Arter ARC

Articles 13 and 14 of the EU General Data Protection Regulation

Data Protection Act (1050/2018)

Articles 13 and 14 of the Combined Data Subject Information Document (EU Data Protection Regulation 2016/679).

1. Controller

Seinäjoki University of Applied Sciences
Kampusranta 11, Frami F
FI-60320 Seinäjoki, Finland
+358 20 124 3000
seamk(at)seamk.fi

2. Controller’s representative

Tero Hakola, Manager of Digital Services
+358 40 515 4009
tero.hakola(at)seamk.fi

2a. Official responsible for the personal data file

Veli-Matti Mäkelä, Planning Officer, IT
+358 40 830 3990
veli-matti.makela(at)seamk.fi

2b. Contact persons in matters relating to the data file

Veli-Matti Mäkelä, Planning Officer, IT
+358 40 830 3990
veli-matti.makela(at)seamk.fi

Tomi Tupiini, Planning Official, IT
+358 50 382 3337
tomi.tupiini(at)seamk.fi

2c. Contact details of the Data Protection Officer

Jarmo Jaskari, Data Protection Officer

+358 40 868 0680
jarmo.jaskari(at)seamk.fi

3. Name of the data file

Arter ARC-system

4. Purpose of processing personal data/data file use

ARC system – a tool for modelling and managing the overall architecture.

ARC is a browser-based SaaS service that visualises the structures, functions and interconnections and dependencies of an organisation using a complete architecture in accordance with the requirements of the Information Management Act.

The register is a register of public authority activities.

5. Purpose of maintaining the data file

A legal obligation (e.g. employer obligations, student administration).

Legislation governing the activity:
– Act on Information Management in Public Administration (906/2019).
– Act on Universities of Applied Sciences 932/2014
– Administrative Act (434/2003)
– Archives Act (831/1994)
– EU General Data Protection Regulation (679/2016)
– Data Protection Act (1050/2018)

5a. Data content of the file

Types of personal data processed:

• Names (first name, surname)
• E-mail address
• Telephone number (optional)
• Address (optional)
• Organisation (optional)
• Job title (optional)
• Function (optional)

In addition, the following information will be collected in the background in order to provide the service:

• IP address
• Web domain information (cookies, browser data, geolocation, etc.)
• Nature and purpose of the processing of personal data

As the provider of the service, ARTER processes the personal data required by the service to enable the normal operation and use of the service with personal user IDs.

ARTER Ltd processes the personal data mentioned in this notice for the duration of the service contract. At the end of the service contract, the personal data stored in the service will be destroyed or alternatively, at the subscriber’s request, returned to the subscriber where possible.

Data collected from the service, such as monitoring data and backups, will be destroyed no later than 6 months after the termination of the service contract.

5b. Information systems using the data file

ARTER® ARC system is integrated into the Microsoft Entra ID user management system of Seinäjoki University of Applied Sciences.

6. Regular sources of data

The authentication of users to the ARC system is done with the Microsoft Entra ID user management of Seinäjoki University of Applied Sciences. Mandatory user data is read from the Microsoft Entra ID. Optional data is obtained from the users themselves.

7. Regular disclosure of data

ARTER Oy is the processor of the personal data that maintains the service and to whom the data is disclosed. Personal data is transferred by means of Microsoft Entra ID synchronisation or by manual entry.

8. Transfer of data outside the EU or the EEA

No data will be transferred outside the EU or the European Economic Area.

9. Principles of data file protection

A.      Manual material

No manual material

B.      Computer-processed data

All traffic between the user’s browser and the ARC server is TLS-secured (HTTPS protocol) and the ARC server is equipped with a certified certificate to.
Traffic cannot be intercepted or eavesdropped. Administrative connections are implemented using the SSH protocol. All other connections to provide the ARC service
systems used to provide the ARC service are blocked.

ARTER Oy will ensure that the data it processes is adequately protected to guarantee the confidentiality, integrity and availability of the subscriber’s data.
Subscriber’s personal data will only be transmitted via secure connections. If it is necessary to transfer personal data outside the system, all personal data will be pseudonymised.
Upon termination of the service contract, all personal data of the subscriber will either be deleted or transferred to the subscriber.

The ARTER® family of applications and the files they store are protected by the technical security methods normally used in business.
Access to the applications requires a personal username and password, which are managed by the customer holding the application licenses as the controller. ARTER Ltd. in its capacity as administrator, will only process personal data in exceptional circumstances and in accordance with the customer’s instructions.

The administrator domains will only be issued to a service provider who is a member of ARTER Oy’s staff or acting on behalf of ARTER Oy and whose role and duties are described in the above-mentioned policy and the processing of personal data are related to. Each person who processes customer data has signed a confidentiality undertaking.