lloyds or watercraft register)
- any requests for executive assistance.
B. Data in electronic format:
System connections:
- from the registers of security authorities via the Ulkonet connection
- ship and watercraft register
- fishing vessel register
- unit status and location data
- 112 Suomi application
- DNA, ELISA and TELIA customer information and mobile phone positioning service
- register of telecommunications operators
- National emergency locator transmitter register
- Maritime situational picture
- PORTTI user rights
- Cospas-Sarsat alert information
- Finnish Meteorological Institute weather and warning services
- safety map of the authorities
- logging services
- switchboard and voice recording system
- reports
- event summary reports.
Maritime Search and Rescue Register data:
In order to maintain the preparedness of maritime search and rescue services, the following data may be stored in the Maritime Search and Rescue Register: the preparedness, identification and contact information of persons prepared to perform search and rescue duties, the identification information of emergency position indicating maritime radio beacons, aviation emergency locator transmitters and personal locator beacons, and the contact information reported by the holders of the devices in case of accidents.
Information relating to the submission and receipt of emergency notifications may be stored in the Maritime Search and Rescue Register as follows:
- to identify the person who submitted an emergency notification, information on name, the personal identity code or date of birth, place and country of birth, gender, citizenship or nationality and other identification and contact information
- the date, time and manner of submitting the emergency notification
- identification information of the subscription and location data of the terminal device relating to the emergency notification and information on the subscriber, user and installation address
- name and other identification and contact information of the emergency notification recipient.
Information regarding an emergency situation may be stored in the Maritime Search and Rescue Register as follows:
- to identify the person subject to the emergency notification or rescued from an emergency situation, information on their name, personal identity code or date of birth, place and country of birth, gender, citizenship or nationality, and other identification and contact information
- information on the state of health of the person, if the information can be assumed to be significant to the appropriate performance of search and rescue measures
- information on treatment measures performed on the person rescued from an emergency situation
- other information on measures performed due to the emergency notification or during the emergency situation.
A recording or other technical record of the emergency notification may be stored in connection with the register data.
8. Regular disclosure and use of data
Information relating to a maritime search and rescue operation, excluding mobile device location information and personal data other than vessel and aircraft identification numbers, may also be processed, notwithstanding confidentiality provisions, in order to produce and maintain the national situational picture referred to in Article 25 of Regulation (EU) 2019/1896 of the European Parliament and of the Council on the European Border and Coast Guard and repealing Regulations (EU) No 1052/2013 and (EU) 2016/1624, if the incident has a connection with border security.
Provisions on the processing of data in the Maritime Search and Rescue Register for purposes other than the original purpose are also laid down in section 16 of the Act on the Processing of Personal Data by the Border Guard.
Disclosure of personal data:
According to section 17a of the Act on the Administration of the Border Guard, the non-disclosure obligation of an official who belongs to Border Guard personnel does not prevent the provision of information to a public authority or an organisation performing a public service task that, on account of its statutory duty, needs to obtain information on a fact otherwise to be kept secret or about a person’s reliability or suitability for a duty. Provisions on the disclosure of information for the purpose of verifying the reliability of a person applying for or operating in security-sensitive duties are separately provided by law.
In addition to the above, the Finnish Border Guard may disclose personal data with the aid of a technical user connection or as a set of data as outlined in the Act on the Processing of Personal Data by the Border Guard or elsewhere in the law.
The Finnish Border Guard also has the right to disclose data from the Maritime Search and Rescue Register in international cooperation. However, data is not regularly disclosed or transferred to other countries.
Decisions on the disclosure of data from the Maritime Search and Rescue Register are made by the data controller or some other administrative unit assigned by the controller to carry out this duty if the disclosure takes place with the aid of a technical interface or as a set of data or if it involves disclosure of other than individual data abroad.
9. Quality of the register and principles of protection
The register is a permanent information system maintained with the help of automated data processing and intended for national use by the Finnish Border Guard and its, Uunauthorised use of the register has been prevented by means of IT solutions. The user has a personal user ID and password granted in accordance with the data controller's instructions.
The electronic data of the Maritime Search and Rescue Register is registered in the MEPE information system. Emergency call recordings and similar technical records are stored in a separate information system at the Maritime Rescue Co-ordination Centre.
The paper documents of the Maritime Search and Rescue Register are stored in facilities restricted by access control.
10. Storage period for personal data
Personal data will be erased from the Maritime Search and Rescue Register as soon as its storage is no longer necessary for the purpose of registration outlined in section 12 of the Maritime Search and Rescue Act. However, personal data other than that relating to the maintenance of maritime search and rescue preparedness will be erased from the Register no later than within 10 years of the event.
