In general
The computers and systems are used with personal user ID when persons are practising personal data. Computers virus protection is also kept updated.
Student Union’s staff, members in the position of trust, staff and members in the position of trust of the associations working in behalf of the Student Union have been introduce with the changes the GDPR brings and they have signed an agreement about the personal data practices.
Member register
Member register is a service provided by external company, which servers are in Finland. Member register has integrations to HAMKs data system. Member gives its information by itself, which are then checked and updated from HAMKs data system. User IDs are given only to those persons, which needs personal data in their work. We have updated the GDPR standards fulfilled agreement’s data protection appendix with the company providing the service. Resigned members are deleted from the member register immediately after the resignation. Former members, which don’t pay their membership fee are deleted from the register after they are graduated from the HAMK or are no longer students in HAMK.
Information is not handed over from the member register to outside of the EU and ETA region. Information can be handed over in marketing purpose inside the EU and ETA region from those members, which has allowed the information to be handed over. If the member leaves that place unmarked in the membership form, we construed it that the permission haven’t been allowed.
Event Enrolls and Club Registers
Registers of clubs under the Student Union (member registers and event enrolls) are held in Student Union’s internal cloud service, which rights of use are held by the Student Union.
Student Union’s monthly newsletter delivered via email
Monthly letter is delivered to every student in HAMK. It is delivered through post list, which is managed by HAMK. Letters usage is based on taking care of membership relations in accordance with the Associations Act and mission of preparing students to active, aware and critical citizenship in accordance with the Act of Universities of Applied Sciences.
E-mail lists
Student Union has few post lists. E-mails are deleted automatically from them if the person behind the email is not reached within couple of tries (email is not valid or postbox is full). Emails are deleted from the post lists if the person in question asks so. However if the post list is based on membership in the council of representative or some other reason, which why Student Union needs to reach the person, the email won’t be deleted.
Survival Kit loans
Digital forms of the Survival Kit orders are kept in Student Union’s internal cloud service until the Kit service is paid. After this the form data is made anonymous for the archiving and the invoice/payment is kept for accounting receipt. Data kept is based on the Accountancy Act.
Student Cards and Student Card ordering
Plastic chipped student cards are ordered from Finnish card manufacturer. Order is made through member register. Data transference is based on that student wants to order studentcard to itself and gives permission to transfer it’s data to card manufacturer.
Personal Data Practices regarding the Election of the Council of Representatives
Members running for the elections of the Council of Representatives gives the rights to publish candidate lists, candidate pictures, other relevant election information and election results in public to the Student Union. All publishing information, with the exception of the results, will be obtained by the candidate itself.
Data practices about the data of the Partners in Cooperation
The Student Union has a partner register in the internal cloud service. The information stored there is kept the whole cooperation. Student Union’s persons who need information to handle partnerships has access to the register. The purpose of the data is to maintain cooperation.
Other Personal Data Practices
- Student Union uses Netvisor as a system for financial and payroll administration. Personal data prosessing is based on Accountancy Act. System uses strong ID identification and ID is only given to those persons, which needs the information for their work. We have updated the GDPR standards fulfilled agreement’s data protection appendix with the company providing the service.
- Payroll and accounting is managed by an external company. We have updated the GDPR standards fulfilled agreement’s data protection appendix with the company providing the service.
Information Security Control and Arrangements Involved with it
We follow the PDCA-model (Plan-Do-Check-Act). In all activities, we plan a safe, secure model with the information security that has agreements in order. When the systems are running, we watch and follow all the exceptions in the data protection. All the exceptions are kept record and we inform everyone who is concerned about the exception if necessary.If the exception is such that it must also be reported to the authority, the report shall be made as soon as possible. We also try to fix the problems as quickly as possible so that potential new problems will be avoided.
Practices of this Document
This document is published in hamko.fi –site after 22th of May 2018 once it’s accepted in the board meeting. Chances to the document can be made without the board’s decisions. When the document is updated, we insert log file to end end of this document, which informs about the last three updates, date of the update and the reason for the update.
Data Protection Officer
Student Union’s Data Protection Officer is Executive Director Aleksi Kurvi
tietosuojavastaava@hamko.fi, +358 44 722 1000
Updating the Practices / Log File
14.5.2019 – Updated contact information
9.4.2020 – Removed mention about using Webropol services to collect entry data for events.