Privacy notice: Data protection activities
Data protection activities
Privacy notice: Data protection activities: joint informative document for data subjects (Articles 13 and 14 of the General Data Protection Regulation [2016/679]).
Purposes of processing personal data
This register is used to carry out requests made by data subjects and to demonstrate the data controller’s accountability. Furthermore, the register contains information on observations made related to data protection and operations related to these.
Log data can be used to indicate what has been done afterwards. In addition, log data is utilised in observing and handling problem situations.
Legal basis for processing
The basis for processing personal data contained in the register is the law. The most important provision is the EU General Data Protection Regulation (2016/679).
Personal data content and retention periods of the register
|Data category name||Retention period|
|Contact details (e-mail, address)||6 years|
|Personal identification code (when required)||6 years|
|Description of the event, request or observation||Retained permanently in an anonymised form|
|Measures taken||Retained permanently in an anonymised form|
|Log data||2 years|
The register contains information on those persons who have contacted the data protection officer (DPO). Furthermore, the register contains information on those persons whose personal data is being processed in data protection activities. Data subjects may be HAMK or HAMI or HAMK Academy students or personnel or external parties.
The register also contains the log data of persons using the organisation’s systems.
Regular sources of data
Data sources include requests made by data subjects, the data protection officer’s own observations and notifications concerning personal data processing submitted to the data protection officer.
Regular disclosures of data
Data may be disclosed from the register to:
- the Office of the Data Protection Ombudsman for monitoring purposes.
- the police, pre-trial and prosecuting authorities and courts for the investigation of criminal offences.
Principles of data protection of the register
A Manual material
Material is kept in a locked space.
B Data processed through automated data processing
Data is stored in an information system. Users have personal user IDs. Access is granted only to those persons who are entitled to access and use the data in the system in order to perform their duties.
The lawful processing of personal data is ensured by categorisation of data and with operating methods that are in compliance with the data handling rules concerning data set.
No automated decision-making is performed on the recorded data.
Transfer of data outside the EU or EEA
No data is transferred outside the EU or EEA.