The register of the study curator’s clients privacy statement
The register of the study curator’s clients privacy statement

The register of the study curator's clients privacy statement

Combined Data Subject Information Document (EU GDPR 2016/679) Articles 13 and 14.

Description of personal data processing operations and the data subject rights of the data subject/privacy statement
EU General Data Protection Regulation (2016/679)
Data Protection Act (2018/1050)

 

1. The data controller

Seinäjoki University of Applied Sciences Ltd.
Kampusranta 11, Frami F
60320 Seinäjoki
020 124 3000
seamk(at)seamk.fi

2. The responsible user of the register

Johanna Säilä-Jokinen, Director of Administration
+ 358 40 570 8723
johanna.saila-jokinen(at)seamk.fi

2a. Person responsible for the register

Niina Virkkala, Study Curator
+358 40 830 2080
niina.virkkala(at)seamk.fi

2b. Contact persons for matters related to the register

Niina Virkkala, Study Curator
+358 40 830 2080
niina.virkkala(at)seamk.fi

2c. Contact details of the Data Protection Officer Data Protection Officer

Jarmo Jaskari, Data protection officer
+358 40 868 0680
tietosuojavastaava(at)seamk.fi

3. Name of the register

The register of the study curator’s clients of Seinäjoki University of Applied Sciences Ltd.

4. Purpose of processing personal data / purpose of the register

This Privacy Policy describes how the study curator service of Seinäjoki University of Applied Sciences Ltd processes personal data of individual counselling clients.

The work of the curator at Seinäjoki University of Applied Sciences processes personal data of individual guidance clients for the purpose of carrying out the curator’s work.

The employee responsible for the curator service at Seinäjoki University of Applied Sciences is a legalized social care professional, who is bound by the Act on the Status and Rights of Social Care Clients (2000/812) and the Act on Social Care Client Documents (2015/254). Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (EU General Data Protection Regulation (2016/679, Article 6e). The processing may involve sensitive data and the specific grounds for processing are the consent of the data subject and the performance of a task carried out in the public interest/exercise of official authority vested in the controller (EU General Data Protection Regulation 2016/679, Article 9a and g).

Main legal acts:

  • EU General Data Protection Regulation (EU) 2016/679.
  • General Data Protection Act (1050/2018)
  • Security Act (738/2002)
  • Law on Universities of Applied Sciences (932/2014)
  • Act on the Status and Rights of Social Welfare Clients (2000/812)
  • Act on Social Welfare Client Documents (2015/254)
  • Act on the Electronic Processing of Social and Health Care Customer Data (159/2007)

5. Grounds for keeping the register

Legal basis for processing personal data:

In accordance with Article 6(1)(a) of the EU General Data Protection Regulation, the data subject has given his or her consent to the processing of personal data.

Pursuant to Article 6(1)(c) of the EU GDPR, to comply with a legal obligation of the controller.

5a. Data content of the register

The personal data stored in the customer register of the study curator of Seinäjoki University of Applied Sciences Ltd is processed and collected for the purpose of providing the study curator service and managing curator’s customer relations.

The following information about clients is collected in the client register:

Basic information:

  • First name
  • Surname
  • Personal identification number
  • Address
  • Municipality of residence
  • Nationality
  • Degree program and starting year, and any special study arrangements
  • Document transport (e.g. research results, official forms)
  • Date
  • Reason for visit
  • Number of visits and description of the visit or issues discussed

In addition to the appointment system:

  • E-mail address
  • Phone number

The data will be kept for 6 years from the first entry.

5b. Information systems using the register

The processing of personal data is carried out using the university’s own secure information systems and software provided by Microsoft: Bookings for appointments and Teams for any remote meetings.

Teams meetings are not recorded. The entry of the session is recorded and archived in the Diarium system.  

6. Regular data sources

The information required for the register is collected from the individual. The study curator has the possibility to obtain temporary access to the student information system if there is a need to check the personal data of the client.

7. Regular disclosure of data

The personal data in the register are confidential. There are no regular disclosures of personal data from the register.
Confidential data may only be disclosed with the express consent of the registered customer or if the disclosure of information or the right to receive information is expressly provided for by law (Act on the Disclosure of Government Activities, 621/1999, Chapter 7 and Act on the Status and Rights of Social Welfare Customers, 812/2000, Section 18§).

Personal data will not be disclosed for direct marketing purposes.

Right to derogate from confidentiality obligations: (Act on the Status and Rights of Social Welfare Clients, Section 18) Except as otherwise provided for in this or any other law, the confidentiality obligations in the field of social welfare may be derogated from in accordance with Chapter 7 of the Act on the Openness of Government Activities. A person performing duties under this Act shall be entitled, notwithstanding the obligation of secrecy, to inform the police of information necessary for the assessment of a threat to life or health and for the prevention of a threatening act if, in the performance of duties, the study curator has obtained information about circumstances which gives reason to suspect that a person is at risk of violence.

8. Transfer of information outside the EU or the European Economic Area

Data will not be transferred outside the EU or the European Economic Area.

9. Principles of register protection

A. Manual data

Any manual data will be kept in a locked room and locked cabinets.

 B. Data processed by computer

Data processed electronically are behind personal identifiers in the Diarium patient information system.