Privacy notice: Processing of donor data
Processing of donor data
Privacy notice: Processing of donor data: joint informative document for data subjects (Articles 13 and 14 of the General Data Protection Regulation [2016/679]).
Purposes of processing personal data
The purpose of processing personal data is to collect information on those persons, companies and communities which donate funds to Häme University of Applied Sciences.
Legal basis for processing
The basis for processing personal data contained in the register is based on the Finnish Money Collection Act (and its amendments; ref. 166/2017).
With the consent obtained from the donor, donor data can be retained indefinitely.
Personal data content and retention periods of the register
|Data category name||Retention period|
|Private person’s personal identity code, donation information on the bank statement||Ongoing year + six (6) years|
|Information provided in the donation form, excluding personal identity codes of private donors||Statutorily, ongoing year + six (6) years. If the person has given his/her consent, the data will be retained indefinitely.|
The register contains:
- contact persons of those organisations which have given donations to HAMK
- private persons who have donated to HAMK.
Regular sources of data
Donor data is collected from donations made via online donation form and from the bank statement copies of bank transfers made to the HAMK bank account.
Regular disclosures of data
All data related to donations (donor, amount, allocation) are public information according to the Finnish Act on the Openness of Government Activities (621/1999). However, donor data is not published in HAMK’s communications if the donor has prohibited this. Donor data is disclosed to the Finnish Ministry of Education and Culture, tax authorities and/or the National Police Board in accordance with legislation and instructions.
Principles of data protection of the register
A Manual material
Possible manual material is kept in a locked space.
B Data processed through automated data processing
Data is stored in an information system. Users have personal user IDs. Access is granted only to those persons who are entitled to access and use the data in the system in order to perform their duties.
The lawful processing of personal data is ensured by categorisation of data and with operating methods that are in compliance with the data handling rules concerning data set.
No automated decision-making is performed on the recorded data.
Transfer of data outside the EU or EEA
No data is transferred outside the EU or EEA.