Peppi services for planning officers privacy statement | SeAMK

Peppi services for planning officers privacy statement

Articles 13 and 14 of the EU General Data Protection Regulation

Data Protection Act (1050/2018)

Articles 13 and 14 of the Combined Data Subject Information Document (EU Data Protection Regulation 2016/679)

1. Controller

Seinäjoki University of Applied Sciences
Kampusranta 11, Frami F
FI-60320 Seinäjoki, Finland
+358 20 124 3000
seamk(at)seamk.fi

2. Controller’s representative

Asmo Myllyaho, Head of Property and Information Management, Seinäjoki University of Applied Sciences
tel. +358 40 830 4262
asmo.myllyaho(at)seamk.fi

2a. Official responsible for the personal data file

Maria Hemminki, Planning Officer, Seinäjoki University of Applied Sciences
tel. +358 40 680 7016
maria.hemminki(at)seamk.fi

Katariina Lehto, Planning Officer, Seinäjoki University of Applied Sciences
tel. +358 40 830 0430
katariina.lehto(at)seamk.fi

2b. Contact persons in matters relating to the data file

Maria Hemminki, Planning Officer, Seinäjoki University of Applied Sciences
tel. +358 40 680 7016
maria.hemminki(at)seamk.fi

Katariina Lehto, Planning Officer, Seinäjoki University of Applied Sciences
tel. +358 40 830 0430
katariina.lehto(at)seamk.fi

2c. Contact details of the Data Protection Officer

Jarmo Jaskari, Data Protection Officer, Seinäjoki University of Applied Sciences
tel. +358 40 868 0680
jarmo.jaskari(at)seamk.fi

3. Name of the data file

Peppi services for planning officers.

4. Purpose of processing personal data/data file use

Peppi is a tool for planning and implementing teaching at SeAMK. The registered persons (SeAMK staff members) are involved in planning SeAMK’s teaching. Only the data concerning each person necessary for the planning and implementation of SeAMK’s activities are registered in the system.

5. Purpose of maintaining the data file

Planning and implementation of teaching at Seinäjoki University of Applied Sciences.

5a. Data content of the file

Study data

  • curricula
  • studies (modules and courses)
  • course implementations

Resource planning and reservation data

  • working time plans
  • timetables
  • teaching facilities

Basic data concerning staff members

  • username, Winha username
  • last name, preferred name
  • title
  • e-mail address
  • organisation unit

5b. Information systems using the data file

  • Timetable applications: publication of timetables
  • Education search: publication of implementations
  • Study guide: publication of curricula, studies and implementations
  • Moodle: basic data concerning implementations for the creation of workspaces
  • Workseed: basic data on studies for reporting on internships
  • Reportronic: staff working time plans for the basis of working time monitoring

6. Regular sources of data

  • Seinäjoki University of Applied Sciences’ centralised user administration system
  • WinhaPro

7. Regular disclosure of data

No regular disclosures of data.

8. Transfer of data outside the EU or the EEA

No data stored in the file is transferred outside the EU or the EEA.

9. Principles of data file protection

Data in the file are processed ensuring that the staff’s privacy is not unduly compromised. The data in the file are stored in compliance with the requirements in sections 6e, 6b and 6c of Act 484/2013.

A.      Manual material

Manual material is stored and protected ensuring that third parties have no access to it and that it cannot be accidentally destroyed, modified, disclosed, transmitted or otherwise processed unlawfully.

Documents containing personal data are destroyed as data protection waste.

B.      Computer-processed data

Peppi is used across the Internet. The server hardware is maintained by the IT services of Seinäjoki University of Applied Sciences. The hardware is centralised to locked facilities with strict access control. The network and servers are appropriately protected.

User rights are restricted by user group. The visibility of data and right to update the system are determined by the access right roles of different user groups.

The data are only accessible to users who have been granted rights to the system. Access rights to the system depend on each person’s tasks. The staff are bound by an obligation of non-disclosure set out in the employment contract.