1. Controller Finnish Meteorological Institute PO Box 503, Erik Palménin aukio 1, FI-00101 Helsinki, Finland tel. +358 29 539 2141, kirjaamo(at)fmi.fi 2. Register contact person Ismo Karjalainen tel. +358 29 539 2106, ismo.karjalainen(at)fmi.fi

3. Data Protection Officer Jaana Palmunoksa tel. +358 29 539 2310, jaana.palmunoksa(at)fmi.fi 4. Name of the register Finnish Meteorological Institute’s Weather application and My Observations function

5. Purpose of processing personal data The purpose of the data is to collect information on weather observations from volunteers: what, where and when something occurs concerning the weather. Observations are used in, for example, short-term forecasts, in the preparation of weather warnings and for research purposes. The My Observations device ID identifies the device in which the application is installed and an observation has been made. The purpose of the generation of this device ID is to allow the system to record how many observations have been made on each device. For users that have logged in, the corresponding information is based on their phone number. Users cannot see each other’s device IDs or phone numbers. The application uses geographic data to transmit weather information regarding the user’s location and to determine the location of observations made with My Observations. Background location monitoring is required for the application’s widget. Geographic data is not transmitted to third parties. You do not need to send your own observations to use the Weather application.

6. Legal basis for the processing Consent of the sender of observations

7. Data content of the register The device ID (random string generated by the application), time and location, observation, additional information field (optional) and, for users that have logged in separately, their phone number, name (optional), city/municipality (optional), country (optional), email address (optional) and photos sent to the Finnish Meteorological Institute (optional).

8. Regular sources of information Users of the application

9. Recipients or recipient groups of the personal data Employees of the Finnish Meteorological Institute whose duties require them to examine the observations produced in the Weather application.

In addition, possible partners of the Finnish Meteorological Institute to whom observations can be shared for research purposes or to describe a weather situation. In such cases, information on the device ID and phone number is not disclosed to third parties.

10. The transfer of personal data outside the EU or EEA The application uses the Google Firebase service to authenticate users and store users’ observations, for which we use Firebase Authentication, Cloud Functions for Firebase, Cloud Storage for Firebase and Cloud Firestore. Read more about privacy and security in Google Firebase here: https://firebase.google.com/support/privacy

11. Register protection principles Persons employed by the Finnish Meteorological Institute whose duties require processing personal data have the right to process personal data. The data cannot be accessed by anyone, but it is stored behind user IDs and passwords.

12. Retention period and criteria for determining personal data The data will be stored as long as it is needed for the purpose for which the data has been collected, for example, for research purposes concerning observations.

13. The rights of a data subject Users have the right to know whether data concerning them may have been stored in the system and to request their erasure if necessary.

Data may be transferred from one system to another. If data is transferred outside the Finnish Meteorological Institute, the data that uniquely identifies persons/devices, that is, the device ID and, for users that have logged in, the phone number, will be erased. In this case, the person who have made an observation is unknown.

The user has the right to restrict the processing of their personal data. The user may object to the processing of their personal data.

14. The right to submit a complaint to the supervisory authority The user has the right to submit a complaint to the supervisory authority if the user believes that the processing of the personal data concerning them is in violation of the applicable data protection legislation.

15. Other information See Introduction page for the My Observations function: https://en.ilmatieteenlaitos.fi/my-observations