Suomi.fi password reset system's privacy statement

Articles 13 and 14 of the EU General Data Protection Regulation

Data Protection Act (1050/2018)

Articles 13 and 14 of the Combined Data Subject Information Document (EU Data Protection Regulation 2016/679)

1. Controller

Seinäjoki University of Applied Sciences, SeAMK Library
Kampusranta 11, Frami F
FI-60320 Seinäjoki, Finland
+358 20 124 3000
seamk(at)seamk.fi

2. Controller’s representative

Asmo Myllyaho, Head of Property and Information Management, Seinäjoki University of Applied Sciences
tel.  +358 40 830 4262
asmo.myllyaho(at)seamk.fi

2a. Official responsible for the personal data file

Veli-Matti Mäkelä, Planning Officer, Information Management, Seinäjoki University of Applied Sciences
tel.  +358 40 830 3990
veli-matti.makela(at)seamk.fi

2b. Contact persons in matters relating to the data file

Veli-Matti Mäkelä, Seinäjoki University of Applied Sciences
tel. +358 40 8303990
veli-matti.makela(at)seamk.fi

Jani Kinnunen, Seinäjoki University of Applied Sciences
tel. +358 40 6807070
jani.kinnunen(at)seamk.fi

2c. Contact details of the Data Protection Officer

Jarmo Jaskari, Data Protection Officer, Seinäjoki University of Applied Sciences
tel. +358 40 868 0680
jarmo.jaskari(at)seamk.fi

3. Name of the data file

Handover of SeAMK credentials and password reset in Suomi.fi e-identification service.

4. Purpose of processing personal data/data file use

Enabling users to deploy SeAMK’s domain name and reset passwords as a self-service. Identification is based on the user’s personal online banking credentials in Suomi.fi service.

The possibility of identifying an authenticated user in the log of an e-service connected to Suomi.fi e-identification service is a legal requirement.

5. Purpose of maintaining the data file

A statutory log of an e-service connected to Suomi.fi e-identification service.

5a. Data content of the file

The IDs of sent and received SAML2 messages, time of the e-service session, an identified user’s student number and user ID at Seinäjoki University of Applied Sciences.

5b. Information systems using the data file

Suomi.fi e-identification, Seinäjoki University of Applied Sciences ADAM, Active Directory and Luovari.

6. Regular sources of data

Suomi.fi e-identification, Seinäjoki University of Applied Sciences ADAM, Active Directory and Luovari.

7. Regular disclosure of data

User credentials taken into use in the service and data associated with them are disclosed to the internal user administration services of Seinäjoki University of Applied Sciences for IDM, AD and ADAM and HAKA trust network services.

8. Transfer of data outside the EU or the EEA

No data are transferred to non-EU or EEA countries.

9. Principles of data file protection

A.      Manual material

System data are not saved or stored as printouts.

B.      Computer-processed data

The data in the file are not public. Data processors are subject to an obligation of non-disclosure and confidentiality.

The servers are located at a locked and access-controlled data centre used by Seinäjoki University of Applied Sciences.