Social Media Privacy Statement

The Blood Service is responsible for blood supply throughout Finland. Social media is an important communication channel between the Blood Service and donors. The Blood Service uses social media channels for current communications and campaigns, interaction and customer service (including comments and private messages), as well as for recruiting new donors.

The social media channels used by the Blood Service are Facebook, Instagram, Threads, LinkedIn, TikTok, and YouTube.

Processing of personal data in social media

Why is my data collected?

The purpose of the processing of personal data is to inform about the Blood Service’s activities and to provide customer service on social media platforms.

The processing of personal data by the Blood Service is based on:

• the legitimate interest of the Blood Service to communicate about its activities and to respond to contacts received via social media when processing messages and content that users have themselves published or sent to the Blood Service, either publicly or privately; and
• the implementation of statutory and societal duties when communication relates to organising blood supply, safeguarding services needed by healthcare, or other duties of the Blood Service.

What data about me is collected?

All comments published and private messages sent on a social media platform are automatically stored on that platform.

Personal data may also be processed in a separate social media management service, Hootsuite. The service is used to analyse the performance of social media content and to manage the content of the Blood Service’s accounts, including messages and comments. Only personal data defined as public by the user or sent privately to the Blood Service is processed in the service.

The following personal data may be processed on social media platforms:

• public profile data of social media users (username, profile picture, bio/public presentation text, possible gender and age recorded in the system, interests and location)
• users’ public posts, comments and messages on the Blood Service’s social media accounts
• private messages sent by users to the Blood Service

The Blood Service complies with the privacy practices of each social media platform. Privacy policies are available on each platform.

Where does the data come from?

In social media, only data that the user has personally published on social media platforms or sent privately to the Blood Service is processed.

What is my data used for?

The Blood Service targets communication on social media to inform blood donors and stakeholders, recruit new blood donors and members to the Stem Cell Registry, and provide content about the Blood Service’s activities.

The Blood Service uses tools provided by social media platforms and a social media management tool to target communication. Targeting is based on demographic data such as age and gender, location data, and interests. In addition, communication is targeted based on the language in which the user uses social media platforms. Users can manage targeting settings directly in each platform’s settings.

The Blood Service receives information from social media service providers on how many different users have seen targeted communications, how many times the targeted communications have been viewed in total, and where the targeted communications were displayed. Reports on communication targeting include general demographic data and information on how users interacted with the message. Individual users cannot be identified from this information.

Discussions on the Blood Service’s social media channels are monitored, and customer service operates during office hours.

Is my data disclosed outside the Blood Service?

Personal data is not disclosed to third parties for their own purposes. However, data may be processed by service providers. The Blood Service uses a separate service, Hootsuite, for social media management, which acts as a processor of personal data. The service processes personal data for managing social media channels, responding to communications, and reporting. Within the Blood Service, personal data is processed by communications professionals.

Social media platform providers are responsible for the technical functioning of their services and act as controllers for personal data processed within their services, and are therefore responsible for privacy practices and the protection of the data they collect.

Is my data transferred outside the EU?

Servers of social media platforms and the social media management tool may be located outside the EU/EEA.

Social media platforms are responsible for the data protection of their own services. Information on server locations and applied safeguards can be found in their privacy policies.

The Blood Service processes personal data within the EU/EEA. The Blood Service uses the Hootsuite service for social media management, in which data is also transferred and processed outside the EU/EEA in Canada and the United States. Transfers are based on EU-approved safeguard mechanisms, such as Standard Contractual Clauses (SCC) and the EU–U.S. Data Privacy Framework. Data is protected through encryption, access control, and other security measures.

How is my data protected?

Employees and service providers of the Blood Service are bound by confidentiality obligations. Access to the register is restricted with user credentials to those who need the data for their work tasks. The Blood Service ensures the competence of personnel involved in processing personal data through regular training and guidance. The Blood Service follows principles of healthy public discussion on its social media channels and intervenes in all forms of harassment.

You can review the security practices of social media channels from the privacy policies of the service providers.

Is profiling or automated decision-making carried out based on my data?

The Blood Service does not carry out profiling or automated decision-making targeting individuals that would have legal or similarly significant effects on the data subject.

Social media communication is targeted at a general audience level based on demographic and interest data using platform tools, and individual users are not identified or processed separately.

How long is my data retained?

Social media service providers define the retention periods for personal data on their platforms. Personal data is processed only as long as necessary for communication purposes or until the user no longer interacts with the Blood Service on social media.

The social media management tool stores private messages sent to the Blood Service for six weeks. Other data is not stored in the system but retrieved in real time.

Inappropriate messages may be removed, and users repeatedly violating rules may be prevented from communicating on the Blood Service’s social media channels. The sender is not notified of message removal or blocking.

How can I access my data and correct inaccurate data?

You have the right to access data concerning you, rectify inaccurate data, and erase your data.

The data subject may exercise their rights by contacting the Blood Service as far as the processing relates to the Blood Service’s activities.

For matters related to processing on social media platforms, the data subject may also contact the respective platform provider.

Can I request deletion of my data or prohibit its use?

An individual can delete their own data or interaction with the Blood Service on social media channels. An individual can also request the Blood Service to delete their private message.

Can I lodge a complaint with a supervisory authority?

You have the right to submit the lawfulness of the controller’s activities for assessment by the Data Protection Ombudsman.

Contact details

Finnish Red Cross, Blood Service

Härkälenkki 13

01730 Vantaa

Tel. +358 29 300 1010

Controller responsible for the register

Director of Communications and HR Willy Toiviainen, Tel. +358 29 300 1830

Other contact details

Communication and Marketing: info(at)veripalvelu.fi
Data Protection Officer: tietosuojavastaava(at)veripalvelu.fi

Facebook
Instagram
Threads
Linkedin
TikTok
YouTube