Student administration system's privacy statement

Articles 13 and 14 of the EU General Data Protection Regulation

Data Protection Act (1050/2018)

Articles 13 and 14 of the Combined Data Subject Information Document (EU Data Protection Regulation 2016/679)

1. Controller

Seinäjoki University of Applied Sciences
Kampusranta 11, Frami F
FI-60320 Seinäjoki, Finland
+358 20 124 3000
seamk(at)seamk.fi

2. Controller’s representative

Johanna Säilä-Jokinen, Director of Administration
tel. +358 40 570 8723
johanna.saila-jokinen(at)seamk.fi

2a. Official responsible for the personal data file

Annika Karhu, Systems Analyst, Student Services
040 830 4002
annika.karhu(at)seamk.fi

2b. Contact persons in matters relating to the data file

System Administrators:

Annika Karhu, Systems Analyst, Student Services
040 830 4002
annika.karhu(at)seamk.fi

Maria Hemminki, Planning Officer, Student Services
tel. +358 40 680 7016
maria.hemminki(at)seamk.fi

Technical Systems Administrator:

Veli-Matti Mäkelä, Planning Officer, Information Management
tel. 040 830 3990
veli-matti.makela(at)seamk.fi

2c. Contact details of the Data Protection Officer

Jarmo Jaskari, Data Protection Officer, Seinäjoki University of Applied Sciences
tel. +358 40 868 0680
jarmo.jaskari(at)seamk.fi

3. Name of the data file

Student administration system Peppi (Basic file).

4. Purpose of processing personal data/data file use

The purpose of the student administration system is to maintain data concerning the students and their studies and attainments, to produce various study-related certificates and reports for SeAMK’s activities and research purposes, and to facilitate data transfers to the authorities.

Data on rights to study, enrolments, degrees and study attainments in the student information files of higher education institutions are collected for centralised storage and use in the national Virta data warehouse. The student admission file and the joint student admission services of higher education institutions can access Virta data securely across a technical user interface (Chapter 1a, Act 1058/1998).

The student administration system is an essential tool for the planning, implementation, evaluation and monitoring of activities at Seinäjoki University of Applied Sciences. The data subjects (students, teachers, other staff) are interested parties in matters related to student affairs administration at Seinäjoki University of Applied Sciences.

5. Purpose of maintaining the data file

Only data necessary for pursuing SeAMK’s mission and the planning, implementation, monitoring and evaluation of its activities are registered in the system. The data in the file are maintained in order to safeguard the students’ rights and interests. The use of the file is based on legislation applicable to the University of Applied Sciences.

  • Universities of Applied Sciences Act (932/2014)
  • Government Decree on Universities of Applied Sciences (1129/2014)
  • Act on the Student Admission File, the National Data Warehouse for Higher Education Institutions, and the Matriculation Examination File (1058/1998)
  • Government Decree on Joint Applications to Universities of Applied Sciences (1129/2014)
  • Administrative Procedure Act (434/2003)
  • Administrative Judicial Procedure Act (586/1996)
  • Personal Data Act (523/1999)
  • Act on the Openness of Government Activities (621/1999)
  • Act on the Openness of Government Activities (621/1999)
  • Decree on the Openness of Government Activities (1030/1999)
  • Act on the Protection of Privacy in Working Life (477/2001)
  • Statistics Act (280/2004)
  • Degree regulations and study rights guidelines of Seinäjoki University of Applied Sciences

5a. Data content of the file

Applicant’s data:

  • Applicant data imported from Oili (https://confluence.csc.fi/display/OILI/RekisteriselosteA)
  • A student’s personal data (first names, preferred name, surname, personal identity code, student number)
  • Address data
  • Mother tongue and preferred language
  • Nationality
  • Data on prior education
  • Data on the unit and degree programme applied for
  • Registration and payment data
  • Data on permission to publish student admission results

Student’s basic data:

  • Data on studies and qualifications
    • student number
    • degree programme, education classification, degree, degree title
    • language of instruction
    • right to study, validity of the right to study
    • maximum days of presence and absence
    • (specialisation areas, implementation type)
    • (prior education, home organisation)
    • form of education, funding
    • location of instruction, campus
    • required scope
    • field of education
    • (organisation unit, cost centre)
    • intake group, (other groups)
    • supervisors
    • certificate entries (specifications, qualifications)
  • Presence data
    • presence data/semesters used
    • (absence data/absence semesters)
    • (data on termination)
    • graduation data/data on conclusion of studies

Study and study attainment data

  • Additional data concerning study right and role
  • International student exchanges and internships
  • Personal study plan (HOPS) and data concerning it
    • (graduation plan)
    • required scope, completed scope, scope to be completed
    • default curriculum
    • studies (modules and courses) and examinations
    • course implementations and implementation parts
    • scope of personal study plan, average of studies, total credits
    • offering of studies/applications for studies
  • Approved studies and exemptions (Attached documents/documents of the student’s competences (e.g. diploma, transcript of records, work certificate, description of activities, learning diary, etc.)
  • Study attainments
    • progress of studies
    • completed studies and completion dates
    • completed scopes
    • grades awarded for studies and examinations
    • assessors of studies and examinations
  • Student data
    • student number
    • national learner identifier (OID)
    • surname, (former surname), preferred name, first names
    • date of birth, personal identity code, gender
    • nationality, (passport number of a foreigner)
    • mother tongue, preferred language, language of education
    • contact details (address, e-mail, phone)
    • home municipality, (municipality of residence), country
    • (billing address, student’s additional data, next of kin)
    • data disclosure permissions

Archives containing the above data.

