WebTallennus software’s privacy statement | SeAMK

WebTallennus software's privacy statement

Articles 13 and 14 of the EU General Data Protection Regulation

Data Protection Act (1050/2018)

Articles 13 and 14 of the Combined Data Subject Information Document (EU Data Protection Regulation 2016/679)

1. Controller

Seinäjoki University of Applied Sciences
Kampusranta 11, Frami F
FI-60320 Seinäjoki, Finland
+358 20 124 3000

2. Controller’s representative

Director of Administration

2a. Official responsible for the personal data file

Director of Administration

2b. Contact persons in matters relating to the data file

Mirka Ketola, HR Secretary, Payroll Administration (System Administrator)
Seinäjoki University of Applied Sciences
tel.  +358 40 8302411

Leena Myllyaho, HR Secretary, Payroll Administration (System Administrator)
Seinäjoki University of Applied Sciences
tel. +358 40 8302414

2c. Contact details of the Data Protection Officer

Jarmo Jaskari, Data Protection Officer, Seinäjoki University of Applied Sciences
tel. +358 40 868 0680

3. Name of the data file

WebTallennus software.

4. Purpose of processing personal data/data file use

A system for limited liability companies used as an aid for storing data when the person storing the data does not have access to the core application.

The data are stored via a web browser. The core system is the Pegasos personnel and payroll administration system.

The system includes electronic personnel forms for the payroll and HR administration of a limited liability company. Personnel use the forms to apply for things such as suspensions and approval of lesson and working time data. Decision-makers use the webTallennus system to make almost all payroll and personnel management decisions (including suspensions, hiring employees: employment contracts).

Areas in the webTallennus system:

  • User identification / access
  • Configuring storage platforms
  • Saving data
  • Approval
  • Printing
  • Forming and submitting data

5. Purpose of maintaining the data file

The use of the data file is based on legislation concerning limited liability companies. The regulations and provisions are listed in the section on regular disclosure of information and monitoring, and in the following list:

  • Personal Data Act 523/1999
  • Act on the Protection of Privacy in Working Life 759/2004
  • Universities of Applied Sciences Act 932/2014
  • Employment Contracts Act 55/2001
  • National Pensions Act 568/2007
  • Municipal Pension Act 549/2003
  • Income Tax Act 1535/1992
  • Seinäjoki University of Applied Sciences rules of procedure and code of conduct 2015

5a. Data content of the file

The data file contains data on employees in an employment relationship with the limited liability company.

  • personal data (name, personal identity code)
  • contact information (address, phone numbers)
  • municipality of residence
  • Information about employment relationship (e.g. start date, end date, title, pension scheme, operating and work unit, collective agreements, working hours)
  • banking details (bank, branch, account number)
  • salaries and allowances
  • information about interruptions, paid and unpaid absences per event type.

Data stored in the register include:

  • employment contracts (information about the employment such as title, work unit, eligibility, duration of employment relationship, reason for a fixed-term employment relationship, type and nature of employment relationship, working time system, part-time or full time, weekly working hours, collective agreement sector, Employees Pensions Act, account information, cost centre information, account and identification data, salary information)
  • informing about commissions
  • information about interruptions, paid and unpaid absences per event type.
  • changed personal data
  • change notifications

The periods for storing the data are determined in accordance with the limited liability company’s archive formation plan.

5b. Information systems using the data file

  • Pegasos

6. Regular sources of data

  • Employees
  • Reviewers/Approvers

7. Regular disclosure of data

  • Payroll transaction data is transferred twice a month to Pegasos
  • Lists of decisions

8. Transfer of data outside the EU or the EEA

No data stored in the file is transferred outside the EU or the EEA.

9. Principles of data file protection

A.      Manual material

B.      Computer-processed data

The information systems used for maintaining personal data files are managed in accordance with the rules and instructions on the information security of limited liability companies. Technical applications used to secure the information systems and their interfaces include a firewall, and regular backup copies are made of the data.

The access to the information systems is restricted using access groups ensuring that individual users can only access the data they need in their tasks.

The system can only be accessed via a secure network connection.  Accessing the system requires a personal user ID and password. The access rights end when the person no longer works in the task.

Sections 21 and 40 of the Universities of Applied Sciences Act contains provisions on the confidentiality of information. In the section 24 of the Act on the Openness of Government Activities. Special attention shall be paid to protecting confidential data and the sensitive data listed in section 11 of the Personal Data Act.