EXAM examination service’s privacy statement | SeAMK

EXAM examination service's privacy statement

Articles 13 and 14 of the EU General Data Protection Regulation

Data Protection Act (1050/2018)

Articles 13 and 14 of the Combined Data Subject Information Document (EU Data Protection Regulation 2016/679).

 

1. Controller

Seinäjoki University of Applied Sciences
Kampusranta 11, Frami F
FI-60320 Seinäjoki, Finland
+358 20 124 3000
seamk(at)seamk.fi

2. Controller’s representative

Asmo Myllyaho, Head of Property and Information Management
+358 40 830 4262
asmo.myllyaho(at)seamk.fi

2a. Official responsible for the personal data file

Kimmo Puumala, IT Specialist
+358 40 868 0064
kimmo.puumala(at)seamk.fi

Riikka Muurimäki, Planning Official
+358 40 830 2204
riikka.muurimaki(at)seamk.fi

2b. Contact persons in matters relating to the data file

Kimmo Puumala, IT Specialist
+358 40 868 0064
kimmo.puumala(at)seamk.fi

Riikka Muurimäki, Planning Official
+358 40 830 2204
riikka.muurimaki(at)seamk.fi

2c. Contact details of the Data Protection Officer

Jarmo Jaskari, Data Protection Officer, Seinäjoki University of Applied Sciences
tel. +358 40 868 0680
jarmo.jaskari(at)seamk.fi

3. Name of the data file

Electronic examination service (EXAM) of the Seinäjoki University of Applied Sciences.

4. Purpose of processing personal data/data file use

Planning, reserving, carrying out and assessing exams taken in facilities designated for electronic examinations.

The electronic examination service is intended for SeAMK students that have registered as attending students.

EXAM consortium’s exam visit cooperation for students from different universities.

5. Purpose of maintaining the data file

EXAM is a service for carrying out electronic exams. The purpose of the system is to ensure that electronic exams are arranged in accordance with applicable instructions and regulations.

  • Universities of Applied Sciences Act
  • Universities of Applied Sciences Decree
  • Degree regulations of the Seinäjoki University of Applied Sciences

5a. Data content of the file

The users of the electronic exam service accept the system terms and conditions when registering for an exam, which means that the information is only entered in the data file with the users’ consent.

The following basic data on all users is entered in the data file:

  • Name, email address
  • User ID, user role, organisation
  • Access rights specified for the user in the sys
  • Log of activities taking place in the exam area for a period of twelve months

Exam-related student data entered in the data file:

  • Details of the course
  • Details of the exam reservation (time, place, computer used in the exam)
  • Exam answers (must be retained for at least six months after the exam)
  • Exam evaluation and grades
  • Exam feedback
  • Activities during the exam (as audio and video recordings)

Video recordings are retained for a maximum of six (6) months. If there are reports on abuse of the exam system or suspected misconduct during the retention period, relevant recordings will be retained as long as required for investigating the matter.

A notification of camera surveillance is placed at the entrance to the facilities intended for electronic exams. The file description of the system can be viewed on the intranet: http://intra.seamk.fi.

5b. Information systems using the data file

6. Regular sources of data

  • User ID of SeAMK computer resources, name and email address (from SeAMK user ID register)
  • Content of the right to study (from WinhaPro teaching administration system)
  • Images relayed by the surveillance cameras

7. Regular disclosure of data

The data will not be disclosed.

8. Transfer of data outside the EU or the EEA

No data stored in the file is transferred outside the EU or the EEA.

9. Principles of data file protection

A.      Manual material

B.      Computer-processed data

The material is transferred within a secure network. The server on which the material is saved can only be used by administrators and exam supervisors possessing personal access rights. Users can only access the part of the data file that they need.

The server and the computers are kept in locked premises. Saved data is stored so that it can only be accessed by persons responsible for system administration.