Privacy statement for the Entre Intentio application and database

Articles 13 and 14 of the EU General Data Protection Regulation

Data Protection Act (1050/2018)

Articles 13 and 14 of the Combined Data Subject Information Document (EU Data Protection Regulation 2016/679)

1. Controller

Seinäjoki University of Applied Sciences Oy
Kampusranta 11, Frami F, 60320 Seinäjoki020 124 3000
seamk(at)seamk.fi

2. Controller’s representative

Sanna Joensuu-Salo, Principal Lecturer, Seinäjoki University of Applied Sciences Ltd
tel. +358 40 868 0144
sanna.joensuu-salo(at)seamk.fi

2a. Official responsible for the personal data file

Sanna Joensuu-Salo, Principal Lecturer, Seinäjoki University of Applied Sciences Ltd
tel. +358 40 868 0144
sanna.joensuu-salo(at)seamk.fi

2b. Contact persons in matters relating to the data file

Sanna Joensuu-Salo, Principal Lecturer, Seinäjoki University of Applied Sciences Ltd
tel. +358 40 868 0144
sanna.joensuu-salo(at)seamk.fi

2c. Contact details of the Data Protection Officer

Jarmo Jaskari, Data Protection Officer, Seinäjoki University of Applied Sciences Ltd
tel. +358 40 8680680
tietosuojavastaava(at)seamk.fi

3. Name of the data file

EntreIntentio database

4. Purpose of processing personal data/data file use

The database collects data for the development of entrepreneurship education and entrepreneurship research. The data is processed in an anonymized manner, with the exception of the following: Personal data will be processed as part of the collected database to the extent required for the implementation of a follow-up survey or, to the extent that the respondent has given his or her consent, to inform about the provision of entrepreneurship education.  Data gathered for the database on behalf of other higher education institutions can be delivered to such institutions in anonymized form, with the exceptions described above.

4a. Legal basis for processing personal data

The processing of personal data is based on the public interest.

5. Purpose of maintaining the data file

The processing of personal data stored in the register is based on oral and/or written consent given by the data subjects in connection with the collection of the material. Participation is voluntary and can be interrupted at any stage, in which case the data collection for the person in question will no longer be continued.

5a. Data content of the file

With regard to personal data, the person’s name, age, student number, e-mail, telephone number, field of education, educational institution and degree programme are stored in the register.

5b. Information systems using the data file

The register will not be merged with other registers. The processing of data utilizes: Office 365, SPSS and the information system in which the data is collected.

6. Regular sources of data

Information is collected in the database through an online survey, and when answering it, the participant agrees to the storage of their data.

7. Regular disclosure of data

These data are treated in entirety as part of research and activity planning, and this information cannot be used to identify individual respondents. Contact information may be used to inform individuals about activities when consent has been given.  No data will be disclosed except when the police or other competent authority, for a purpose specifically provided for by law, requests in writing the specified information in the register.

8. Transfer of data outside the EU or the EEA

The data will not be disclosed outside the EU or the European Economic Area.

9. Principles of data file protection

A.      Manual material

The register does not contain manual material.

B.      Computer-processed data

The electronically processed material is stored on an application server located in SeAMK’s premises and in the internal network. The server and application are managed and maintained by the organization’s IT management and the people responsible for the development of the application. In the analysis phase, the data contained in the register is processed on SeAMK’s internal network drive, protected by personal usernames and passwords. Only employees whose job description requires processing of the register or application server have access to the register. Log files of server events and queries made through the application are logged for queries and usage directed at the server or registry. Data is collected and processed only for questions asked in the application and their answers, in addition to the user data of the service. The data content collected in the register is not combined with the application’s user data. The application collects users’ personal data to the extent necessary for the operation of the service. Password information is encrypted. Passwords are not stored in plain language or in any other form that can be returned to plain language by the registry administrator.

The personal data file generated on the server from personal data is protected by the individual permissions set on the administrators’ server and in the application.

The protection of the register and the service complies with the information security regulations of Seinäjoki University of Applied Sciences.