Pegasos information system’s privacy statement | SeAMK

Pegasos information system's privacy statement

Articles 13 and 14 of the EU General Data Protection Regulation

Data Protection Act (1050/2018)

Articles 13 and 14 of the Combined Data Subject Information Document (EU Data Protection Regulation 2016/679)

1. Controller

Seinäjoki University of Applied Sciences
Kampusranta 11, Frami F
FI-60320 Seinäjoki, Finland
+358 20 124 3000

2. Controller’s representative

Director of Administration

2a. Official responsible for the personal data file

Director of Administration

2b. Contact persons in matters relating to the data file

Mirka Ketola, HR Secretary, Payroll Administration (System Administrator)
Seinäjoki University of Applied Sciences
tel.  +358 40 8302411

Leena Myllyaho, HR Secretary, Payroll Administration (System Administrator)
Seinäjoki University of Applied Sciences
tel. +358 40 8302414

Tarja Alahuhta, HR Secretary, Seinäjoki University of Applied Sciences
tel. +358 40 830 2221

Anne Vuorenmaa, Planning Officer, HR Services
Seinäjoki University of Applied Sciences
tel. +358 40 830 2370

2c. Contact details of the Data Protection Officer

Jarmo Jaskari, Data Protection Officer, Seinäjoki University of Applied Sciences
tel. +358 40 868 0680

3. Name of the data file

Information system for HR and payroll administration: Pegasos.

4. Purpose of processing personal data/data file use

  • Payment of salaries and fees
  • Collecting payroll data and communicating them to various stakeholders
  • Planning, management, monitoring and statistical analysis of personnel, payroll and employment matters as well as fulfilling the employer’s statutory and voluntary duties.
  • Monitoring staff working hours and working hour allocation (for allocation of payroll costs to projects).

The data on employees and persons in a position of trust needed by the company to perform its employer’s duties are entered in the system or picked from WebTallennus.

  • Maintenance of HR administration data
  • Maintenance of employment relationship data (as the basis of pay)
  • Payment of salaries, fees and travel claims
  • Other payments (taxes, pension contributions, trade union membership fees, constraint payments etc.)
  • Statistics (including October statistics, quarterly statistics sent to the pension institution, internal HR statistics)

Data to be kept on file:

  • Annual leave lists
  • Sickness allowance/maternity allowance applications
  • Kela’s decisions on sickness allowances/maternity allowances
  • Employment relationship reports (KEVA/quarterly and annual reports)
  • Accounting data (tax, municipal pensions, social security, enforcement, trade union membership fees)
  • Annual report (insurance company)
  • Pay sheets
  • Payment data concerning salaries/meeting allowances
  • Data concerning the payment of salaries/meeting allowances
    • Earnings calculations
    • Pay grade lists
    • Listings of transfers to payroll accounting
    • Payroll
    • Lists of total pay amounts
    • Salary payment lists
  • Pricing of Repotronic postings
  • Ledger transfer listings of Repotronic postings
  • Holiday pay reservation lists
  • Travel claim payment run lists
  • Salary certificates

5. Purpose of maintaining the data file

The use of the file is based on legislation applicable to a limited liability company. The relevant statutes and regulations are listed in the section on regular disclosures of data, monitoring, and the following list:

  • Personal Data Act 523/1999 (general prerequisites referred to in section 8)
  • Act on the Protection of Privacy in Working Life 477/2004
  • Universities of Applied Sciences Act 932/2014
  • Employment Contracts Act 55/2001
  • National Pensions Act 568/2007
  • Municipal Pensions Act 549/2003
  • Income Tax Act 1535/1992
  • Rules of procedure and Code of conduct of Seinäjoki University of Applied Sciences 2015

5a. Data content of the file

The register contains data concerning persons who have an employment relationship with the company: salary earners, fee payees and persons in a position of trust.

Data saved in the file:

  • A person’s basic data as an import from WebTallennus (including name, date of birth, personal identity code, contact details)
  • Data on employment
  • Payment data (including account number, pay determinants, trade union membership, tax data, changes of address)
  • Salary and fee payment data
  • Data on education
  • Working time allocation data

Data retention periods are determined based on the company’s filing plan.

5b. Information systems using the data file

  • WebTallennus
  • WebPala
  • AGS
  • Reportronic

6. Regular sources of data

  • The data subject: personal data (on E-form/WebTallennus), fee payment data (on E-form/WebTallennus), interruption data; paid and unpaid absences by event type (WebTallennus/ePopulus)
  • The Tax Administration: tax rate data (electronic transfer)

7. Regular disclosure of data

  • Reports to pension insurance companies (annual earnings and data, quarterly employment relationship reports)
  • Annual reports to the Tax Administration (annual earnings and monthly data)
  • Direct exchange of tax cards with the Tax Administration
  • Transmission of membership fees to trade unions (monthly and quarterly reports)
  • Statistical data to Statistics Finland (pay data, basic data on employment and public service employment relationships)
  • Annual and accident report data to insurance companies
  • Daily allowance notifications to the Social Insurance Institution
  • Data on salary and fee payments to banks and accounting
  • Salary costs allocated to projects at individual level are transferred to Reportronic.
  • Other statutory disclosures

HR administration makes daily mass disclosures as a CSV file for the purpose of creating and deleting user IDs.

8. Transfer of data outside the EU or the EEA

No data stored in the file is transferred outside the EU or the EEA.

9. Principles of data file protection

A.      Manual material

Manual material is stored in locked cabinets.

B.      Computer-processed data

The information systems in which the personal data file is maintained are managed following the company’s information security rules and guidelines. The information systems and their interfaces are protected technically by such means as a firewall, and the system data are backed up regularly.