Processing of personal data in foreign vessel traffic
Purpose of processing personal data
The purpose of the processing is to collect personal data entered in arrival and departure notifications in accordance with the Vessel Traffic Service Act (623/2005), to collect personal data regarding the vessel’s head of security based on Directive 2010/65/EU of the European Parliament and of the Council on reporting formalities for ships arriving in and/or departing from ports of the Member States and repealing Directive 2002/6/EC, to ensure the national internal order and security, to carry into effect the customs legislation, tax legislation, immigration legislation, environment legislation and health legislation, to carry out border controls of the crew and passengers on ships in foreign traffic based on the Border Guard Act (578/2005) and the Customs Act (304/2016) as well as the Schengen Borders Code (Regulation (EC) No 562/2006, to implement and control fairway dues based on the Act on Fairway Dues, to process and respond to customer feedback and questions related to foreign vessel traffic services as well as to transmit feedback on accessibility related to the Portnet system to the Finnish Transport and Communications Agency (Traficom).
The basis for the legal processing of personal data in accordance with the Data Protection Regulation is compliance with the controller’s statutory obligation.
Categories of personal data
Ship’s crew – data to be collected are their first and last name, date of birth, type of identity card and number, type of residence permit or Visa as well as number, person’s rank or qualifications on the ship, place of birth, nationality, gender and details of exit from the ship. Health details are collected if health problems have been reported on the ship.
Ship’s passengers – data to be collected are their first and last name, date of birth, type of identity card and number, type of residence permit or Visa as well as number, port of arrival and port of exit, place of birth, nationality, gender and details of exit from the ship. Health details are collected if health problems have been reported on the ship.
Heads of security of the ships – data to be collected are their first and last name as well as round-the-clock contact details, such as telephone number, email address and fax number.
Ships representatives – data to be collected are the first and last name of the representative’s contact person (optional) as well as username.
Data collected of shipping companies/ship owners are the first and last name of the shipping company’s/ship owner’s contact person.
Sources of personal data
Personal data to be processed in foreign vessel traffic are provided by the ships representatives.
Regular disclosures of personal data
Personal data of foreign vessel traffic are disclosed to other authorities for carrying out official duties prescribed by law. The data are disclosed as data transfers via a technical interface to Customs enforcement for control measures as well as to the Border Guard for border control.
Persons who can access crew and passenger data of the foreign vessel traffic as well as data of the customer register (including ships representatives and shipping companies) in the Portnet system, do so with separately granted usernames. These persons include representatives of foreign vessel traffic, port representatives and heads of security, forwarding agencies, system supplier, supplier of the data centre service, Border Guard, Finnish Institute for Health and Welfare, Finnish Defence Forces, Customs’ sea traffic group, personnel of Customs’ Enforcement and the Customs Office Department, persons in charge of the development of Customs’ Portnet and personnel on-call at Customs Electronic Service Centre. The scope of the user rights are determined according to the rights and tasks.
Holders of Portnet master user IDs are Customs, the Finnish Transport and Communications Agency and the supplier of the system. Holders of the master user ID can access data of the crew and passengers, the customer register as well as data concerning user IDs.
Customer feedback and questions related to foreign vessel traffic are processed by persons assigned to the task.
Personal data retention and disposal times
Crew and passenger lists are presently stored for ten (10) years in accordance with Customs’ data management plan. The storage time according to the EU NSW Guidelines is at least five (5) years.
Customer feedback and questions are not stored; instead, they are disposed of after processing.
Contact person of the data controller and additional information
Jouni Ukko
jouni.ukko(at)tulli.fi