Business and industry services or service business activities
Register controller and contact information
Diaconia University of Applied Sciences, P.O. Box 12, 00511 Helsinki
https://www.diak.fi/diak/contact/
Data protection officer’s e-mail: tietosuojavastaava@diak.fi
What is the purpose of processing personal data?
Customer data from Diak’s service business activities is processed in order to produce and execute services. Commercial service activities include training, expert lectures and workshops ordered by organisations. Training participants’ data is processed to arrange and carry out the training (food service, writing certificates, etc.).
Personal data is also processed to conduct invoicing and accounting and to write participation certificates.
Sale of work counselling services is based on a framework contract or a direct contract with the ordering organisation, but Diak does not collect data from those people participating in the workplace counselling service.
What is the basis for processing the data?
Processing personal data is based on a contract or the participant’s consent.
Whose personal data does the register contain?
Diak’s business and industry services personal data register contains data about Diak’s commercial service business customers and partners as well as their employees.
Where was the data collected?
Data is collected directly from the customers, partners and participants themselves.
What personal data does the register contain?
The business and industry services personal data register includes the following data:
- Participant’s name and contact details
- Personal identification number
- Gender
- Native language and/or communication language
- Nationality
- Background organisation.
How long is personal data stored in the register?
Personal data needed for the execution of training is stored until the training has been carried out and any certificates delivered. Personal data is also stored in accounting materials for a statutory period of six years. If study credits are imported to student administration’s systems, they will be stored in the register permanently.
How is data protected?
Digital materials: Diak’s systems are protected using both administrative and technical means: with personal user IDs, limitations of access rights and IT measures.
Paper materials: Paper materials are not collected, but if they are created, they will be stored in an access-controlled space and disposed of in a locked trash container (“data protection bin”) when no longer needed.
Will the data be disclosed to external parties?
Diak reports statistical data in accordance with their statutory obligations to statistical authorities, such as the Finnish National Agency for Education, Ministry of Education and Culture and employment authorities. In addition, credits from training that meets ECTS quality criteria (for example, work counsellor training) are relayed to a national higher education achievement register, VIRTA, which is administrated by CSC, IT Center for Science. VIRTA higher education achievement register discloses data to different Finnish authorities.
Diak may contract external processors, who will process personal data. An external processor may be an IT system supplier, for instance.
Is the data subject to automatic decision-making?
Systems using the register do not have automatic decision-making functions.
Will data be transferred outside of the EU/EEA?
As a rule, the personal data contained in the register is not transferred outside the European Union or the European Economic Area or to international organisations. However, due to the international nature of the operations, Diak may use resources, applications and servers located outside the EU or EEA when providing the services. In these cases, Diak ensures that there is a legal basis for the transfer of data and that personal data is protected, for example by requiring standard contractual clauses approved by the EU Commission and compliance with appropriate technical and organizational security measures. In addition, where appropriate, a TIA assessment will be carried out in connection with such data transfer, as well as monitoring the overall level of data protection in known countries. In all cases, the data transfer is carried out in accordance with the General Data Protection Regulation and only to the extent strictly necessary.
What rights do I have?
You have the right to information on how and for what purpose your personal data will be processed. You can also request access to records of your personal data, and request that incorrect information be rectified.
You can also submit a request to delete your data or restrict its use. However, in some cases the data cannot be deleted or its use restricted, for example if the personal data is being processed to fulfil a legal obligation, complete a task in the public interest orexercise public authority vested in Diak.
In certain situations, you also have the right to transfer the personal data you have provided to us to another controller or to object to the processing of your personal data, i.e. to request that we do not process them at all. In addition, you may request that we do not make a decision on your part based solely on automated processing of personal data.
If you would like to know more about the processing of your data or exercise your rights, you can contact Diak’s Data Protection Officer (tietosuojavavavaava@diak.fi) or submit a request using the form found on Diak’s website https://www.vismasignforms.com/form/fa53720e-cc71-4b92-b062-6db43e0d33d3.
You also always have the right to lodge a complaint with a supervisory authority. If necessary, you can also contact the Data Protection Ombudsman, a government official who supervises the processing of personal data in Finland.
Contact information:
Office of the Data Protection Ombudsman
P.O. Box 800, 00531 Helsinki
tietosuoja(at)om.fi
Tel. +358 29 566 6700
www.tietosuoja.fi
General advice for individuals: Tel. +358 29 566 6777