Privacy statement for research, development and innovation | SeAMK

Privacy statement for research, development and innovation

This policy concerns persons and companies participating in SeAMK’s studies and surveys. This privacy policy explains how your personal data are processed and what your rights concerning your personal data are.

Research, development and innovation, RDI for short, are part of the mission of the universities of applied sciences: they produce new research and methods and develop products and services for the needs of their regions. Their work also serves UAS studies and their development. Among other things, pointers for RDI work are given by the strategic objectives of the counties and the European Union.

Interaction with working life is central to SeAMK’s activities. SeAMK’s research, development and innovation activities (RDI) mainly comprise applied research that serves the region. For example, this means developing new methods, applications, models or programmes together with companies, students and our professionals. The development is based on cooperation in which third-party views and expertise complement the company’s in-house competence. Over the years, different organisations and SeAMK have created significant solutions to various needs together.

Research, development and innovation take place at SeAMK as applied research. The RDI activities focus on strategic priority areas defined on the basis of SeAMK’s specific expertise and the needs of customers in the region.

Companies and other organisations in South Ostrobothnia are key partners in SeAMK’s RDI activities. Working life orientation plays an important role in all activities of SeAMK. SeAMK’s regional UAS coordinates activities in different municipalities of South Ostrobothnia and the neighbouring areas.

Controller

Seinäjoki University of Applied Sciences Kampusranta 11 F, Frami F, 60320 SEINÄJOKI tel. +358 20 124 3000

Contact persons in matters related to the personal data file

Johanna Säilä-Jokinen, Director of Administration johanna.saila-jokinen(at)seamk.fi

Data Protection Officer

Jarmo Jaskari, Data Protection Officer tietosuojavastaava(at)seamk.fi Seinäjoki University of Applied Sciences

Data Protection Officer, P.O. Box 412, Kampusranta 11, Frami E, 60320 SEINÄJOKI

Scope of the Privacy Policy

This privacy policy applies to the personal data of persons participating in studies and surveys processed by Seinäjoki University of Applied Sciences, later referred to as SeAMK.

Purposes of processing personal data in a study and its legal basis

 We process your personal data for the following purposes:

  • to facilitate cooperation with employers in teaching and RDI activities as well as to manage customer and stakeholder relationships, including the sales of services and implementation of cooperation projects
  • marketing and information activities
  • scientific research (no data disclosures).

In cases of cooperation related to RDI and teaching, data are processed on the grounds of SeAMK’s statutory tasks described in the Universities of Applied Sciences Act 932/2014)

Otherwise the processing of personal data in our file is based on a relevant connection or fulfilment of a contract to which the data subject is a party. The grounds for processing the data are SeAMK’s legitimate interest in business operations and when processing the data of potential customers. Personal data are stored at this point to ensure that a potential customer can be contacted. Personal data stored on a potential customer are removed from the file fully if the contact does not lead to a customer relationship or stakeholder cooperation.

Main statutes

  • Universities of Applied Sciences Act 932/2014 and the decrees issued by virtue of it
    • o  Government Decree on Universities of Applied Sciences 1129/2014
  • General Data Protection Regulation (EU) 2016/679 and the complementing national statutes, the Act on the Openness of Government Activities 621/1999

Legitimate interests

The grounds for processing the data are SeAMK’s legitimate interest in business operations and when processing the data of potential customers. Personal data are stored at this point to ensure that a potential customer can be contacted.

Which data do we collect on you?

We process following data categories concerning you:

  • Basic data: identifying data (name, personal identity code, address, telephone number, e-mail address Additional data concerning you which we may process
  • A person’s title and place of work or organisation

As a rule, the telephone and address data of a person’s workplace are recorded as contact details. If a person provides their own contact details, they may also comprise a home telephone number and home address data.

How do we collect your data?

We collect your data directly from you and from the following sources:

  • Statistics Finland
  • Fee-paying registers (including Fonecta)
  • The public Internet
  • Lists of names at various events (to meet the reporting obligation in EU co-funded projects)
  • E-mail messages
  • Telephone conversations
  • Different meetings.

We also use the Population Information System to update your basic data.

How do we process your data?

Your data are processed for the purposes for which they were collected. In processes related to different research matters, the subjects’ personal data are processed solely by the employees of SeAMK or its partners who have the right to do so. Access and reading rights to information systems are always specified and granted to the extent required by their tasks and only to persons who need the data of a personal data file contained in the relevant information system to carry out a task assigned to them.

As a rule, statistics or data used for research purposes are anonymised, ensuring that no individuals can be identified on their basis. The data are stored in compliance with the appropriate security requirements.

Personally provided data related to special needs are only used for the relevant purpose, and they are processed with special care (for example, accessibility).

To whom do we disclosure your personal data?

Your data may only be disclosed as required and permitted under the legislation in force.

For how long do we retain your personal data?

Personal data are stored for as long as the need to use them remains valid.

