Information security

Name of register	Maritime Marketing Register
Contact person	Anu Hakkarainen	anu.hakkarainen@samk.fi
Cause for handling:	Consent by registered
Purpose of handling:	informing and marketing of maritime events informing and marketing of maritime research news and education
Groups of registered:	Partners, subcsribers
Information groups:	Information group	Storage time
	first and last name(s), contact information	Information will be removed if consent is cancelled
Information sources:	Person him-/herself
Groups of receivers:	Information not forwarded
Data transfer outside EU/ETA:	Data is not disclosed outside EU/ETA
Automatic decision-making:	No automatic decision-making
Profiling:	No profiling of registered

 

Name of data file	SAMK EduTravel Client register (updated 10.3.2022)
Contact person	Maaria Berg, Manager of SAMK EduTravel	maaria.berg@samk.fi / edutravel@samk.fi; tel. 044 710 3351
Cause for handling	necessary to complete agreement, consent to data gathering
Purpose of handling	Event & Trips participants registrations, international cooperation, company cooperation, national and local cooperation, marketing in different channels
Groups registered	Co-operation partners and their customers
Information groups	Information group		Storage time
	First and last name(s)		10 years
	Social security number		10 years
	Contact information		10 years
	Information regarding tuition and work, title		10 years
	Photographs of events		5 years (due lack of marketing photos of travel groups after 2020 /Covid-19_removed until next travel group photos on 2023?+ 2 years, by 2025)
			Information based on consent will be removed if consent is cancelled
Information sources	Person self / photographer /B2B customer /co-operator
Groups of receivers	KOTA statistics by Ministry of Education and Culture receive information on international visitors once a year
Data transfer outside EU/ETA	Data is not disclosed outside EU/ETA
Automatic decision-making	No automatic decision-making
Profiling	No profiling of registered

 

Name of the register

Whistleblowing reporting channel

Contact person

Jari Lahti
Head of Human Resources
jari.lahti@samk.fi
+358 44 710 3130

Grounds for processing

The legal basis is compliance with a legal obligation (Article 6(1)(c) of the Data Protection Regulation). This obligation is laid down in the European Union Directive on the protection of persons who report breaches of Union law (EU 2019/1937) and in Law 1171/2022 on the protection of persons who report breaches of Union and national law, which transposes the Directive at national level. The notifying person may make the notification under his or her name, but the notification must not contain any other direct identifying information about him or her, such as address details, etc.

If the notifier exceptionally leaves, for example, his/her contact details on the notification form, the processing of personal data is based on the consent of the data subject (Article 6(1)(a) of the Data Protection Regulation).

Purpose of processing

Data sent and received via the Satakunnan ammattikorkeakoulu's notification channel are processed for the purpose of investigating suspected misuse of the notifications and responding to the notifications. The investigation of suspected misconduct may require interviews with persons, documentation of interviews/investigations, decisions on action to be taken in response to the investigation. The processing of personal data is necessary in order to fulfil the obligations of the Directive (EU 2019/1937) identified below to investigate allegations of abuse.

Categories of personal data processed and retention periods

The categories of personal data processed are:

• the first names, surnames, email, public name and username of the processors of the notifications
• notifiers are not required to provide any direct identifying information other than their name, but may include their own information about another person/persons as part of the notification as part of the written notification or through metadata in the attachments.
• when investigating allegations of wrongdoing, persons who have been involved in the activities to which the allegation relates may be interviewed
• in principle, the personal data to be processed are first and last names and contact details. Other personal data may also need to be processed in connection with the reported suspected abuse.

Retention of personal data:

• -otifications will be securely deleted from the notification channel service after a retention period of one year, after which the notification will be stored in the UAS case management system.
• If there is no statutory retention period for the stored data, the retention periods for the notifications and the data generated by the processing of the notification are determined on the basis of the enforcement and verification of the interests, rights, obligations and legal protection of the natural or legal person; the statute of limitations in tort law and the statute of limitations in criminal law.

