Document management system's privacy statement

Articles 13 and 14 of the EU General Data Protection Regulation

Data Protection Act (1050/2018)

Articles 13 and 14 of the Combined Data Subject Information Document (EU Data Protection Regulation 2016/679)

1. Controller

Seinäjoki University of Applied Sciences, SeAMK Library
Kampusranta 11, Frami F
FI-60320 Seinäjoki, Finland
+358 20 124 3000

2. Controller’s representative

Johanna Säilä-Jokinen, Director of Administration, Seinäjoki University of Applied Sciences

2a. Official responsible for the personal data file

Merja Kankaanpää, Archive Specialist, Seinäjoki University of Applied Sciences
tel. +358 40 8302436

2b. Contact persons in matters relating to the data file

2c. Contact details of the Data Protection Officer

Jarmo Jaskari, Data Protection Officer, Seinäjoki University of Applied Sciences
tel. +358 40 868 0680

3. Name of the data file

Case and document management system.

4. Purpose of processing personal data/data file use

The case and document management system serves as a data file for SeAMK’s official affairs and documents. The system is used to monitor the processing of pending issues and serves as a document register (diary) in accordance with the Decree on the Openness of Government Activities and on Good Practice in Information Management.

The system also serves as an electronic storage site for certain documents to be stored for a specific period specified in the archive formation plan for the document’s life cycle.

The system metadata are controlled and maintained using the archive management system operating in the background of case and document management system.

5. Purpose of maintaining the data file

A data file for the official affairs and documents of SeAMK.

5a. Data content of the file

Only personal data relevant to an issue necessary for the processing of the issue are recorded in the data file. The data file contains the metadata and processing stages concerning the official issues specified in SeAMK’s archive formation plan, and the assignments and documents related to the processing of these issues.

The system is used to store the identification data and log data on registered users, i.e. the user’s name, title, email address, changes made, date and time.

The name of the sender/recipient is registered as personal data on the official documents received and prepared by SeAMK.

The issues and documents registered in the system may contain information classified as sensitive or confidential. The processing of this data is restricted, either at a case or document level, only to persons whose duties require handling these issues.

5b. Information systems using the data file

6. Regular sources of data

The data content consists of documents in the register and their metadata.

The register data are collected from documents sent to SeAMK and created at SeAMK by both customers and system users. The system user rights are separately applied for from the officer responsible for the personal data file and the user rights are obtained based on the applicant’s duties with his or her supervisor’s consent. Access rights are granted by the officer responsible for the personal data file.

Assignments carried out in the system and submitted from the system to external emails are made to include both the sender’s name and the recipient’s names and email addresses either automatically based on user data or as manually provided by the user.

The following data are stored in the system from the assignments: the processor’s and/or recipient’s name, email address, and the date and time of the action.

7. Regular disclosure of data

Data are not regularly disclosed from the register. In accordance with the Act on the Openness of Government Activities and with the publicity values of SeAMK’s archive formation plan, personal data stored in the system may be disclosed within the organisation and, on a separate request, outside the organisation in accordance with the Act on the Openness of Government Activities.

8. Transfer of data outside the EU or the EEA

No data are transferred to non-EU or EEA countries.

9. Principles of data file protection

A.      Manual material

The documents are only processed by those whose work assignments require this. The data are stored in a locked facility, separate access rights have been determined to the archive spaces.

B.      Computer-processed data

The system is used in compliance with SeAMK’s information security and data protection principles. Access to the case and document management system servers is restricted by both SeAMK’s firewall and the servers’ own firewalls.  The system has access control and allows restricting access rights to individuals or access groups selected separately for each case and document. The system uses a data and document encryption feature as needed.