Financial management and financial reporting software's privacy statement
Articles 13 and 14 of the EU General Data Protection Regulation
Data Protection Act (1050/2018)
Articles 13 and 14 of the Combined Data Subject Information Document (EU Data Protection Regulation 2016/679)
1. Controller
Seinäjoki University of Applied Sciences
Kampusranta 11, Frami F
FI-60320 Seinäjoki, Finland
+358 20 124 3000
seamk(at)seamk.fi
2. Controller’s representative
Asmo Myllyaho, Head of Property and Information Management, Seinäjoki University of Applied Sciences
tel. +358 40 830 4262
asmo.myllyaho(at)seamk.fi
2a. Official responsible for the personal data file
Pilvi Aarnio, Financial Manager, Seinäjoki University of Applied Sciences
tel. +358 40 680 7270
pilvi.aarnio(at)seamk.fi
2b. Contact persons in matters relating to the data file
Kirsi Nivukoski, Accountant, Seinäjoki University of Applied Sciences
tel. +358 40 830 0444
kirsi.nivukoski(at)seamk.fi
Heini Syrjälä, Designer, Financial Services, Seinäjoki University of Applied Sciences
tel. +358 40 680 7288
heini.syrjala(at)seamk.fi
2c. Contact details of the Data Protection Officer
Jarmo Jaskari, Data Protection Officer, Seinäjoki University of Applied Sciences
tel. +358 40 868 0680
jarmo.jaskari(at)seamk.fi
3. Name of the data file
Seinäjoki University of Applied Sciences financial administration file.
- Financial management and accounting software, including accounts receivable and accounts payable, as well as electronic circulation of purchase invoices
- Financial reporting program
4. Purpose of processing personal data/data file use
- Accounting and financial reporting for the company.
- Ledger maintenance: posting of purchase and sales invoices, financial control, collection of debts and reporting.
- Control of claims in bankruptcy.
5. Purpose of maintaining the data file
Meeting the company’s statutory accounting and financial obligations.
5a. Data content of the file
Customer name, customer number, address data, bank account, business ID/personal identity code, invoice amount, due date, invoice status: open/paid/in collection.
5b. Information systems using the data file
- Financial management and accounting
- Financial reporting
6. Regular sources of data
- Purchase invoices
- Finnish Business Information System BIS
- Information provided by customers on sales invoices, and data obtained from student administration on SeAMK students and from human resources on staff
7. Regular disclosure of data
No regular disclosure of data.
To manage debt collection, accounts receivable data are disclosed to the service provider and the enforcement authority.
8. Transfer of data outside the EU or the EEA
No data stored in the file is transferred outside the EU or the EEA.
9. Principles of data file protection
A. Manual material
Printed purchase invoices are kept in the locked premises of Seinäjoki University of Applied Sciences and are kept for the period required by the provisions of the Accounting Act, after which they are destroyed.
B. Computer-processed data
Financial Management and accounting
Access rights belong to the people managing the financial administration of Seinäjoki University of Applied Sciences. The information system is used in the internal web environment of Seinäjoki University of Applied Sciences with a personal username and password.
Electronic invoice circulation for purchase invoice processing: officials in charge of factual verification and approvers also have access rights. Confidential data may appear in the invoice image. Electronic invoice processing provides no access to other confidential data.
The right to use the information system is removed when a person moves to other tasks.
Financial reporting
User rights are granted to a limited number of Seinäjoki University of Applied Sciences employees as required by their job descriptions. Confidential data may appear in the invoice image, and the drill-down rights to this image are restricted separately according to each user’s area of responsibility. The financial reporting software provides no access to other confidential data.
Behaviour control
The system automatically logs user activity on the system, and logs are generated to monitor system usage and attempts to use the system in accordance with job tasks. The log files are stored in an information system with restricted access (read or write) for the persons responsible for the maintenance of the service and the systems. Any accesses and modifications are recorded in the log. The logs stored in the database are used to monitor and report on the correct use of the information systems and on possible cases of misuse.