Familar Foster Family Register Privacy Statement

This privacy statement applies to foster carers of child protection services provided by Familar Oy and its subsidiaries, for whom Familar Oy or its subsidiary acts as the controller.

Familar Oy
Arkadiankatu 6
00100 Helsinki, Finland
Business ID 2300134-8

The data stored in the foster family register is used for the implementation of foster care within the framework of child protection assignments, as well as for other purposes in accordance with the law and consents. The register keeps records of individuals who have expressed an interest in acting as foster carers or are in preparatory training for foster care before the initiation of foster care and the making of the assignment contract.

The processing of personal data is primarily based on legislation related to foster care (Foster Care Act 263/2015) and other applicable laws.

Before the assignment contract is made, the basis for the processing personal data is the legitimate interest of the data controller, which arises when the data subject submits their contact and other personal data to the data controller.

The following data is processed:

• Registered foster carer's and spouse's name, personal identification number, phone number, postal address, email address, profession, education, family members' names, ages, and genders;
• Information about the family's pets and other living conditions;
• Information about the foster carer's and spouse's attendance at pre-service and process training for foster parents;
• Information on the checking of criminal record extracts;
• Description of the family and the overall family situation;
• Children placed in the family for short-term or long-term care;
• Foster carer's special skills and training;
• Whether the family acts as a short-term or long-term foster carer;
• How many children the family can take into placement;
• Are there any limiting factors for placement, such as allergies;
• Preference for the gender and age of the child to be placed;
• Information from the preliminary information form filled out and submitted by the foster carer;
• Other information in accordance with the assignment contract under the Foster Care Act;
• Suitability statement provided by the social welfare authority of the wellbeing services county;
• Final report of the pre-service training;
• Information on communication with the foster carer, changes in the foster carer's or family's circumstances, and information on when these have been reported to the client;
• Other information necessary for foster care.

The primary source of information for the register is the data subject themselves.

Additionally, information may also be collected as needed from Familar's social welfare professionals and, for example, social welfare authorities of the wellbeing services county.

Unless otherwise agreed with the data subject, personal data will be deleted as a rule at the end of the assignment contract, except for information related to payment of fees or other similar necessary information, which will be retained in accordance with the regulations in force at the time, including accounting legislation.

For personal data processed for the provision of foster care, the data will be deleted upon the data subject's request or at the latest five (5) years after the last contact with the data subject.

Personal data are confidential, and the staff have a duty of confidentiality. Information may be disclosed:

Information may be disclosed:

• With the explicit, specific consent of the customer or their legal representative.
• Under the legislation related to foster care or another explicit provision of law.

Routine disclosures of personal data:

• With the consent of the data subject, information may be disclosed to another social welfare unit specified by the customer.

Familar uses subcontractors who process personal data on behalf of Familar. Companies belonging to the same group as Familar may also process personal data on behalf of Familar.

Personal data may be transferred outside the European Union or the European Economic Area, including to the United States, in accordance with data protection legislation and within its limits. In such cases, the primary basis for transfer is the European Commission's decision on the adequacy of data protection in the United States. If personal data are transferred to a country for which the Commission has made an adequacy decision on the adequate level of data protection (Article 45 of the EU General Data Protection Regulation), the primary basis for transfer is the adequacy decision.

The personal data is confidential and is not disclosed to third parties without a legal basis.

Personal data may be used and only to the extent required by their job duties by persons working in the relevant unit or those involved in related tasks on behalf of the unit. The highest management of the controller decides on organizational solutions and defines levels of access rights granted to employees.

Receipt of user IDs is conditional upon signing a confidentiality commitment. Access to electronically processed data is only available with the personal user ID and password of the authorized employee. The use of data is monitored by following log data.

In addition, personal data may be maintained in manual form, such as information on consents and prohibitions given by the customer regarding the disclosure of customer data or signed agreements. Paper archives generated alongside the electronic customer information system are kept in locked and monitored premises.

8.1 Right of Access by the Data Subject (Right to Inspect)

The customer has the right to obtain confirmation from Familar as to whether or not personal data concerning them are being processed. If their personal data are being processed, the customer has the right to receive information about the processing of their personal data, such as the purposes of the processing and the categories of personal data involved. Familar informs about the processing of personal data in its privacy statements. The data subject can also contact Familar regarding the processing of personal data in accordance with section 9 of this privacy statement.

The data subject has the right to inspect the data concerning them that are being processed. An inspection request can be made in accordance with section 9 of this privacy statement. The right to inspection can be denied on grounds provided by law. The exercise of the right to inspection is generally free of charge. However, Familar may charge a reasonable fee based on administrative costs under certain conditions.

8.2 Right of the Data Subject to demand Rectification, Deletion, or Restriction of the Data Processing

The data subject has the right to demand the correction of incorrect data concerning them. Correction requests are made to Familar in accordance with section 9 of this privacy statement. Personal data cannot generally be deleted because their processing is based on legislation and they are subject to a statutory retention obligation. For other data, the data subject has the right to have their personal data deleted under certain conditions, for example, if the processing is based on the data subject's consent and the data subject withdraws their consent, and there is no other legal basis for the processing.

The data subject also has the right to demand that the controller restricts the processing of their personal data, for example, when the data subject is waiting for Familar's response to their request for correction or deletion of data.

Implementation and organization of data correction and restriction of processing

• A request for correction and a request for restriction of processing must be made in writing and addressed to the data controller in accordance with section 9 of this privacy statement. The customer's identity will be verified in a reliable manner.
• If the customer's request is justified, incorrect entries will be corrected and any measures to restrict processing will be implemented.

8.3 Right of the Data Subject to Object to the Processing of Personal Data

The data subject has the right, on grounds relating to their particular situation, to object at any time to the processing of personal data concerning them when the processing is based on the public interest. For example, the data subject has the right to object to the processing of their personal data for information management purposes. The data subject can make their objection in accordance with section 9 of this privacy statement. In their request, the data subject must specify the particular situation on which they base their objection. Familar may refuse to comply with the request for objection on grounds provided by law.

8.4 Right of the Data Subject to Lodge a Complaint with a Supervisory Authority

The data subject has the right to lodge a complaint with the competent supervisory authority (in Finland, the Office of the Data Protection Ombudsman) if the controller has not complied with the applicable data protection legislation in its operations.

In all questions related to the processing of personal data and situations related to the exercise of their own rights, the data subject should contact their Familar contact person or the parent company Mehiläinen at terveystiedot@mehilainen.fi.

Familar may, if necessary, ask the data subject to specify their request in writing, and the data subject's identity may be verified as necessary before taking further action.