- Home
- /
- About SAMK
- /
Information security
The European Union’s General Data Protection Regulation protects natural people’s basic rights and freedom and especially the right to protect personal data. It confirms the rules for handling personal data and the rules regarding free transfer of personal data. The principle is legality, moderation and transparency.
To ensure transparency, the register holder must implement the adequate procedures to deliver the registered information on the principles of handling the registers, the contents, resources and sharing information. The registered must also be told about his/her rights and how to use them. On this site, Satakunta University of Applied Sciences carries out its duty to inform.
Register holder
The register holder is Satakunta University of Applied Sciences (SAMK)
SAMK has a named person in charge of data protection. You can contact him/her regarding all issues with your personal data.
tietosuojavastaava@samk.fi
Data protection documents
Name of register | Maritime Marketing Register | |
Contact person | Anu Hakkarainen | anu.hakkarainen@samk.fi |
Cause for handling: | Consent by registered | |
Purpose of handling: |
|
|
Groups of registered: | Partners, subcsribers | |
Information groups: | Information group | Storage time |
first and last name(s), contact information | Information will be removed if consent is cancelled | |
Information sources: | Person him-/herself | |
Groups of receivers: | Information not forwarded | |
Data transfer outside EU/ETA: | Data is not disclosed outside EU/ETA | |
Automatic decision-making: | No automatic decision-making | |
Profiling: | No profiling of registered |
Name of data file |
SAMK EduTravel Client register (updated 10.3.2022) |
||
Contact person | Maaria Berg, Manager of SAMK EduTravel | maaria.berg@samk.fi / edutravel@samk.fi; tel. 044 710 3351 |
|
Cause for handling | necessary to complete agreement, consent to data gathering | ||
Purpose of handling | Event & Trips participants registrations, international cooperation, company cooperation, national and local cooperation, marketing in different channels | ||
Groups registered | Co-operation partners and their customers | ||
Information groups | Information group | Storage time | |
First and last name(s) | 10 years | ||
Social security number | 10 years | ||
Contact information | 10 years | ||
Information regarding tuition and work, title | 10 years | ||
Photographs of events | 5 years (due lack of marketing photos of travel groups after 2020 /Covid-19_removed until next travel group photos on 2023?+ 2 years, by 2025) | ||
Information based on consent will be removed if consent is cancelled | |||
Information sources | Person self / photographer /B2B customer /co-operator | ||
Groups of receivers | KOTA statistics by Ministry of Education and Culture receive information on international visitors once a year | ||
Data transfer outside EU/ETA | Data is not disclosed outside EU/ETA | ||
Automatic decision-making | No automatic decision-making | ||
Profiling | No profiling of registered |
Name of the register
Whistleblowing reporting channel
Contact person
Jari Lahti
Head of Human Resources
jari.lahti@samk.fi
+358 44 710 3130
Grounds for processing
The legal basis is compliance with a legal obligation (Article 6(1)(c) of the Data Protection Regulation). This obligation is laid down in the European Union Directive on the protection of persons who report breaches of Union law (EU 2019/1937) and in Law 1171/2022 on the protection of persons who report breaches of Union and national law, which transposes the Directive at national level. The notifying person may make the notification under his or her name, but the notification must not contain any other direct identifying information about him or her, such as address details, etc.
If the notifier exceptionally leaves, for example, his/her contact details on the notification form, the processing of personal data is based on the consent of the data subject (Article 6(1)(a) of the Data Protection Regulation).
Purpose of processing
Data sent and received via the Satakunnan ammattikorkeakoulu's notification channel are processed for the purpose of investigating suspected misuse of the notifications and responding to the notifications. The investigation of suspected misconduct may require interviews with persons, documentation of interviews/investigations, decisions on action to be taken in response to the investigation. The processing of personal data is necessary in order to fulfil the obligations of the Directive (EU 2019/1937) identified below to investigate allegations of abuse.
Categories of personal data processed and retention periods
The categories of personal data processed are:
- the first names, surnames, email, public name and username of the processors of the notifications
- notifiers are not required to provide any direct identifying information other than their name, but may include their own information about another person/persons as part of the notification as part of the written notification or through metadata in the attachments.
- when investigating allegations of wrongdoing, persons who have been involved in the activities to which the allegation relates may be interviewed
- in principle, the personal data to be processed are first and last names and contact details. Other personal data may also need to be processed in connection with the reported suspected abuse.
Retention of personal data:
- -otifications will be securely deleted from the notification channel service after a retention period of one year, after which the notification will be stored in the UAS case management system.
- If there is no statutory retention period for the stored data, the retention periods for the notifications and the data generated by the processing of the notification are determined on the basis of the enforcement and verification of the interests, rights, obligations and legal protection of the natural or legal person; the statute of limitations in tort law and the statute of limitations in criminal law.
