To front page Privacy Policy SEAMK Access Control Privacy Policy

SEAMK Access Control Privacy Policy

Articles 13 and 14 of the EU General Data Protection Regulation

Description of the personal data processing activities and the rights of the data subject/Privacy Notice

EU General Data Protection Regulation (2016/679)

Data Protection Act (2018/1050)

1. Controller

Seinäjoki University of Applied Sciences
Kampusranta 11, Frami F
FI-60320 Seinäjoki, Finland
+358 20 124 3000
seamk(at)seamk.fi

2. Controller’s representative

Henna Romppainen, Property and Security Manager
Seinäjoki University of Applied Sciences
tel. +358 40 830 2100
henna.romppainen(at)seamk.fi

2a. Official responsible for the personal data file

Securitas Oy, Seinäjoki

2b. Contact persons in matters relating to the data file

Frami A, E, F ja Kampustalo

Juha Vähälä, Securitas
tel. +358 40 183 6156
juha.vahala(at)securitas.fi

Elina Männikkö, Securitas security guard
tel. +358 40 680 7615 (weekdays 8 a.m.–4 p.m.)
vahtimestari(at)seamk.fi

Frami H

Arvo Ylinen, maintenance supervisor
040 830 2369
arvo.ylinen(a)seamk.fi

Roni Kuru, laboratory engineer
040 830 0308
roni.kuru(a)seamki.fi

2c. Contact details of the Data Protection Officer

Jarmo Jaskari, Data Protection Officer, Seinäjoki University of Applied Sciences
tel. +358 40 868 0680
tietosuojavastaava(at)seamk.fi

3. Name of the data file

Seinäjoki University of Applied Sciences Hedsam Access Control System Register

4. Purpose of processing personal data/data file use

Management of access badges and access rights, as well as management and monitoring of building doors as needed. Reviewing and updating access rights, as well as reviewing access control event logs as needed, for example, when a crime is suspected.

The program allows you to manage the distribution and return of access keys, as well as print all necessary reports on lock statuses and access badge users.

The program makes it easy to check individuals’ access rights in different areas, for example, if you need to quickly assess the security risk caused by lost keys.

Access control makes it easy to immediately revoke access rights for specific individuals to all Seinäjoki University of Applied Sciences facilities referred to in this privacy policy, for example, in the situation mentioned above.

Access control also allows for the management of access rights for even larger groups all at once, if necessary.

5. Purpose of maintaining the data file

Protecting the data and property of the Seinäjoki University of Applied Sciences and access control management.

5a. Data content of the file

The registry consists of the premises of Seinäjoki University of Applied Sciences:

  • Frami F / Kampusranta 11
  • Frami E / Kampusranta 11
  • Frami A / Kampusranta 9
  • Frami H / Juhonkatu 5
  • Kampusranta, Kampustalo / Kalevankatu 35

The registry contains information on individuals who have an access badge and access rights to the premises listed above.

The following information about individuals is recorded in the registry:

  • First and last name
  • Company, department, and team
  • Areas to which the individual has access
  • Additional information, if necessary

The registry contains data on individuals’ movements within buildings, door locks, and their users, as well as information on, for example, the activation and deactivation of HHL control groups by separately authorized individuals.

5b. Information systems using the data file

None

6. Regular sources of data

Designated Hedsam users enter non-standard door schedules into the system based on information received from the university staff or the Head of Facilities and IT Management.

When adding new access rights, user access information is provided by the university staff or another equivalent source. Access rights to different facilities are granted to individuals only to the extent necessary, and there are mutually agreed-upon principles governing this.

Door locking and usage event data is transferred directly from the reader to the system when access keys are used.

User data is deleted from the system immediately after the access card holder returns their access control card.

7. Regular disclosure of data

Information is not normally disclosed.

Personal data is used solely for access control purposes. On an occasional basis, data—specifically access control reports—may be disclosed to the police, for example, for the purpose of investigating crimes.

8. Transfer of data outside the EU or the EEA

No data stored in the file is transferred outside the EU or the EEA.

9. Principles of data file protection

Individuals who process personal data are bound by a duty of confidentiality. The information in the records is confidential (e.g., access control logs).

A.      Manual material

Paper documents, i.e., access key handover forms, are stored behind two locks: in a locked room and in a locked cabinet.

B.      Computer-processed data

Files related to key management are stored in a secure location on a password-protected device. Access to these files is restricted to designated individuals. The data is deleted immediately after the key holder returns the key.