Privacy statement for SeAMK's stakeholder cooperation
Purpose of the processing of personal data
Your personal data is processed to manage stakeholder cooperation and to inform stakeholders about, among other things, SeAMK’s activities, education possibilities, RDI projects, student internships as well as events. Your personal information may also be processed to request feedback.
Your personal information may be processed:
- Establishing cooperative relations
- To get the necessary information and news about SeAMK
- To be able attend SeAMK’s events
- For statistical purposes
- For development of activities
In some forms of stakeholder acivity, such as meetings and events, photographs may be taken at separately indicated and marked locations (e.g., a photoshoot point or other restricted space). Those who come to these places are interpreted to have given their consent to both the taking of photographs and their publication. These images may be used as marketing and reporting material for that event, in publications related to the topic of the event, and in other similar communications and marketing activities related to the event or its topic.
If the event is recorded and/ or streamed online, stakeholders will be notified in advance. The publicity, venue and duration of the event recording will also be announced in advance.
Personal information may be collected through a registration form, in person, in connection with stakeholder events and other stakeholder activities, and through separate surveys.
The processing of your data is based on agreement (1 and 2), consent (2, 3 and 4), the public interest (5) and the legitimate interest (6). In connection with statistics, the information is treated as unidentified. You cannot be identified from the statistics and feedback.
Legal basis for the data processing
The legal basis for the processing is the public interest. The most important legal act is the University of Applied Sciences Act of 14 November 2014/932, especially Section 6 “Cooperation with the operating environment”.
The register includes representatives of Seinäjoki University of Applied Sciences’ external stakeholders.
What personal data do we collect about you?
If you apply to us to study or you are a former student or you are our customer or partner or otherwise in contact with us, we will process your contact information, for example. In addition, we process information that is generated when you use our services, such as network traces, cookies and communication traces. Where applicable, information on contact persons and users as well as their duties in the companies is also collected from our corporate customers.
In connection with stakeholder activities, we usually need the following information about you:
- Necessary contact information
- Job title
Depending on the stakeholder activity, the information collected may also include:
- Your role in the stakeholder cooperation and in your own organisation
- In international contexts for statistical purposes in your home country
- Information related to the amount and payment of the participation fee
- Special diet if the occasion involves serving
- Information related to publication
- Information related to the arrangement of travel services
- Participation in various stakeholder activities
- Information resulting from the recording of the event (e.g. photos, videos, audio files)
- Objects of your interest
In addition, we may ask for your consent to:
- Communication about SeAMK’s activities
- Communication about on stakeholder activities, such as meetings and events
- Publication of more detailed contact details in the participant lists (name and organisation will be published without asking permission)
- Disclosure of information to partner organisations involved in the organising of stakeholder activities
- Transfer of data to the university’s customer relationship management system
- Subscribing to a stakeholder newsletter
We do not collect or process information about your stakeholder activities or work duties that is classified as non-public or confidential by the organisation you represent.
How do we collect your personal data?
- With the registration form
- In the context of stakeholder activities
- By a separate survey
How do we process your personal data?
Your personal data is processed in the systems for the purposes for which the data was collected. As a rule, an online service is used to process personal data. Personal data is processed exclusively by employees of the university or university’s partners who have the right to process personal data. Access and reading rights to information systems are always determined and granted to the extent required by the job task only to those persons who need the information in question in order to carry out the task assigned to them. The data is stored with due regard to security requirements.
We use personally obtained information related to special needs only for that specific purpose (e.g. accessibility), and we take special care in handling it.
To whom do we disclose your personal data?
The data is stored either on a system running on our own server or on a system from an external service provider operating on the network.
We may distribute to those involved in stakeholder activities a list with the name and organisation of each participant and other information as agreed.
We may give the recordings to the participants as well as for the teaching, research and marketing purposes of SeAMK, as well as for event marketing. Recordings and streaming may be transmitted outside the EU/ EEA.
How long do we keep your personal data?
