Ru

En

Privacy statement: Projects imple­mented by Karelia University of Applied Sciences / Participant register

PRIVACY STATEMENT AND REGISTER DESCRIPTION

Personal Data Act (523 /1999) 10 §, General Data Protection Regulation of the European Union (679/2016) as of 25th May 2018, Compiled on 25th April 2018, updated on 13th September 2023

Register Controller              

Karelia Ammat­ti­kor­kea­koulu Oy / Karelia University of Applied Sciences Ltd
Tikka­rinne 9, 80200 Joensuu, Finland
PO Box 256, 80101 Joensuu, Finland
tel. +358 13 260 600
info(at)karelia.fi

Contact person in matters related to the register 

Research and Development Director, Ms Anne Ilvonen
Karelia-ammat­ti­kor­kea­koulu / Karelia University of Applied Sciences
Tikka­rinne 9, 80200 Joensuu, Finland
tel. +358 50 311 6314, anne.ilvonen(at)karelia.fi

Name of the register 

Projects imple­mented by Karelia University of Applied Sciences / Participant register

Purpose of processing personal data and legal basis for processing personal data 

The register is intended for the processing of participant data in such research, development, innovation and/or inter­na­tio­na­li­sation projects imple­mented by Karelia University of Applied Sciences either as an admini­strator or co-executor that require collection of data due to condi­tions deter­mined by the financier, co-financier, project admini­strator and/or other executor, or because of a specific project imple­men­tation method (e.g. scien­tific research) that requires data collection for imple­menting the project or reporting on the project.

Legal basis for processing personal data: performing a statutory task.

Person in charge of data protection 

Karelia Ammat­ti­kor­kea­koulu Oy, Tieto­suo­ja­vas­taava, Tikka­rinne 9, PO Box 256, 80101 Joensuu, Finland, tel. +358 50 349 7097, email: [email protected]

Content of the register 

  • Name
  • admini­strator, and
  • financier/co-financier of the project

Types of infor­mation regis­tered of each participant (at its largest)

  • Personal identi­fication and contact details: name, personal identi­fication number/age, gender, address, email, phone number, photo, video
  • Emplo­yment status: possible duration of unemplo­yment, status of being outside the labour market, or emplo­yment-related information
  • Education: level of education completed
  • Household situation: infor­mation on unemplo­yment, dependent children, and the number of adults in the household
  • Other background infor­mation: citizenship/foreign background or minority membership, disability, weaker status in the labour market, homelessness
  • Background organization/employer
  • Certain types of projects: a person’s own assessment of his/her work ability and/or the impacts of the project

Regular data sources, grounds for providing personal data 

A paper form or an online form filled in by the participant when attending the project. Separate consent is required for the use of photo­graphs or videos. The legal basis for processing personal data is to perform a statutory task at the university of applied sciences.

Transfer of personal data outside the European Union or the European Economic Area 

Personal data will not be trans­ferred outside the EU or EEA.

Regular disclosure of personal data 

If required, personal data will be disclosed to the participant’s own organi­sation on the basis of an indivi­dua­lised request for infor­mation, and in cases the project financier, co-financier, admini­strator or other executor requires it as, for example, an attachment to report or payment data. Photos and videos are used for commu­nication and marketing purposes for projects:

  • Publication of photos and/or videos in Karelia UAS commu­nica­tions in various media, on the internet and social media.
  • Internal and external publication of photos and/or videos in connection with infor­mation, internal use/distribution of Karelia UAS
  • Photos and/or videos are edited in good taste to suit the purpose of use

Principles of protecting the register 

The infor­mation in the register is confi­dential except for separately agreed infor­mation to be published, such as name and photo. Employees handling the infor­mation are bound to confi­den­tiality and other instruc­tions for handling the infor­mation. The obligation to exercise confi­den­tiality also continues after the end of the emplo­yment relationship.

Regis­tered data recorded on paper is handled confi­den­tially by project staff and by Karelia UAS accounting services staff. The data is kept in premises that are locked outside office hours. Infor­mation available in elect­ronic format is stored in network folders on Karelia UAS server. Access to these folders requires logging into the system. Separate instruc­tions apply to the handling of personal data in ESF projects.

Storage, filing and disposal of regis­tered data 

The storage times for customer-specific data are defined in the Karelia UAS data management plan. Disposal of data is subject to the applicable regula­tions of the National Archives of Finland. In addition, filing regula­tions for each financier, co-financier, admini­strator and/or other executors of projects are followed.

Informing the regis­tered person 

The regis­tered person is informed verbally and/or in writing when the participant infor­mation is collected. The register description is available on Karelia UAS website at http://www.karelia.fi/rekisteriselosteet.

Inspection right                    

Everyone has the right to inspect his/her personal data.

The person may submit an inspection request in person or in writing to the person in charge of data protection at Karelia UAS at tietosuoja(at)karelia.fi. Infor­mation shall be provided without delay and in writing, if so requested.

The regis­tered person is provided with the possi­bility to see documents concerning him/her, to take a look at the infor­mation shown on a computer screen, and to see any printouts or input forms used for storing the infor­mation. The regis­tered person is at the same time informed about the sources of infor­mation, use of infor­mation, and disposal of information.

If the inspection right is denied for an excep­tional reason, a written document signed by the person in charge of the register shall be issued. The document indicates the reasons why the right of inspection has been denied. The regis­tered person may refer the matter to the Data Protection Ombudsman.

Right to request recti­fication of data 

Everyone has the right to request recti­fication of incorrect data in the register.

The person may submit an inspection request in person or in writing to the contact person of the register. If the register is deemed to contain infor­mation that is faulty, unnecessary, incomplete or outdated personal data, the data handler shall rectify the infor­mation unprompted or on the customer’s request.

If the data handler does not accept the regis­tered person’s request of recti­fication, a refusal document signed by the person in charge of the register shall be issued. The document indicates the reasons why the request has been denied. The regis­tered person is informed of his/her right to refer the matter to the Data Protection Ombudsman.

Right to prohibit the disclosure of data 

The infor­mation in the register is confi­dential except for separately agreed infor­mation to be published, such as name and photo. It will not be disclosed unless the person requesting the infor­mation has a statutory right to receive the infor­mation. Therefore, the regis­tered person does not have to present an explicit prohi­bition of disclosure.