EXAM examination service's privacy statement

Articles 13 and 14 of the EU General Data Protection Regulation

Data Protection Act (1050/2018)

Articles 13 and 14 of the Combined Data Subject Information Document (EU Data Protection Regulation 2016/679).


1. Controller

Seinäjoki University of Applied Sciences
Kampusranta 11, Frami F
FI-60320 Seinäjoki, Finland
+358 20 124 3000

2. Controller’s representative

Asmo Myllyaho, Head of Property and Information Management
+358 40 830 4262

2a. Official responsible for the personal data file

Riikka Muurimäki, Planning Official
+358 40 830 2204

2b. Contact persons in matters relating to the data file

Riikka Muurimäki, Planning Official
+358 40 830 2204

Matti Mäkelä, suunnittelija
040 830 0330

Anna Lepistö, suunnittelija, tietohallinto
040 830 2288

2c. Contact details of the Data Protection Officer

Jarmo Jaskari, Data Protection Officer, Seinäjoki University of Applied Sciences
tel. +358 40 868 0680

3. Name of the data file

Electronic examination service (EXAM) of the Seinäjoki University of Applied Sciences.

4. Purpose of processing personal data/data file use

Planning, reserving, carrying out and assessing exams taken in facilities designated for electronic examinations.

The electronic examination service is intended for SeAMK students that have registered as attending students.

EXAM consortium’s exam visit cooperation for students from different universities.

5. Purpose of maintaining the data file

EXAM is a service for carrying out electronic exams. The purpose of the system is to ensure that electronic exams are arranged in accordance with applicable instructions and regulations.

  • Universities of Applied Sciences Act
  • Universities of Applied Sciences Decree
  • Degree regulations of the Seinäjoki University of Applied Sciences

5a. Data content of the file

The users of the electronic exam service accept the system terms and conditions when registering for an exam, which means that the information is only entered in the data file with the users’ consent.

The following basic data on all users is entered in the data file:

  • Name, email address
  • User ID, user role, organisation
  • Access rights specified for the user in the sys
  • Log of activities taking place in the exam area for a period of twelve months

Exam-related student data entered in the data file:

  • Details of the course
  • Details of the exam reservation (time, place, computer used in the exam)
  • Exam answers (must be retained for at least six months after the exam)
  • Exam evaluation and grades
  • Exam feedback
  • Activities during the exam (as audio and video recordings)

Video recordings are retained for a maximum of six (6) months. If there are reports on abuse of the exam system or suspected misconduct during the retention period, relevant recordings will be retained as long as required for investigating the matter.

A notification of camera surveillance is placed at the entrance to the facilities intended for electronic exams. The file description of the system can be viewed on the intranet: http://intra.seamk.fi.

5b. Information systems using the data file

6. Regular sources of data

  • User ID of SeAMK computer resources, name and email address (from SeAMK user ID register)
  • Content of the right to study (from WinhaPro teaching administration system)
  • Images relayed by the surveillance cameras

7. Regular disclosure of data

External use: data will not be disclosed for external use except to public authorities when specifically requested.

Internal use:

The right to access the information and performance of the exams:

  • the teacher(s) of the exam in question
  • EXAM system administrators

Access right to the video recordings

  • EXAM system administrators
  • The main users of the EXAM camera system and the guard of the security company Securitas
  • The parties suspected fraud case in question (by the EXAM system administrators)

Access to the up-to-date video footage

  • EXAM system administrators
  • The main users of the EXAM camera system and the guard of the Securitas security company

The processing of the register’s personal data has been outsourced with agreement with CSC: Yes, more information about outsourced process: CSC’s user service agreement

8. Transfer of data outside the EU or the EEA

No data stored in the file is transferred outside the EU or the EEA.

9. Principles of data file protection

A.      Manual material

B.      Computer-processed data

The material is transferred within a secure network. The server on which the material is saved can only be used by administrators and exam supervisors possessing personal access rights. Users can only access the part of the data file that they need.

The server and the computers are kept in locked premises. Saved data is stored so that it can only be accessed by persons responsible for system administration.