Social Counsellor services' client register's privacy statement

Articles 13 and 14 of the EU General Data Protection Regulation

Data Protection Act (1050/2018)

Articles 13 and 14 of the Combined Data Subject Information Document (EU Data Protection Regulation 2016/679)

1. Controller

Seinäjoki University of Applied Sciences, SeAMK Library
Kampusranta 11, Frami F
FI-60320 Seinäjoki, Finland
+358 20 124 3000
seamk(at)seamk.fi

2. Controller’s representative

Johanna Säilä-Jokinen, Director of Administration
tel. +358 40 570 8723
johanna.saila-jokinen(at)seamk.fi

2a. Official responsible for the personal data file

Karoliina Karesola, Social Counsellor of University of Applied Sciences
tel. +358 40 830 2043
karoliina.karesola(at)seamk.fi

2b. Contact persons in matters relating to the data file

Karoliina Karesola, Social Counsellor of University of Applied Sciences
tel. +358 40 830 2043
karoliina.karesola(at)seamk.fi

Piia-Mari Riihilahti, Project Manager
tel. +358 40 830 2355
piia-mari.riihilahti(at)seamk.fi

2c. Contact details of the Data Protection Officer

Jarmo Jaskari, Data Protection Officer, Seinäjoki University of Applied Sciences
tel. +358 40 868 0680
jarmo.jaskari(at)seamk.fi

3. Name of the data file

Client register of the Social Counsellor of University of Applied Sciences.

4. Purpose of processing personal data/data file use

The personal data stored in the client register of the Social Counsellor of University of Applied Sciences is processed to maintain the social counsellors’ client relationships during Kuraattoripalveluista tukea opintoihin -project (KUTO) (7.3.2022-30.6.2023).

The purpose of the register is to maintain a client register
and to record client encounters. In addition, the contact request data and anonymous statistics stored in the register are utilised to develop and to control the KUTO -project and the quality of counselling work.

5. Purpose of maintaining the data file

The use of personal data is based on the person’s own consent and the legislation concerning the University of Applied Sciences.

The processing of personal data ensures the principles of good administration, data protection and security in accordance with the Administrative Procedure Act and data protection regulations.

The archive creation plan/ data management plan of Seinäjoki University of Applied Sciences and the regulations and ordinances of the archive department guide storing and destroying of personal data. The register will be destroyed at the latest six months after the KUTO -project has ended and implementation of the project has been reported.

5a. Data content of the file

The register contains the following information:

  • The employee’s name
  • The client personal data
    • names and date of birth
    • contact information: phone number
  • Study right information
    • name of the degree programme / major subject
    • information on special study arrangements that potentially apply
  • Parties of collaboration (according to the student’s report for example mental health services, student health care and third-sector actors).
  • Client report
    • party that made contact
    • reason for becoming a client
    • content of the meeting
    • meetings, discussions, consultations, persons present
    • plans, recommended measures
    • summaries, statements, referrals, examination results
    • assessment
  • Document exchange (only when documents are exchanged due to client’s request):
    • document forwarding: the employee who made the entry, date, the client’s consent, document name, target, grounds for the forwarding (context, client’s request, statutory)
    • received documents: date of arrival, source

5b. Information systems using the data file

None

6. Regular sources of data

  • Client (student)
  • Other agencies (e.g. study psychologist, FSHS) only with the client’s permission

7. Regular disclosure of data

The personal data in the register is confidential.

No personal data is regularly released from the register. The right to disclosure is mainly based on the consent of the client. Confidential data can only be disclosed with the explicit consent of the data subject or if the disclosure or the right to receive information is explicitly provided for by law (Chapter 7 of the Act on the Openness of Government Activities).

The register can be used to produce statistical data without personal identification numbers for the use of Seinäjoki University of Applied Sciences and Kuraattoripalveluista tukea opintoihin -project.

Personal data will not be disclosed for direct marketing purposes.

8. Transfer of data outside the EU or the EEA

Student information is not transferred outside the EU or the European Economic Area.

9. Principles of data file protection

A.      Manual material

Manual material is stored in locked workstations and locked cabinets.

B.      Computer-processed data

The electronically stored information in the registry is properly protected from third parties in an encrypted folder, with firewalls and other technical protection measures. The computer-processed data is stored in an information systems that requires users to have personal IDs and passwords to log in.

Access right will end when the person leaves the duties for which he or she has been granted the access right.