Cross study

  • Languages of communication
  • Municipality of residence
  • First names
  • Personal identification number
  • Nationality
  • Municipality of origin
  • Field of education
  • Classification of education
  • Type of education
  • Title of call
  • Organisation of origin
  • Other e-mail address
  • Start and end date of study right
  • Identifier of the right to study (in the home university)
  • Type of right to study
  • LearnerID
  • Organisation
  • Telephone number
  • Surname
  • Gender
  • Date of birth
  • E-mail (at home institution)
  • A non-disclosure for personal safety reasons
  • Degree
  • Title of degree (UAS)
  • Degree programme
  • Mother tongue

5b. Information systems using the data file

Internal user administration at Seinäjoki University of Applied Sciences (SeAMK). At the national level, the data disclosure permissions and assignments related to using the data in the national data warehouse/VIRTA study information service can be viewed at such as the following address: https://confluence.csc.fi/display/VIRTA/Tietojen+hyodyntaminen

6. Regular sources of data

  • National file of applicants maintained by the Finnish National Agency for Education, StudyInfo
  • A file of students enrolled as present maintained by the Finnish National Agency for Education, OILI
  • Documents submitted by the student
  • Updates of data made by the student and data disclosure permissions
  • Students are able to change their address data themselves
  • Information recorded in the student’s personal study plan by the student/teachers/support services staff
  • Information on education related to study attainments

Population Register Centre (currently no data transfers)

7. Regular disclosure of data

  • To Statistics Finland (Statistics Act 280/2004) (Finlex database of legislative information)
  • To the Ministry of Education and Culture for Virta, the national data warehouse of higher education institutions. The Ministry of Education and Culture uses the data in Virta to produce data sets required for the evaluation, development, statistical analysis and other monitoring and steering of education and research based on data in the higher education institution’s student data files (section 6d of Act 1058/1998)
  • To the Social Insurance Institution (Section 41 of the Act on Student Assistance 65/1994) (Finlex database of legislative information)
  • To the employment authority, Social Insurance Institution or unemployment fund (Unemployment Security Act 1290/2002, Act on Public Employment Services 1295/2002)
  • To the National Supervisory Authority for Welfare and Health Valvira (Act and Decree on Health Care Professionals 559/1994, 564/1994)
  • To the immigration and police authorities on request
  • For the purposes of student mobility between higher education institutions
  • For the international student and staff exchange system
  • For the career and recruitment system of universities of applied sciences
  • Service centre for lifelong learning and employment JOTPA
  • For scientific research (Act on the Openness of Government Activities 621/1999 and Personal Data Act 523/1999). The party making a request must submit an appropriate research plan to the controller, including the name of the researcher manager.
  • Partners relevant to completing and supporting higher education studies, including the City of Seinäjoki Social and Health Centre for the purposes of student health care referred to in the Public Health Act (66/1972), Sevas Kodit Oy for the annual statistical survey of SOA, and the Student Union.
  • SeAMK may also use the data warehouse in its other activities and when disclosing data to different authorities and other higher education institutions (Chapter 1a of Act 1058/1998). It is also used for various systems that support the activities, including access permits, library activities, re-sits and examinations taken to improve grades.
  • To students themselves. Using the student interface, students can manage data disclosure permissions for educational marketing, direct marketing and the Internet. Even if a student has granted permission for direct marketing, data disclosures always take place subject to case-by-case discretion and never automatically. As a rule, no data are disclosed. An official non-disclosure order issued by the Local Register Office may also be recorded in the file.
  • In connection with graduation, the student’s information is transferred to the Seinäjoki University of Applied Sciences’ alumni register. The registrant may indicate his / her willingness to terminate his / her membership in the alumni network, in which case the stored data will be deleted.

SeAMK complies with good registration practices and requires the party requesting data disclosure to have an appropriate connection to the target group whose data are being requested. In keeping with the Personal Data Act, the data may only be processed for the purpose for which they have been disclosed. The user of name and address data must indicate how the data were obtained.

8. Transfer of data outside the EU or the EEA

No data stored in the file is transferred outside the EU or the EEA.

9. Principles of data file protection

A.      Manual material

  • Manual material is stored and protected ensuring that third parties have no access to it and that it cannot be accidentally destroyed, modified, disclosed, transmitted or otherwise processed unlawfully
  • Employees only have the right to see the data on a student they need in their tasks
  • Copies of degree certificates are kept permanently on file
  • Documents containing personal data are destroyed as data protection waste

B.      Computer-processed data

  • Users have personal IDs and passwords
  • Users only have access rights to the part of the file they need during their current employment relationship
  • Access rights are checked daily
  • Data processing and the links between technical subsystems are adequately protected.