If a data subject requests the erasure of personal data concerning them, the data will be deleted in the file. If a person withdraws their consent to the processing of their data for a specific purpose, this information is recorded in the system as part of the person’s data.

Data collected or processed with your consent are retained until further notice or until you withdraw your consent, provided that there is no other legal basis for processing them laid down in the legislation.

The retention periods of personal data and manual data stored in the systems are determined on the basis of legislation and the higher education institution’s filing plan/information management plan.

How do we keep your personal data safe?

When processing the data, we always ensure that your privacy is not unduly compromised and that the data are stored in compliance with the legal requirements at all times.

Manual data

  • Manual data are stored and protected ensuring that third parties do not have access to them and they cannot be accidentally destroyed, modified, disclosed, transmitted or otherwise unlawfully processed.
  • Employees only have the right to access a student’s data needed in their tasks.
  • Employees are responsible for archiving documents together with the official responsible for archival. The retention periods and life cycles of documents are defined in the filing plan.
  • Documents containing personal data are destroyed by shredding or as data protection waste.

Data processed in computer systems

  • The servers are maintained by SeAMK’s Information Management. The hardware is centrally located in a locked room with strict access control. The network and servers are protected appropriately.
  • Access rights are restricted by user group. Data visibility and the right to update the system are determined by user rights roles assigned to different user groups.
  • Only those with access rights to the system can access the data.
  • Access to the system is determined by the person’s work duties or student status.
  • The personnel are bound by an obligation of non-disclosure set out in the employment contract.

Your rights as a data subject

Right to access your data (right of access, Article 15)

You have the right to know what personal data concerning you are being processed and have been stored.

On your request, SeAMK will provide you with your data as soon as possible and without undue delay. The time limit for giving access to the data or providing additional information relating to the information request is one month from the date on which the request was received. If the request is complex and extensive, the deadline may be extended by two months.

As a rule, your data will be delivered to you free of charge. If you ask for more than one copy, you will be charged a fee based on the administrative costs. If your data request is manifestly unfounded or excessive, or if you repeatedly submit requests for your data, the higher education institution may charge the administrative costs incurred from supplying the data or refuse to act on your request. In this case, SeAMK will justify its decision.

If SeAMK refuses to provide the data, a written certificate of this will be issued to you. In this connection, we will inform you of your right to legal remedies, including your possibility of filing a complaint with a supervisory authority.

Right to rectification (Article 16)

You have the right to demand that any incorrect, inaccurate or incomplete personal data concerning you be corrected or supplemented without undue delay. You also have the right to demand that any unnecessary personal data on you be erased.

If SeAMK does not accept your request for rectification, a written certificate will be issued stating the reasons for not acting on the request. In this connection, we will inform you of your right to legal remedies, including your possibility of filing a complaint with a supervisory authority.

Right to be forgotten (Article 17)

Depending on the legal basis of processing the data, you may have the right to have your personal data erased in SeAMK’s file. This right does not apply in cases where, for example, the processing of your personal data is necessary for compliance with a legal obligation or for the exercise of official authority vested in SeAMK. SeAMK’s filing plans and statutory retention periods are complied with in the storage and erasure of your data.

Right to restriction of processing (Article 18)

In certain circumstances, you may have the right to request restriction of processing of your personal data until your data or the legal basis for its processing have been properly verified and corrected or completed.

Right to data portability (Article 20)

You have the right to receive the personal data you have provided to SeAMK in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from SeAMK. This right applies to situations where data are processed by automated means and based on consent or a contract.

The right does not apply to, for example, the processing of personal data necessary for the performance of a task carried out in the public interest or which is necessary for compliance with a legal obligation of the controller. Consequently, the right does not apply to SeAMK’s personal data files as a rule.

Right to object (Article 21)

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on performance of a task carried out in the public interest, exercise of official authority or the legitimate interest of SeAMK. In this case, your data may only be processed if compelling legitimate grounds can be demonstrated for doing so.

You have the right to, with no particular grounds, object at any time to the processing of personal data concerning you for direct marketing purposes.

Right to lodge a complaint with an authority (Article 77)

You have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the EU General Data Protection Regulation (EU) 2016/679. You additionally have the right of recourse to other administrative or judicial remedies.

You also have the right to commence legal proceedings against the controller or the organisation processing personal data if you consider that your rights have been infringed as a result of the processing of your personal data in non-compliance with the General Data Protection Regulation.

How are my rights realised?

In many systems, you can log in to view the data saved on you. For more detailed privacy policies of individual personal data files, visit our Privacy Policy webpage.

Requests for rectification and access should be addressed to: tietosuojavastaava(at)seamk.fi

You can contact SeAMK’s Data Protection Officer in case of any problems or whenever you need advice:

Seinäjoki University of Applied Sciences
Data Protection Officer
P.O. Box 412 (Kampusranta 11)
60101 Seinäjoki