Personal data register for degree programmes
Register controller and contact information
Diaconia University of Applied Sciences, P.O. Box 12, 00511 Helsinki
https://www.diak.fi/diak/contact/
Data protection officer’s e-mail: tietosuojavastaava@diak.fi
What is the purpose of processing personal data?
Data in the personal data register for degree programmes is processed in order for Diak to carry out education and duties assigned to universities of applied sciences. Students’ personal data is processed to ensure that students can take studies, make progress in them and complete a degree. Furthermore, personal data is processed for the purpose of providing study guidance and conducting student surveys.
What is the basis for processing the data?
Processing is based on the statutory duties of a university of applied sciences (Universities of Applied Sciences Act, Government Decree on Universities of Applied Sciences, and Act on the National Registers of Education Records, Qualifications and Degrees, etc.).
Whose personal data does the register contain?
The degree programmes personal data register contains personal data from students currently enrolled on Diak’s degree programmes and from those who have previously graduated from Diak. This register also includes data from students enrolled in other educational institutions if they are taking courses at Diak.
Where was the data collected?
Student applications are submitted via the Studyinfo service maintained by the Finnish National Agency for Education. Applicants provide their personal data to the Studyinfo service, where the data will be transferred to the OILI enrolment and registration service for students. This is where Diak receives notification of an accepted student place and the relevant data will be transferred to Diak. Students also submit to Diak some of their study-related personal data themselves.
During the course of studies, lecturers and study guidance counsellors produce information for student administration systems. Data related to work placements is also received from Diak’s external placement supervisors.
For joint degree programmes, personal data is received from partner institutions (such as from another university of applied sciences).
What personal data does the register contain?
Personal data processed in the degree programmes register includes the contact details of students enrolled on Diak’s degree programmes and information on previous qualifications, financing of studies, the right to study, study records, study guidance and feedback. The register also contains information on the next of kin of students who add it to the system themselves.
The register also includes information related to management of the right to study, such as student applications for extension or transfer of the right to study and relevant appendices and decisions.
Furthermore, the register includes information on degree certificates.
Will the data be disclosed to external parties?
Diak discloses data from the degree programmes personal data register directly to relevant authorities. Furthermore, data is also transferred to the VIRTA National Data Warehouse for Higher Education, which is maintained by CSC – IT Center for Science Ltd. Data from the VIRTA National Data Warehouse for Higher Education is disclosed to the following parties:
– OILI enrolment and registration service for students
– KOSKI National Registry and Data Transfer Service for Study Rights and Completed Studies (Finnish National Agency for Education)
– Kela social security institution, progress in studies
– National Supervisory Authority for Welfare and Health (Valvira), validation of professional qualifications
– FIONA remote access system for processing research data (Statistics Finland)
– ARVO Education Management Information Service (Ministry of Education and Culture)
– Tuudo app, use of personal study data (Tuudo Oy);
– PURO credit transfer service (Ministry of Education and Culture) up until 31 December 2022
– University of Helsinki, application to international Master’s programmes
– Learner follow-up surveys (Ministry of Education and Culture)
– Finnish Student Health Service (FSHS)
– Employment Fund
– Statistics Finland
– Ministry of Education and Culture (monitoring and financing of higher education institutions).
If a student uses a mobile student ID card, the mobile card system checks the student’s attendance data from the VIRTA system or from the MyDiak/Peppi system.
Diak graduates’ contact details are disclosed to CSC – IT Center for Science Ltd. for the purpose of conducting alumni surveys.
Diak may also contract outside processors of personal data (IT service providers). Outside processors may be IT systems suppliers, for instance. The key systems relevant to Diak’s student administration are MyDiak, Diakle, Valo, Massa, Atomi and Dynasty.
How is data protected?
Digital materials: Digital data is protected with access rights, passwords, two-factor authentication, surveillance and firewalls.
Paper materials: Paper materials are stored in a locked space and taken to a locked trash container (“data protection bin”) for disposal after the end of the storage period.
How long is personal data stored in the register?
Different categories of personal data have different periods of storage, depending on legislation, official regulations or intended uses. Storage times for personal data are determined in Diak’s internal information management plan. Some of the data has been assigned for permanent storage. Permanently stored materials are dictated by the National Archives of Finland. Storage of personal data in systems may also be related to the period of validity of Diak’s user IDs.
Is the data subject to automatic decision-making?
Systems using the register do not have automatic decision-making functions.
Will the data be transferred outside of the EU/EEA?
As a rule, the personal data contained in the register is not transferred outside the European Union or the European Economic Area or to international organisations. However, due to the international nature of the operations, Diak may use resources, applications and servers located outside the EU or EEA when providing the services. In these cases, Diak ensures that there is a legal basis for the transfer of data and that personal data is protected, for example by requiring standard contractual clauses approved by the EU Commission and compliance with appropriate technical and organizational security measures. In addition, where appropriate, a TIA assessment will be carried out in connection with such data transfer, as well as monitoring the overall level of data protection in known countries. In all cases, the data transfer is carried out in accordance with the General Data Protection Regulation and only to the extent strictly necessary.
What rights do I have?
You have the right to information on how and for what purpose your personal data will be processed. You can also request access to records of your personal data, and request that incorrect information be rectified.
You can also submit a request to delete your data or restrict its use. However, in some cases the data cannot be deleted or its use restricted, for example if the personal data is being processed to fulfil a legal obligation, complete a task in the public interest orexercise public authority vested in Diak.
In certain situations, you also have the right to transfer the personal data you have provided to us to another controller or to object to the processing of your personal data, i.e. to request that we do not process them at all. In addition, you may request that we do not make a decision on your part based solely on automated processing of personal data.
If you would like to know more about the processing of your data or exercise your rights, you can contact Diak’s Data Protection Officer (tietosuojavavavaava@diak.fi) or submit a request using the form found on Diak’s website https://www.vismasignforms.com/form/fa53720e-cc71-4b92-b062-6db43e0d33d3.
You also always have the right to lodge a complaint with a supervisory authority. If necessary, you can also contact the Data Protection Ombudsman, a government official who supervises the processing of personal data in Finland.
Contact information:
Office of the Data Protection Ombudsman
P.O. Box 800, 00531 Helsinki
tietosuoja(at)om.fi
Tel. +358 29 566 6700
www.tietosuoja.fi
General advice for individuals: Tel. +358 29 566 6777