The Data Protection Announcement is a general description of how personal data is processed at South-Eastern Finland University of Applied Sciences. The document is published in order to meet the requirements on data protection stated in articles 13 and 14 of the EU’s General Data Protection Regulation (GDPR).

Reasons for processing personal data

South-Eastern Finland University of Applied Sciences processes personal data in order to fulfil its duties established in the Universities of Applied Sciences Act. It processes personal data of students, staff and stakeholders, together with research data which may include personal data. Alumni, marketing, customer and partner data is processed on the basis of a contract, consent, legitimate interest or statutory requirement. To perform its operations, enable studying and maintain access rights and information security,

Xamk needs to process personal data in its systems. The appropriate provision of tools and systems for the community is an essential part of fulfilling its duties and meetings its requirements.

Descriptions of personal data categories

More specific data security announcements are available for each personal data category, which at South-Eastern Finland University of Applied Sciences have been divided as follows:

1. Student data
2. Staff data: data security announcement is available on staff intranet
3. User data associated with Xamk’s support functions (including ICT access control, financial services, facilities services, library, registry, archives, communications and security systems.)
4. Library, Publication, and Language Services
5. Personal data included in research data under Xamk’s responsibility: Stakeholder register description of Karjala Database Project
6. Alumni, marketing, customer and partner data: Data protection announcement concerning alumni, marketing, customer and partner data


Data Protection Officer:
Markus Häkkinen, Project Manager
+ 358 40 198 1150

Coordinator of student data category:
Leena Kurki-Pölönen, Head of Student Services
+ 358 40 717 9992,

Coordinator of staff data category:
Riitta Vehmassalmi, Human Resources Manager
+ 358 40 536 0002,

Coordinator of support functions data category:
Kimmo Hoikka, Head of ICT Services
+358 40 657 0853,

Coordinator of library services data category:
Pekka Uotila, Director of Library Services
+358 50 312 5087,

Coordinator of alumni, marketing, customer and partner data category:
Tiivi Pukkila-Nupponen, Head of Communication and Marketing Services
+358 40 521 1809,

Coordinator of research data category:
Minna Pasila, Contracts and IPR Specialist
+358 50 312 5109,


Transfer, disclosure and storage periods of data

The descriptions of each data category provide more specific information on the transfer, disclosure and storage periods of data. Xamk may use subcontractors in its service production. If Xamk or one of its subcontractors processes data in a third country, information about this is given in the associated notification.

Personal data processed by Xamk is stored to ensure compliance with statutory requirements and/or for as long as other legal grounds for its processing exist. Storage periods and grounds for them have been established for each personal data category in the data security announcement concerned, or in the archive formation plan of the University of Applied Sciences.

As a rule, personal data is processed in Xamk’s information systems. If data is processed outside the European Economic Area, information about this is given in the associated, more-specific notification.

Rights of data subject

The data subject always has the right to request access to information concerning him/herself. Similarly, he/she may also request that the data be rectified or erased or its processing restricted, and object to the processing of the data. The right to erasure does not apply to personal data processed by the University of Applied Sciences on the basis of a statutory duty, for reasons of public interest, or based on another storage obligation.

All requests to the controller are made by email to

The data subject has the right to lodge a complaint with a supervisory authority. The contact details of the supervisory authority referred to in the GDPR, together with instructions for lodging a complaint, will be added here as soon as this information becomes available. The act on the supervisory authority has not been adopted yet. The data subject may have a right to data portability, if the right is applicable to the data in question.

Technical and organisational security measures

At Xamk, personal data is protected as part of maintaining normal information security. All data processing in the organisation is based on access rights – which depend on the person’s role and status within the University of Applied Sciences – and on access permits separately granted by those responsible for each register, as necessary. The validity of access rights is verified on a daily basis.

Xamk’s ICT systems and services have been protected against unauthorised access in accordance with the best practices in the field, their operating capacity has been secured to the extent required, and their life-cycle is controlled.


So-called cookies may occasionally be transferred to the user’s computer. Cookies can collect such data as what site you have entered this site from, what browser, operating system and screen resolution your computer has and what the IP-address of your computer is; in other words, which Internet-address is used for sending and receiving data.

This information helps us record the number of people using the web service, and analyse and develop it to better meet our users’ needs. In addition, partners of South-Eastern Finland University of Applied Sciences may use cookies to collect information on the user’s visit to this site and other sites. The information collected through cookies is used to deliver personalised advertisements customised to the user’s interests. This type of advertising does not identify the visitor in any way and is never connected to any personal information the visitor may have submitted in another context.

It is possible for the visitor to block the storing of cookies by changing the settings of the Internet browser. By doing this the visitor should also accept that it may affect the functionality of the actual service.

More information

Markus Häkkinen
Project Manager, Data Protection Officer
puh. 040 198 1150