Active Directory user directory's privacy statement

Articles 13 and 14 of the EU General Data Protection Regulation

Data Protection Act (1050/2018)

Articles 13 and 14 of the Combined Data Subject Information Document (EU Data Protection Regulation 2016/679)

1. Controller

Seinäjoki University of Applied Sciences, SeAMK Library
Kampusranta 11, Frami F
FI-60320 Seinäjoki, Finland
+358 20 124 3000
seamk(at)seamk.fi

2. Controller’s representative

Asmo Myllyaho, Head of Property and Information Management, Seinäjoki University of Applied Sciences
tel.  +358 40 830 4262
asmo.myllyaho(at)seamk.fi

2a. Official responsible for the personal data file

Veli-Matti Mäkelä, Planning Officer, Information Management, Seinäjoki University of Applied Sciences
tel.  +358 40 830 3990
veli-matti.makela(at)seamk.fi

2b. Contact persons in matters relating to the data file

2c. Contact details of the Data Protection Officer

Jarmo Jaskari, Data Protection Officer, Seinäjoki University of Applied Sciences
tel. +358 40 868 0680
jarmo.jaskari(at)seamk.fi

3. Name of the data file

User directory of Seinäjoki University of Applied Sciences’ information network (Active Directory, AD).

4. Purpose of processing personal data/data file use

Personal data are processed for the purpose of making the information network and its services available on the basis of an employment relationship and/or right to study, or other general prerequisites laid down in section 8 of the Personal Data Act.

The user directory and the data contained in it are used to manage access rights to SeAMK’s network and its services, including the Intranet, student administration services, and e-mail.

User data are also transmitted to external systems which base their user identification on SeAMK’s directory. They include services using the HAKA trust network, Microsoft 365 cloud service, online library services (Nelli portal), and wireless networks (eduroam).

5. Purpose of maintaining the data file

5a. Data content of the file

  • User ID
  • work ID (employee number for staff members
  • student number for students)
  • organisation data
  • unit
  • name data
  • telephone number data
  • e-mail addresses
  • SIP address, title
  • password
  • ID status
  • home folder address
  • login script
  • info field
  • description
  • website
  • login data
  • photograph of user (staff)
  • group memberships
  • role
  • student role ID
  • student name
  • degree programme name (students)
  • start and end date of studies (students)
  • gender
  • student’s year of birth
  • date of birth
  • preferred language
  • ID registration date
  • ID registration method
  • HAKA home organisation
  • HAKA home organisation type

5b. Information systems using the data file

6. Regular sources of data

Application for user rights to the University of Applied Sciences’ network signed by the user.

Staff

  • HR file, through the user administration system

Students

  • Student file, through the user administration system

Third-party users

  • Third-party user file, through the user administration system

7. Regular disclosure of data

The following data are disclosed to HAKA trust network services:

  • preferred name
  • last name
  • user ID
  • unique anonymous identifier
  • e-mail address
  • role (students)
  • degree programme (students)
  • organisation type
  • personal identity code

The user’s permission is asked before their data are disclosed to a service connected to the HAKA trust network. This permission is given separately to each service, and the user can display a list of the data disclosed to each service. The user can withdraw their permission.

General data from the Active Directory are disclosed to the Microsoft 365 cloud service.

8. Transfer of data outside the EU or the EEA

No data are transferred to non-EU or EEA countries.

9. Principles of data file protection

A.      Manual material

No manual version of the user directory exists. The signed user right applications are stored securely.

B.      Computer-processed data

The data are protected by usernames and passwords. Data protection is ensured in compliance with SeAMK’s internal information security regulations.