The retention period of personal data is affected by the nature of stakeholder activities. For example, at events organised by SeAMK’s RDI projects, retention time is affected by the requirements of financiers.
See the table below for details.
|Name of the data group||Retention period|
|Name||Duration of stakeholder membership|
|Employer information||Duration of stakeholder membership|
|Information related to the role||Duration of stakeholdervmembership|
|Contact information||Duration of stakeholder membership|
|Cooperation history||Duration of stakeholder membership|
|Information on participation in various stakeholder activities||Duration of stakeholder membership|
|Recording of live webcast (video, audio)||Duration of stakeholder membership|
|Photographs and videos taken||Can be published on the social media channels, after which retained for 15 years|
|If there is serving at the event, a special diet can be asked||Duration of stakeholder membership|
|Personal special needs related to stakeholder activities||Duration of stakeholder membership|
|Permission to share participation information with other participants or partners||Duration of stakeholder membership|
|Gathered feedback||Duration of stakeholder membership|
How do we protect your personal data?
When processing personal data, we always make sure that your privacy is not unduly compromised and that the data is always stored in a way that complies with the law.
- Stored and protected in such a way that they cannot be seen by outsiders and cannot be accidentally destroyed, altered, transferred, moved or otherwise illegally handled.
- Employees have the right to see only such information about the students that he or she needs in order to do his or her job.
- Employees are responsible for archiving the documents that needs to be archived together with the archivist. The archiving plan defines the retention times and life cycles of documents.
- Documents containing personal data are disposed of by shredding or as data protection waste.
Electronically processed data
- The maintenance of the server equipment is the responsibility of SeAMK’s Information Management. The devices are located in locked spaces with strictly restricted access. The network and servers are properly protected.
- Access rights are limited by user groups. The visibility of the information and the right to update the system is determined by the access roles for different user groups.
- The data can only be accessed by those who have access to the system.
- Access to the system is determined by the person’s job duties or study status.
- The staff is bound by the obligation of confidentiality defined in the employment contract.
The Data Subject’s Rights
The EU General Data Protection Regulation (2016/679) grants the Data Subject the following rights:
Right to access the data (Article 15)
The General Data Protection Regulation grants you the right to obtain a copy of personal data concerning you. No specific format has been laid down for making this request. If necessary, we may ask you for more information to enable us to confirm your identity.
If you submit your request concerning this right electronically, we will provide the data in a commonly used electronic format. While such requests are fulfilled free of charge in principle, under certain conditions we may charge you for the administrative costs of fulfilling the request, or refuse it.
The General Data Protection Regulation sets the time limit of one month for responding to your request. Where necessary, this period may be extended by a maximum of two months, taking into account the complexity and number of the requests.
Right to rectification (Article 16)
The Data Subject has the right to demand the rectification of erroneous information in the register. The request for rectification is submitted in writing.
Right to withdraw consent (Article 17)
The data subject has the right to withdraw his or her consent at any time, if their consent has been requested.
Right to erasure (Article 17)
The Data Subject has the right to demand the erasure of their personal data if one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
- the Data Subject withdraws consent on which the processing is based, and there is no other legal ground for the processing
- The Data subject objects to the processing and there are no overriding legitimate grounds for the processing (Article 21)
- The personal data have been unlawfully processed
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject
Right to restriction of processing (Article 18)
The Data Subject has the right to obtain from the controller restriction of processing where one of the following applies):
- The accuracy of the personal data is contested by the Data Subject, for a period enabling the controller to verify the accuracy of the personal data
- The processing is unlawful, and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead
- The Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims
- The Data Subject has objected to processing pursuant to Article 21 pending the verification whether the legitimate grounds of the controller override those of the Data Subject.
Right to data portability (Article 20)
The Data Subject has the right to receive the personal data concerning them, which they have provided to a controller, in a machine-readable format if the processing is based on consent and the processing is carried out by automated means.
