SoleMOVE and SoleGrant systems’ privacy statement |

SoleMOVE and SoleGrant systems' privacy statement

Articles 13 and 14 of the EU General Data Protection Regulation

Data Protection Act (1050/2018)

Articles 13 and 14 of the Combined Data Subject Information Document (EU Data Protection Regulation 2016/679)

1. Controller

Seinäjoki University of Applied Sciences
Kampusranta 11, Frami F
FI-60320 Seinäjoki, Finland
+358 20 124 3000

2. Controller’s representative

Asmo Myllyaho, Head of Property and Information Management, Seinäjoki University of Applied Sciences
tel. +358 40 830 4262

2a. Official responsible for the personal data file

Tiina Ojanperä, System Administrator, Seinäjoki University of Applied Sciences

Ari Korpelainen, Solenovo Oy
Solenovo Oy, Kauppakatu 28, 80100 Joensuu

2b. Contact persons in matters relating to the data file

Anna Lepistö, Technical System Administrator, Seinäjoki University of Applied Sciences

2c. Contact details of the Data Protection Officer

Jarmo Jaskari, Data Protection Officer, Seinäjoki University of Applied Sciences
tel. +358 40 868 0680

3. Name of the data file

SoleMOVE and SoleGRANT.

4. Purpose of processing personal data/data file use

The data content of the SoleMOVE system consists of information needed to apply for international student and staff exchanges and to process applications as well as data required for reporting.

The data content of the SoleGRANT system consists of the data needed to process grant applications and to pay out grants.

5. Purpose of maintaining the data file

Administration of international student and staff mobility, communications, and collection of feedback.

5a. Data content of the file


The data subjects include exchange students, staff representatives applying for an exchange, staff representatives processing applications, and contact persons at partner higher education institutions. The data recorded on staff representatives who process the applications are name, contact details and date of birth. The data recorded on persons applying for an exchange are name and contact details, date of birth, student number, personal identity code, gender, home higher education institution, nationality and mother tongue The data recorded on contact persons are name, contact details, nationality and home institution.


The data subjects include employees who process grant applications and payment instalments as well as grant applicants. The data recorded on processors of grant applications and payment instalments are name and contact details. The data recorded on grant applicants are name and contact details, student number, personal identity code, date of birth, municipality of residence, home institution and bank details.

5b. Information systems using the data file

  • Peppi

6. Regular sources of data

Personal data may be generated in the following ways:

  1. Entered by the applicant/student
  2. Included in conversion data
  3. Entered by a staff member
  4. Returned by the authentication service
  5. Imported from the teaching planning system
  6. Imported from the study administration system
  7. Imported from the study data service

7. Regular disclosure of data

The controller is responsible for data disclosures and the policy on data use. The processor does not disclose data without the controller’s authorisation.

8. Transfer of data outside the EU or the EEA

The system is not used to transfer personal data to non-EU or EEA countries.

In case of student mobility to non-EU and EEA countries, a learning agreement for studies/traineeships form is sent by e-mail to the host higher education institution. The grounds for the data transfer are a contract and compliance with a statutory obligation.

9. Principles of data file protection

Data in the file are processed ensuring that the staff’s privacy is not unduly compromised. The data in the file are stored in compliance with the requirements in sections 6e, 6b and 6c of Act 484/2013.

A.      Manual material

Users can generate pdf or csv reports based on the data subjects’ data in the file and print them out. The controller is responsible for the uses of the printouts. The processor does not print out the data subjects’ data without the controller’s authorisation.

B.      Computer-processed data

The file is physically located at MPY’s data centre in Mikkeli. The data subjects’ data are protected by usernames and passwords as well as user roles. The controller’s staff log in using an AD service provided by the controller, and any third parties authorised by the controller (including guardians) use a local login.