Skip to content

Privacy policy: Register of related parties of Diaconia University of Applied Sciences

Register controller and contact information

Diaconia University of Applied Sciences, P.O. Box 12, 00511 Helsinki

https://www.diak.fi/diak/contact/

Data protection officer’s e-mail: tietosuojavastaava@diak.fi

What is the purpose of processing personal data?

The personal data contained in the register of related parties is processed in order to enable Diak to conduct management in accordance with good governance, monitor any related party transactions, and ensure that they are appropriate.

What is the basis for processing personal data?

The basis for processing data is a legal obligation in accordance with Section 18 of Chapter 25 of the Limited Liability Companies Act (624/2006) and Section 7b of Chapter 2 of the Accounting Act (1339/1997).

Whose personal data does the register contain?

The register contains information about persons and communities who belong to the immediate circle of Diaconia University of Applied Sciences Oy, such as members of the Board of Directors and the Executive Group and their family members, as well as representatives of Diak’s owning entities and their family members.

“Family member” means a spouse, a common-law partner, one’s own or the common-law partner’s children or dependents, the children’s spouses or common-law partners and descendants, and one’s own or the spouse’s or common-law partner’s parents, grandparents and their parents.

Where was the data collected?

The data is collected from members of Diak’s Board of Directors and Executive Group and representatives of Diak’s owning entities.

What personal data does the register contain?

The register of related parties contains the following data about members of Diak’s Board of Directors and Executive Group and the representatives of Diak’s owning entities:

  • Name
  • Date of birth
  • Email address
  • Relationship to Diaconia University of Applied Sciences
  • Other managerial positions and positions of trust

How long is personal data stored in the register?

Data in the register of related parties is stored for six (6) years.

How is data protected?

The register of related parties is digital. Data is protected with access rights, passwords, two-factor authentication, surveillance and firewalls. Diak uses appropriate encryption techniques and access control of locked IT rooms. Paper materials are not collected.

Is data in the register disclosed outside of Diak?

Data in the register of related parties is confidential and not disclosed to third parties, apart from via an auditor or other statutory audit of the limited liability company’s finances or operations.

Is data in the register used for automatic deci-sion-making or profiling?

Systems using the register do not have automatic decision-making or profiling functions.

Will data be transferred outside of the EU/EEA?

Data will not be transferred outside the EU/EEA.

Data is transferred or disclosed outside the EU/EEA, where and to whom:

 

As a rule, the personal data contained in the register is not transferred outside the European Union or the European Economic Area or to international organisations. However, due to the international nature of the operations, Diak may use resources, applications and servers located outside the EU or EEA when providing the services. In these cases, Diak ensures that there is a legal basis for the transfer of data and that personal data is protected, for example by requiring standard contractual clauses approved by the EU Commission and compliance with appropriate technical and organizational security measures. In addition, where appropriate, a TIA assessment will be carried out in connection with such data transfer, as well as monitoring the overall level of data protection in known countries. In all cases, the data transfer is carried out in accordance with the General Data Protection Regulation and only to the extent strictly necessary.

What rights do I have?

You have the right to information on how and for what purpose your personal data will be processed. You can also request access to records of your personal data, and request that incorrect information be rectified.

You can also submit a request to delete your data or restrict its use. However, in some cases the data cannot be deleted or its use restricted, for example if the personal data is being processed to fulfil a legal obligation, complete a task in the public interest orexercise public authority vested in Diak.

In certain situations, you also have the right to transfer the personal data you have provided to us to another controller or to object to the processing of your personal data, i.e. to request that we do not process them at all. In addition, you may request that we do not make a decision on your part based solely on automated processing of personal data.

If you would like to know more about the processing of your data or exercise your rights, you can contact Diak’s Data Protection Officer (tietosuojavavavaava@diak.fi) or submit a request using the form found on Diak’s website https://www.vismasignforms.com/form/fa53720e-cc71-4b92-b062-6db43e0d33d3.

You also always have the right to lodge a complaint with a supervisory authority. If necessary, you can also contact the Data Protection Ombudsman, a government official who supervises the processing of personal data in Finland.

Contact information:
Office of the Data Protection Ombudsman
P.O. Box 800, 00531 Helsinki
tietosuoja(at)om.fi
Tel. +358 29 566 6700
www.tietosuoja.fi

General advice for individuals: Tel. +358 29 566 6777