Requests for the use of the above rights are addressed to:
Seinäjoen Ammattikorkeakoulu Oy
Data Protection Officer
P.O. Box 412 (Kampusranta 11)
Rectification of errors
The Controller shall, without unnecessary delay, spontaneously or at the Data Subject’s demand rectify, erase or complete personal data that are erroneous from the perspective of processing, unnecessary, insufficient or outdated.
Having detected an error, the person in charge of register-related matters shall immediately rectify the error or notify a person with the sufficient rights to do it. The Data Subject has the right to demand the rectification of the data, and the data is rectified without unnecessary delay. If the rectification is refused, a written refusal certificate is provided. The Data Subject has the right to submit the matter to be resolved by the Data Protection Ombudsman, address Tietosuoja-valtuutetun toimisto, PL 315, 00181 Helsinki. The Data Protection Ombudsman may issue the Data Controller an order to rectify the data.
The demand for rectification is submitted in writing or orally to the person in charge of register-related matters and, if necessary, the Data Subject’s identity is verified.
For other cases, a demand for rectification is addressed to:
Seinäjoen Ammattikorkeakoulu Oy
Data Protection Officer
P.O. Box 412 (Kampusranta 11)
Other rights related to the processing of personal data
Checking of identity
Unless the person requesting data is not known from before or their identity cannot be verified in other ways, they shall always prove their identity before the transfer of data.
Identity can be proved with an official identification including a photo, such as driving licence, passport, identity card issued by the police authority, and the Kela card.
Prohibition of transfer of address data
The Data Subject has the right to prohibit the transfer of their personal data from the population information system and related documents
- for direct marketing, telemarketing and other direct marketing, as well as market research and opinion polls (Personal Data Act 30 §)
- as an address service (Population Information Act 25 § 5)
- for a register (Personal Data Act 30)
- for genealogy (Personal Data Act 30).
The prohibition of the transfer of the above data is applied for from the Population Register Centre or a city administrative court. After the prohibition has come into effect, the Population Register Centre no longer transfers data as an address service to the University of Applied Sciences. A Data Subject not willing to give their address data is responsible of the inconvenience and damage caused by the impossibility of reaching them.
If a person has reasonable grounds for suspecting their security or that of their of family is under threat, the city administrative court can at their request rule that their domicile or address information shall not be transferred from the population information system to other actors than the authorities. The city administrative court requires a written, justified request from the applicant of a non-disclosure, or at least a visit to the office. For the first time, the non-disclosure order may be valid for five years maximum. It can be prolonged for two years at a time. If a person has a non-disclosure, their address is in many cases not transferred even to the authorities. The authorities that receive the person’s contact data to their systems, are also informed of the non-disclosure.
A person with a non-disclosure shall notify the person in charge of register-related matters.
A restraining order means that, in order to protect the person’s life, health, freedom or piece someone else can be prohibited to contact them. A restraining order can be applied for by anyone who with good reason feels threatened or disturbed by someone else. A restraining order is applied for from the police or directly from the local court.
A person who has been granted a restraining order shall, when necessary, notify the person in charge of register-related matters.
Seinäjoki University of Applied Sciences
Kampusranta 11 F, Frami F, 60320 SEINÄJOKI
tel. +358 20 124 3000
Contact persons in matters relating to the data file
Outi Kemppainen, Marketing and Communications Manager, Seinäjoki University of Applied Sciences
Data Protection Officer
Jarmo Jaskari, Data Protection Officer, Seinäjoki University of Applied Sciences
tel. +358 40 868 0680
Seinäjoki University of Applied Sciences
Data Protection Officer, P.O. Box 412, Kampusranta 11, Frami E, 60320 SEINÄJOKI
- University of Applied Sciences Act 932/2014 and regulations issued pursuant to it
- Government Decree on the Universities of Applied Sciences 1129/2014
- General Data Protection Regulation (EU) 2016/679 and supplementing national regulations, Act on the Publicity of Authorities’ Activities 621/1999