Microsoft 365 cloud service's privacy statement

Articles 13 and 14 of the EU General Data Protection Regulation

Data Protection Act (1050/2018)

Articles 13 and 14 of the Combined Data Subject Information Document (EU Data Protection Regulation 2016/679)

1. Controller

Seinäjoki University of Applied Sciences, SeAMK Library
Kampusranta 11, Frami F
FI-60320 Seinäjoki, Finland
+358 20 124 3000
seamk(at)seamk.fi

2. Controller’s representative

Asmo Myllyaho, Head of Property and Information Management,  Seinäjoki University of Applied Sciences
tel.  +358 40 830 4262
asmo.myllyaho(at)seamk.fi

2a. Official responsible for the personal data file

Veli-Matti Mäkelä, Coordinator, Information Management, Seinäjoki University of Applied Sciences
tel.  +358 40 830 3990
veli-matti.makela(at)seamk.fi

2b. Contact persons in matters relating to the data file

Veli-Matti Mäkelä, Coordinator, Information Management, Seinäjoki University of Applied Sciences
tel.  +358 40 830 3990
veli-matti.makela(at)seamk.fi

2c. Contact details of the Data Protection Officer

Jarmo Jaskari, Data Protection Officer, Seinäjoki University of Applied Sciences
tel. +358 40 868 0680
jarmo.jaskari(at)seamk.fi

3. Name of the data file

Microsoft 365 cloud service (Azure AD) of the Seinäjoki University of Applied Sciences.

4. Purpose of processing personal data/data file use

Personal data are processed on the basis of an employment relationship and/or the right to study or other general conditions laid down in section 8 of the Personal Data Act.

The user directory and the data it contains are used in the access control for Microsoft 365 services such as OneDrive, email, and Teams.

5. Purpose of maintaining the data file

5a. Data content of the file

Username, organisation information, unit, name information, phone number information (staff), email addresses, SIP address, title, description, login information, user image, group membership, M365 license information

5b. Information systems using the data file

Microsoft 365 services and possibly other services for logging in.

6. Regular sources of data

A license application signed by the user for accessing the network of the university of applied sciences.

Personnel:

  • HR register, via the user administration system

Students:

  • Student register, via the user administration system

7. Regular disclosure of data

General Active Directory data are disclosed to the Microsoft 365 cloud service.

8. Transfer of data outside the EU or the EEA

Personal information is transferred outside the European Union or the European Economic Area (Microsoft online) to provide access and support services. The transfer is based on the Microsoft Online Services Terms and Conditions, including the model contract clauses approved by the Commission (Appendix 3), which are available in the Microsoft Terms of Use at: http://www.microsoftvolumelicensing.com/Downloader.aspx?documenttype=OST&lang=English

9. Principles of data file protection

A.      Manual material

There is no manual version of the user directory, but signed licence applications are stored in a safe facility.

B.      Computer-processed data

The data are protected by user names and passwords. Data protection complies with the internal data security regulations of the university of applied sciences.