Regular sources of information
- The personal data of the notifier, in addition to his/her name, are obtained from the notifier, provided that he/she provides them
- personal data concerning third parties are obtained from the notifier and, if applicable, supplemented by contact details from the controller's files, in the case of Satakunta University of Applied Sciences staff.
Recipients or categories of recipients of personal data
The recipients of personal data are the authority, if the notification requires the reporting of suspected misconduct to the authority, possibly the Board of Directors of the UAS, front-line staff, human resources and interested parties.
Transfer of data outside the EU/EEA
No transfer of data outside the EU/EEA.
Principles of data protection
Access to the data is restricted to processors of the notification channel designated by the controller. Where responses to notifications require preparation, this takes place outside the channel, with access to the data being granted to the persons designated as preparers. Access is limited by user IDs and access rights.
Automated decision making
There is no automatic decision-making.
Profiling
No profiling of registrants.
Rights of the data subject
The data subject has the right under the GDPR to:
- To be informed of the processing of personal data, unless an exception is expressly provided for by law
- To check the data concerning him or her and to correct inaccurate or missing data (not applicable if the processing is based on a legal ground or a task carried out in the public interest)
- Restrict the processing of their data
- Object to the processing of their data where there is a public or legitimate interest in the processing
- Request the transfer of personal data which he or she has provided to the controller, where the ground for processing is consent or a contract
- Withdraw his or her consent
- The controller's obligation to notify the rectification/erasure/restriction of processing of personal data
- Not to be subject to automated decision-making (the data subject may allow automated decision-making with his or her consent)
The data subject can exercise his/her rights by contacting the contact person or the data protection officer indicated in the notice. For further information on the rights of the data subject, please contact the contact person and/or the Data Protection Officer.
If the processing of personal data does not require the identification of the data subject without further information and the controller is unable to identify the data subject, the rights of access, rectification, erasure, restriction of processing, notification and transfer do not apply.
You have the right to lodge a complaint with the Office of the Data Protection Ombudsman if you consider that your personal data have been processed in breach of applicable data protection legislation. The contact details of the Data Protection Officer can be found on the privacy notices pages. All requests will be dealt with on a case-by-case basis.
Title of register | youragent.fi service | ||
Contact person | Aleksi Postari | aleksi.postari@samk.fi | |
Basis for lawfulness of processing | Basis for lawfulness of processing | ||
Purpose of processing |
|
||
Categories of data subjects | Applicants for summer jobs and internships, employers' job selection data processing employees | ||
Categories of data | Categories of data common to all registrants | Retention | |
First names, last name | The data will be erased upon revoking of consent
The registrant may check, rectify and erase their data
|
||
Contact details | |||
State of consent | |||
Categories of data specific to applicants | |||
Date of birth | |||
State of driver's license | |||
Education | |||
Language skills | |||
Photo | |||
Showcase video | |||
Answers to the 20 profiling questions | |||
Skill profile | |||
State of work cards | |||
CV | |||
Fields of interest | |||
Details of applied position (job title, type and location) | |||
State of consent to affiliates' job search related emails | |||
Employment situation (not employed, employed through elsewhere, employed through youragent.fi) | |||
Categories of data specific to employers | |||
Company details (name, website, logo) | |||
Details of offered job (title, type, location) | |||
Sources of data | The user | ||
Categories of receivers | The data will not be passed to third parties. | ||
Data transfer outside EU/ETA | The data will not be passed outside EU/ETA. | ||
Automatic decision-making | There is no automatic decision-making. | ||
Profiling | The registrants will not be profiled. Applicants create profiles to tell of themselves and their skills. The information given by the applicants will not be used to predict, analyze or classify them into groups, nor will the data be combined or further processed. The applicant keeps the data up to date. Businesses create profiles with the necessary skills for their open summer jobs/internships. Based on the applicants' profiles, the service offers the businesses applicants for interviews. The service performs no automatic decision-making or profiling. For more information, see Office of the Data Protection Ombudsman: https://tietosuoja.fi/en/automated-decision-making-and-profiling | ||
On data processing | The employers and their employees involved in recruitment will be identified before granting access to employers' applicants' information. The only information of the businesses offering jobs that an applicant can see is a list of their names. |
Rights by the registered
Please contact data protection officer: tietosuojavastaava@samk.fi
Principles of register protection
Manual material
The material is located in locked premises, which have access control and camera surveillance.
Electric material
Data systems including electric material are located in a network of their own, which is protected by data security device.
A physical access to these materials is limited only to the parties involved. The information is transferred through hidden channels. The information is handled with personal usernames and profiles.
Instructions and training
Extensive instructions have been given for the use of the register, and the personnel has been trained to follow the instructions.