Data protection and registers at Satakunta University of Applied Sciences
The European Union’s General Data Protection Regulation protects natural people’s basic rights and freedom and especially the right to protect personal data. It confirms the rules for handling personal data and the rules regarding free transfer of personal data. The principle is legality, moderation and transparency.
To ensure transparency, the register holder must implement the adequate procedures to deliver the registered information on the principles of handling the registers, the contents, resources and sharing information. The registered must also be told about his/her rights and how to use them. On this site, Satakunta University of Applied Sciences carries out its duty to inform.
The register holder is Satakunta University of Applied Sciences (SAMK).
SAMK has a named person in charge of data protection. Regarding all issues with your personal data,SAMK has a named person in charge of data protection. Regarding all issues with your personal data, please contact data protection officer: email@example.com
You can find the data protection statements in the link below.
The data subject’s right to be informed about the processing of data
The controller shall take appropriate measures to provide the subject with information on the processing of records in a concise, transparent, easily understandable, and accessible format in clear and plain language. (GDPR, Article 12)
The purpose of this document is to inform data subjects of their rights and to facilitate the exercise of those rights. Each personal register has its own leaflet, which provides details on each register.
The data subject’s right of access
The data subject has the right to access and see the data concerning him or her and to receive copies on request. (GDPR, Article 15)
The right of inspection will be exercised without delay.
Exercising the right of inspection is free of charge once a year.
The right of inspection may be refused only in exceptional circumstances.
Right to rectification of data
The data subject shall have the right to obtain from the controller, without undue delay, the rectification of inaccurate or erroneous personal data concerning him or her. Having regard to the purposes for which the data was processed, the data subject has the right to have incomplete personal data completed, inter alia, by providing further explanations. (GDPR, Article 16)
Right to erasure (“right to be forgotten”)
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay, provided that one of the criteria in Article 17 is met. (GDPR, Article 17)
- Personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- The data subject withdraws the consent on which the processing was based and there is no other lawful basis for the processing.
- The data subject objects to the processing and there are no legitimate grounds for the processing.
- Personal data have been unlawfully processed.
- Personal data must be erased to comply with a legal obligation under Union or Member State law to which the controller is subject.
- The personal data have been collected in connection with the provision of information society services within the meaning of Article 8(1).
Right to restriction of processing
The data subject has the right to obtain restriction of processing by the controller in one of the following cases: (GDPR, Article 18)
- The data subject contests the accuracy of the personal data.
- The processing is unlawful, and the data subject objects to the erasure of the personal data and requests instead the restriction of their use.
- The controller no longer needs the personal data concerned for the purposes of the processing, but the data subject needs them for the establishment, exercise, or defense of legal claims.
Right to object
The data subject has the right to object at any time, on grounds relating to his or her situation, to the processing of personal data concerning him or her which is based on a public or legitimate interest. (GDPR, Article 6).
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, including profiling where it relates to such direct marketing. (GDPR, Article 21).
The right to transfer data from one system to another
The data subject shall have the right to obtain the personal data concerning him or her which he or she has provided to the controller in a structured, commonly used, and machine-readable format and the right to transmit such data to another controller without hindrance from the controller to whom the personal data have been provided, if
- processing is based on consent; and
- processing is carried out automatically (GDPR, Article 20).
- The controller must notify any rectification, erasure, or restriction of processing of personal data to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves a disproportionate effort. (GDPR, Article 19).
- The data subject has the right not to be subject to a decision based solely on automated processing, such as profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. (GDPR, Article 22).
- Where a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall notify the data subject of the personal data breach without undue delay. (GDPR, Article 34).
- Every data subject has the right to lodge a complaint with a supervisory authority if he or she considers that personal data concerning him or her are being processed in breach of the Regulation. (GDPR, Article 77).
- Every data subject has the right to an effective judicial remedy if he or she considers that his or her rights under this Regulation have been infringed because his or her personal data have not been processed in accordance with this Regulation. (GDPR, Article 79).
- If a person suffers material or non-material damage because of a breach of this Regulation, he or she shall be entitled to compensation from the controller or processor for the damage suffered. (GDPR, Article 82).
Please contact data protection officer: firstname.lastname@example.org
The material is located in locked premises, which have access control and camera surveillance.
Data systems including electric material are located in a network of their own, which is protected by data security device.
A physical access to these materials is limited only to the parties involved. The information is transferred through hidden channels. The information is handled with personal usernames and profiles.
Instructions and training
Extensive instructions have been given for the use of the register, and the personnel has been trained to follow the instructions.