LYYTI event management system's privacy statement

Articles 13 and 14 of the EU General Data Protection Regulation

Data Protection Act (1050/2018)

Articles 13 and 14 of the Combined Data Subject Information Document (EU Data Protection Regulation 2016/679)

1. Controller

Seinäjoki University of Applied Sciences, SeAMK Library
Kampusranta 11, Frami F
FI-60320 Seinäjoki, Finland
+358 20 124 3000
seamk(at)seamk.fi

2. Controller’s representative

Asmo Myllyaho, Head of Property and Information Management, Seinäjoki University of Applied Sciences,
tel. +358 40 830 4262
asmo.myllyaho@seamk.fi

2a. Official responsible for the personal data file

Sirkku Uusimäki, Service Manager, Seinäjoki University of Applied Sciences
tel. +358 40 830 4253
sirkku.uusimaki(at)seamk.fi

2b. Contact persons in matters relating to the data file

Sirkku Uusimäki, Service Manager, Seinäjoki University of Applied Sciences
tel. +358 40 830 4253
sirkku.uusimaki(at)seamk.fi

2c. Contact details of the Data Protection Officer

Jarmo Jaskari, Data Protection Officer, Seinäjoki University of Applied Sciences
tel. +358 40 868 0680
jarmo.jaskari(at)seamk.fi

3. Name of the data file

LYYTI event management system’s event participant and customer file.

4. Purpose of processing personal data/data file use

The personal data is processed to implement the agreement between the controller and the data subject and, as applicable and on the basis of the consent given by the data subject, in connection with and to facilitate the measures connected with the management of orders, registrations, contacts, transactions, marketing, reporting and other matters related to customer relationships.

Purchasing, transaction and location data processed in the data file can also be used for profiling and to make marketing and customer communication more interesting to data subjects by targeting them appropriately. Personal data is also processed in connection with the sending of newsletters, and participation in events and other marketing activities.

[Personal data on X is processed so that the legitimate interests Y of the controller can be guaranteed.]

If the data subject fails to supply the requested data to the extent that the data concerns registration for an event, the controller cannot accept the data subject’s registration or undertake to observe the agreement between the controller and the data subject that concerns participation in the event.

We may also request that you consent to the following: transfer of personal data to SeAMK’s customer management system.

5. Purpose of maintaining the data file

Event participant and customer management.

5a. Data content of the file

Personal data on the data subjects participating in events arranged by the controller and those granting a marketing permit can be processed.

The data that can be processed in the data file includes the first and last names of the data subjects registered for the controller’s events, any contact details and the relevant data provided in connection with the events. The event registration data entered by the data subject may include the following: e-mail, telephone number, address, date of birth, personal identity number, home municipality, mother tongue, citizenship, information on previous university degree, activity status, allergy information.

Depending on the event, we will retain the participant data for between 3 and 12 months from the end of the events and any activities closely connected with them.

5b. Information systems using the data file

6. Regular sources of data

Information provided by the participants, database of the customer information system and invoicing.

7. Regular disclosure of data

Data stored in the file can be shared within the organisation and between event stakeholders. The data is also transferred to persons designated as processors.

8. Transfer of data outside the EU or the EEA

No data stored in the file is transferred outside the EU or the EEA.

9. Principles of data file protection

A.      Manual material

The data is protected by technical means. Physical access to the data is prevented by means of access control and other security measures.

B.      Computer-processed data

Access to the data requires sufficient access rights and a multi-stage identification procedure. Unauthorised access is also prevented by means of firewalls and technical protection. The data stored in the file can only be accessed by the controller and specifically designated technical staff members. Only designated persons are authorised to process and maintain the data stored in the file. Users are bound by a confidentiality obligation. Backup copies of the data are produced in a secure manner and they can be restored as necessary. Internal or external audits are carried out on a regular basis to check the level of information security.