RDI project management
Register controller and contact information
Diaconia University of Applied Sciences, P.O. Box 12, 00511 Helsinki
https://www.diak.fi/diak/contact/
Data protection officer’s e-mail: tietosuojavastaava@diak.fi
What is the purpose of processing personal data?
The purpose of processing personal data is to conduct Diak’s research, development and innovation activities, such as carrying out projects or research. Purposes for use include communication within projects, public relations, project reporting, participant lists compiled of those people participating in project actions, contractual matters regarding management and results of projects, as well as management of materials.
What is the basis for processing the data?
Processing the data is based on legal obligations (Accounting Act, Universities of Applied Sciences Act, etc.), performing tasks in the public interest and exercising public authority. In some cases, the basis for processing can also be the consent of the data subject.
Whose personal data does the register contain?
The RDI project management personal data register contains data of those people participating in Diak RDI projects. Participants include Diak staff, project partners and those people participating in a project, as well as Diak students who have a role in some project, for example.
Where was the data collected?
Data about Diak staff is obtained from Diak’s systems, such as HR services and financial services systems, as well as working hours monitoring and project management systems. Data about Diak students is obtained from student services systems. Data can also be obtained directly from the data subject themselves, RDI project partners or other representatives.
What personal data does the register contain?
The RDI project management personal data register processes, among other things, the following data about those people participating in projects:
- Name
- Date of birth
- Contact details
- Employer
- Work experience
- Profession
- Job title
- Employment status
- Education
- Income
- Gender.
Participants and data vary depending on the project. You can find more detailed information about the personal data processed in a specific project in that project’s privacy statement.
How long is personal data stored in the register?
The storage period for data processed in RDI project management varies on a case by case basis and is often determined by funding requirements. In practical terms, the storage period is typically 10-20 years depending on the document. However, some data must be stored permanently due to requirements set by authorities and/or funding providers.
How is data protected?
Digital data is processed in different information systems on a case by case basis, and these systems may be administered by Diak or another operator, such as a project funding provider. Diak’s systems are protected using both administrative and technical means: with personal user ID’s, limitations of access rights and IT measures. Diak also tries to ensure that the data protection practices of other operators are on the same level as a minimum.
If paper materials are created, they will be stored in an access-controlled space and disposed of in a locked trash container (“data protection bin”) when no longer needed.
Will the data be disclosed to external parties?
Data can be disclosed to project funding providers, project partners and other stakeholders, auditors and any other external project inspectors, for example. Diak may also use external processors of personal data, such as IT system suppliers. In these cases, data processing is performed in accordance with contracts.
Is the data subject to automatic decision-making?
Systems using the register do not have automatic decision-making functions.
Will data be transferred outside of the EU/EEA?
As a rule, the personal data contained in the register is not transferred outside the European Union or the European Economic Area or to international organisations. However, due to the international nature of the operations, Diak may use resources, applications and servers located outside the EU or EEA when providing the services. In these cases, Diak ensures that there is a legal basis for the transfer of data and that personal data is protected, for example by requiring standard contractual clauses approved by the EU Commission and compliance with appropriate technical and organizational security measures. In addition, where appropriate, a TIA assessment will be carried out in connection with such data transfer, as well as monitoring the overall level of data protection in known countries. In all cases, the data transfer is carried out in accordance with the General Data Protection Regulation and only to the extent strictly necessary.
What rights do I have?
You have the right to information on how and for what purpose your personal data will be processed. You can also request access to records of your personal data, and request that incorrect information be rectified.
You can also submit a request to delete your data or restrict its use. However, in some cases the data cannot be deleted or its use restricted, for example if the personal data is being processed to fulfil a legal obligation, complete a task in the public interest orexercise public authority vested in Diak.
In certain situations, you also have the right to transfer the personal data you have provided to us to another controller or to object to the processing of your personal data, i.e. to request that we do not process them at all. In addition, you may request that we do not make a decision on your part based solely on automated processing of personal data.
If you would like to know more about the processing of your data or exercise your rights, you can contact Diak’s Data Protection Officer (tietosuojavavavaava@diak.fi) or submit a request using the form found on Diak’s website https://www.vismasignforms.com/form/fa53720e-cc71-4b92-b062-6db43e0d33d3.
You also always have the right to lodge a complaint with a supervisory authority. If necessary, you can also contact the Data Protection Ombudsman, a government official who supervises the processing of personal data in Finland.
Contact information:
Office of the Data Protection Ombudsman
P.O. Box 800, 00531 Helsinki
tietosuoja(at)om.fi
Tel. +358 29 566 6700
www.tietosuoja.fi
General advice for individuals: Tel. +358 29 566 6777