Data Protection Announcement
Reasons for processing personal data
South-Eastern Finland University of Applied Sciences processes personal data in order to fulfil its duties established in the Universities of Applied Sciences Act. It processes personal data of students, staff and stakeholders, together with research data which may include personal data. Alumni, marketing, customer and partner data is processed on the basis of a contract, consent, legitimate interest or statutory requirement. To perform its operations, enable studying and maintain access rights and information security,
Xamk needs to process personal data in its systems. The appropriate provision of tools and systems for the community is an essential part of fulfilling its duties and meetings its requirements.
Descriptions of personal data categories
More specific data security announcements are available for each personal data category, which at South-Eastern Finland University of Applied Sciences have been divided as follows:
1. Student data: Student data security announcement
2. Staff data: data security announcement is available on staff intranet
3. User data associated with Xamk’s support functions (including ICT access control, financial services, facilities services, library, registry, archives, communications and security systems.)
4. Library customer data: Data protection announcement of library services
5. Personal data included in research data under Xamk’s responsibility: Stakeholder register description of Karjala Database Project
6. Alumni, marketing, customer and partner data: Data protection announcement concerning alumni, marketing, customer and partner data
Data Protection Officer:
Jussi Jokivaara, Head of Security and Safety
+ 358 44 702 8809
Coordinator of student data category:
Leena Kurki-Pölönen, Head of Student Services
+ 358 40 717 9992, firstname.lastname@example.org
Coordinator of staff data category:
Riitta Vehmassalmi, Human Resources Manager
+ 358 40 536 0002, email@example.com
Coordinator of support functions data category:
Kimmo Hoikka, Head of ICT Services
+358 40 657 0853, firstname.lastname@example.org
Coordinator of library services data category:
Pekka Uotila, Director of Library Services
+358 50 312 5087, email@example.com
Coordinator of alumni, marketing, customer and partner data category:
Tiivi Pukkila-Nupponen, Head of Communication and Marketing Services
+358 40 521 1809, firstname.lastname@example.org
Coordinator of research data category:
Minna Pasila, Contracts and IPR Specialist
+358 50 312 5109, email@example.com
Transfer, disclosure and storage periods of data
The descriptions of each data category provide more specific information on the transfer, disclosure and storage periods of data. Xamk may use subcontractors in its service production. If Xamk or one of its subcontractors processes data in a third country, information about this is given in the associated notification.
Personal data processed by Xamk is stored to ensure compliance with statutory requirements and/or for as long as other legal grounds for its processing exist. Storage periods and grounds for them have been established for each personal data category in the data security announcement concerned, or in the archive formation plan of the University of Applied Sciences.
As a rule, personal data is processed in Xamk’s information systems. If data is processed outside the European Economic Area, information about this is given in the associated, more-specific notification.
Rights of data subject
The data subject always has the right to request access to information concerning him/herself. Similarly, he/she may also request that the data be rectified or erased or its processing restricted, and object to the processing of the data. The right to erasure does not apply to personal data processed by the University of Applied Sciences on the basis of a statutory duty, for reasons of public interest, or based on another storage obligation.
All requests to the controller are made by email to firstname.lastname@example.org
The data subject has the right to lodge a complaint with a supervisory authority. The contact details of the supervisory authority referred to in the GDPR, together with instructions for lodging a complaint, will be added here as soon as this information becomes available. The act on the supervisory authority has not been adopted yet. The data subject may have a right to data portability, if the right is applicable to the data in question.
Technical and organisational security measures
At Xamk, personal data is protected as part of maintaining normal information security. All data processing in the organisation is based on access rights – which depend on the person’s role and status within the University of Applied Sciences – and on access permits separately granted by those responsible for each register, as necessary. The validity of access rights is verified on a daily basis.
Xamk’s ICT systems and services have been protected against unauthorised access in accordance with the best practices in the field, their operating capacity has been secured to the extent required, and their life-cycle is controlled.
So-called cookies may occasionally be transferred to the user’s computer. Cookies can collect such data as what site you have entered this site from, what browser, operating system and screen resolution your computer has and what the IP-address of your computer is; in other words, which Internet-address is used for sending and receiving data.
It is possible for the visitor to block the storing of cookies by changing the settings of the Internet browser. By doing this the visitor should also accept that it may affect the functionality of the actual service.
Head of Security and Safety, Data Protection Officer
tel. +358 44 702 8809