Regular sources of information

- The personal data of the notifier, in addition to his/her name, are obtained from the notifier, provided that he/she provides them
- personal data concerning third parties are obtained from the notifier and, if applicable, supplemented by contact details from the controller's files, in the case of Satakunta University of Applied Sciences staff.

Recipients or categories of recipients of personal data

The recipients of personal data are the authority, if the notification requires the reporting of suspected misconduct to the authority, possibly the Board of Directors of the UAS, front-line staff, human resources and interested parties.

Transfer of data outside the EU/EEA

No transfer of data outside the EU/EEA.

Principles of data protection

Access to the data is restricted to processors of the notification channel designated by the controller. Where responses to notifications require preparation, this takes place outside the channel, with access to the data being granted to the persons designated as preparers. Access is limited by user IDs and access rights.

Automated decision making

There is no automatic decision-making.

Profiling

No profiling of registrants.

Rights of the data subject

The data subject has the right under the GDPR to:

• To be informed of the processing of personal data, unless an exception is expressly provided for by law
• To check the data concerning him or her and to correct inaccurate or missing data (not applicable if the processing is based on a legal ground or a task carried out in the public interest)
• Restrict the processing of their data
• Object to the processing of their data where there is a public or legitimate interest in the processing
• Request the transfer of personal data which he or she has provided to the controller, where the ground for processing is consent or a contract
• Withdraw his or her consent
• The controller's obligation to notify the rectification/erasure/restriction of processing of personal data
• Not to be subject to automated decision-making (the data subject may allow automated decision-making with his or her consent)

The data subject can exercise his/her rights by contacting the contact person or the data protection officer indicated in the notice. For further information on the rights of the data subject, please contact the contact person and/or the Data Protection Officer.

If the processing of personal data does not require the identification of the data subject without further information and the controller is unable to identify the data subject, the rights of access, rectification, erasure, restriction of processing, notification and transfer do not apply.

You have the right to lodge a complaint with the Office of the Data Protection Ombudsman if you consider that your personal data have been processed in breach of applicable data protection legislation. The contact details of the Data Protection Officer can be found on the privacy notices pages. All requests will be dealt with on a case-by-case basis.

Title of register	youragent.fi service
Contact person	Aleksi Postari	aleksi.postari@samk.fi
Basis for lawfulness of processing	Basis for lawfulness of processing
Purpose of processing	selecting and applying for summer jobs and internships offering jobs statistics and improving the service
Categories of data subjects	Applicants for summer jobs and internships, employers' job selection data processing employees
Categories of data	Categories of data common to all registrants		Retention
	First names, last name		The data will be erased upon revoking of consent   The registrant may check, rectify and erase their data
	Contact details
	State of consent
	Categories of data specific to applicants
	Date of birth
	State of driver's license
	Education
	Language skills
	Photo
	Showcase video
	Answers to the 20 profiling questions
	Skill profile
	State of work cards
	CV
	Fields of interest
	Details of applied position (job title, type and location)
	State of consent to affiliates' job search related emails
	Employment situation (not employed, employed through elsewhere, employed through youragent.fi)
	Categories of data specific to employers
	Company details (name, website, logo)
Details of offered job (title, type, location)
Sources of data	The user
Categories of receivers	The data will not be passed to third parties.
Data transfer outside EU/ETA	The data will not be passed outside EU/ETA.
Automatic decision-making	There is no automatic decision-making.
Profiling	The registrants will not be profiled. Applicants create profiles to tell of themselves and their skills. The information given by the applicants will not be used to predict, analyze or classify them into groups, nor will the data be combined or further processed. The applicant keeps the data up to date. Businesses create profiles with the necessary skills for their open summer jobs/internships. Based on the applicants' profiles, the service offers the businesses applicants for interviews. The service performs no automatic decision-making or profiling. For more information, see Office of the Data Protection Ombudsman: https://tietosuoja.fi/en/automated-decision-making-and-profiling
On data processing	The employers and their employees involved in recruitment will be identified before granting access to employers' applicants' information. The only information of the businesses offering jobs that an applicant can see is a list of their names.

PortMate.eu gdpr privacy notice