Fintraffic Vessel Traffic Services Ltd
Tel. +358 29 450 7000
2. Contact person for filing system matters
Juhana Herttuan puistokatu 21
Tel. +358 40 551 7662
3. Name of filing system
Vessel traffic monitoring system (VTS, AIS and enterprise resource planning systems and the marine VHF system)
4. Purpose of personal data processing
Implementation of a traffic control and information system for the provision of services under the Vessel Traffic Service Act and the Maritime Search and Rescue Act. The legal basis for processing personal data is the legislation under which processing is necessary for compliance with an obligation to which the controller is bound (performance of national functions under the Vessel Traffic Service Act, Maritime Search and Rescue Act, Territorial Surveillance Act and the EU Directives on monitoring and reporting formalities).
Performance of the supervision obligation under section 18 of the Vessel Traffic Service Act and section 18 of the Pilotage Act.
5. Data content of the filing system
- Names, usernames and contact details of persons involved in the use of vessel traffic control and management systems, and the names, usernames and contact details of persons related to the maintenance of the system for the purpose of managing system access rights and log files in accordance with data security requirements.
- AIS identification data of Class B vessels collected by the system (AIS information of leisure vessels).
- Recordings of the system’s camera surveillance service, which may include vessel registration numbers.
- Names of pilots and holders of a Pilotage Exemption Certificate regarding the supervision of piloting.
- Personal data related to incident reports (names and contact details of persons involved in the reported incident and descriptive details of the incident).
- Pilotage Exemption Certificate numbers, stored in the VTS system.
- Personal data received in verbal communication through the marine VHF system and DSC messages (e.g. vessel identification data, location, name of person reporting the incident that poses a threat to sea traffic, the name of the person in distress, name of the person relaying the distress signal, data describing the state of health of the person in distress.) Data is transmitted to maritime search and rescue officials and rescue departments. The data is stored for the purposes of safety investigation and legal proceedings.
6. Regular sources of data
- The names of persons using and maintaining the system are collected in the course of the controller’s activities to enable the required level of data protection and security of systems.
- AIS and camera surveillance data are collected on the basis of the controller’s statutory obligations.
- Names of persons collected for the purpose of performing supervision of pilotage are received from the Traficom pilot licence information system (Solmu).
- Incident reports are created on the basis of the controller’s statutory obligation and in accordance with the operating processes of Vessel Traffic Centres.
7. Regular disclosures of data
- AIS data are regularly disclosed to other authorities (Finnish Border Guard, Finnish Defence Forces, Finnish Transport Infrastructure Agency and Traficom). The bases for disclosure are the performance of duties related to maritime search and rescue, territorial surveillance and environmental protection and the promotion of national security, marine conservation and safety at sea. Data are disclosed to parties specified in the legal provisions.
- Incident reports are disclosed to other authorities responsible for the matter and used in accident investigations and legal proceedings, among other purposes.
8. Transfers of data outside the EU or EEA
Data in incident reports may be transferred outside the EU if the reported incident involved parties from countries not part of the EU.
9. Principles of protection of the filing system
A. Manual material
Not in use.
B. Electronic material
Data are stored in the system’s internal, secure storage services. Access to the data is classified and subject to a high standard of security procedures. Data are disclosed only on legal grounds.