The Finnish Border Guard must review the necessity of the data in the Maritime Search and Rescue Register at the latest two years after storage of the data in the register.
Information found to be incorrect must be marked as incorrect. The data may be stored in connection with corrected data if this is necessary to safeguard the rights of the data subject, other interested parties or Finnish Border Guard personnel. Such data may only be used for the purpose of safeguarding those rights. Data found to be incorrect must be erased as soon as it is no longer necessary to store the data in order to safeguard the rights.
11. Publicity of the data
Data sets contained in the Maritime Search and Rescue Register are confidential (Act on the Openness of Government Activities (621/1999), section 24, subsection 1, paragraphs 5, 8, 25 and 31). Data sets are not accessible through an open technical interface.
12. Right of access
Notwithstanding confidentiality provisions and after indicating the information needed to search access the data, everyone has the right to know which data concerning them has been stored in the personal data register or that the register does not contain any data concerning them.
The rights of the data subject may be restricted if this, considering the rights of the data subject, is proportionate and necessary.
Under Section 34 of the Data Protection Act, the data subject does not have the right to access data collected about them if:
- providing access to the data could compromise national security, defence, or public order and security, or hamper the prevention or investigation of offences
- providing access to the data could seriously endanger the health or treatment of the data subject or the rights of some other person; or
- the personal data is being used for monitoring and inspection purposes and refusal to provide access to the data is necessary to safeguard an important economic or financial interest of Finland or the European Union.
If only part of the data relating to the data subject is excluded from the right of access, the data subject has the right to access the other data relating to them.
The data subject will be notified of the reasons for the restriction except in cases where this would endanger the purpose of the restriction.
If the data subject does not have the right to access the data collected about them, the data referred to above must be provided to the Data Protection Ombudsman at the request of the data subject.
Provisions on the data subject exercising their rights through the Data Protection Ombudsman are outlined in section 21 of the Data Protection Act. The request to exercise rights must be made to the Data Protection Ombudsman or to the data controller. A request to the data controller or another authority must be submitted to the Data Protection Ombudsman without delay.
Referral of a matter for consideration by the Data Protection Ombudsman
The data subject may refer a negative decision concerning the right of access made by an authority concerning the right of access and the correction of an error to the Data Protection Ombudsman by means of a letter addressed to them.
Address:
Data Protection Ombudsman
P.O. Box 800
00531 Helsinki, Finland
Street address:
Lintulahdenkuja 4
00530 Helsinki, Finland
13. Implementation of the right of access
When exercising their right of access, the data subject must make a request to this effect in person at the Headquarters of the Border Guard or Coast Guard or to the data controller and prove their identity.
In order to facilitate the implementation of the right of access, a separate form has been prepared. Using the form is not an absolute prerequisite for exercising the right of access; the request may also be submitted in writing by another document.
Access to the data is provided by the data controller or a person appointed by the controller to manage register matters, who provides the data subject with an opportunity to view their data. The data is provided in writing upon request.
The data and measures related to exercising the right of access are free of charge.
If the data subject's requests are clearly unfounded or unreasonable, in particular due to their frequency, the data controller may either:
a) charge a reasonable fee, taking into account the administrative costs of providing data or messages or performing the requested action; or
b) refuse to perform the requested action.
In such cases, the data controller must be able to demonstrate that the request is clearly unfounded or unreasonable.
The fee for checking the data is determined on the basis of the Act on Criteria for Charges Payable to the State (150/1992) and the Ministry of the Interior decree issued under it.
14. Right to rectify or supplement data
The data subject has the right to demand that the data controller rectifiesy inaccurate and incorrect personal data concerning the data subject without undue delay. With consideration to the purposes for which the data was processed, the data subject has the right to supplement incomplete personal data, for example, by providing additional data.
15. Right to restrict processing
Article 18 of the General Data Protection Regulation concerning the data subject’s right to restrict processing does not apply to data processing in the Maritime Search and Rescue Register (section 52 of the Act on the Processing of Personal Data by the Border Guard).
16. Notification concerning the processing of personal data and right to file an appeal with the supervisory authority
If the data subject wants to report a problem concerning the processing of their personal data, they must primarily contact the data controller's representative/data protection officer.
The data subject also has the right to appeal to the supervisory authorities concerning the processing of their data. In Finland, the supervisory authority is the Data Protection Ombudsman (tietosuoja.fi).
17. Availability of the privacy statement
The privacy statement is available to everyone at the premises of the data controller and at each administrative unit.
The privacy statement is also available on the Finnish Border Guard's public data network (raja.fi).