Privacy notice: Processing personal data of persons taking part in ESF
Privacy notice: Processing personal data of persons taking part in ESF: joint informative document for data subjects (Articles 13 and 14 of the General Data Protection Regulation [2016/679]).
Purposes of processing personal data
The purpose of data collecting is to demonstrate how well the ESF projects have succeeded in meeting the set objectives.
The aim of data collecting is to monitor that the ESF project measures are targeted at those persons whom the ESF funds were intended in the Finnish Structural Funds programme approved by the European Commission.
Legal basis for processing
The basis for processing personal data is public interest. Data is collected with the person’s consent. Data is collected using a paper form and, by signing it, the person gives his/her consent to record and use his/her personal data for project purposes as provided under the ESF rules and regulations. The person may refuse, completely or partially, to provide his/her personal data.
The processing of personal data is based on:
- EU General Regulation 1303/2013
- EU ESF Regulation 1304/2013
- Finnish Act on Regional Development and the Administration of Structural Funds (7/2014)
- Finnish Act on the Funding of Regional Development and Structural Fund Projects (8/2014)
- Finnish Government Decree on Regional Development and the Administration of Structural Funds (356/2014)
- Finnish Government Decree on the Funding of Regional Development and Structural Fund Projects (357/2014)
- Finnish Government Decree on the Eligibility for Support of Costs Part-financed by a Structural Fund (358/2014).
Personal data content and retention periods of the register
| Data category name |
| Name |
| Personal identity code |
| Contact details |
| Employment situation |
| Educational background |
| Family relations |
| Foreign background (yes/no) |
| Disability benefit or disability (yes/no) |
| Homelessness or under threat of homelessness (yes/no) |
| Gender |
The information shall be kept for 10 years from the project end date confirmed in the financing decision of the project.
The authority granting the financial support may continue the retention period pursuant to the fourth subparagraph of Article 140(1) of Regulation (EU) No 1303/2013.
Data subjects
The register contains information on the participants of ESF projects. By ‘participant’, it is referred to a person outside HAMK or HAMI taking part in the projects.
Regular sources of data
Personal data is obtained from the data subject.
Regular disclosures of data
Data is entered in the ESF Person system owned by the Finnish Ministry of Employment and the Economy. The designated persons of the Ministry of Employment and the Economy are entitled to review all data within the limits set by applicable laws and regulations.
The authority financing the project does not have the right to demand the project executor to disclose participant-level data. However, the financing authority does have the right to verify the existence of original forms and content on which the data in the register is based. The auditor of the authority granting finance has the right to request the project executor to show, however, not to disclose printouts or images, directly from the ESF Person system the participant data in order to verify the audit trail. The same applies to other national or EU-level authorities inspecting the project.
Principles of data protection of the register
A Manual material
Data is collected directly from data subjects using a paper form. Paper forms are retained in a safe and disposed of in a locked paper collection container.
Forms are not to be copied or saved in digital form.
B Data processed through automated data processing
Data is stored in the ESF Person system. The system is accessed using the Katso Identification System. Each project has their own password for the system. The password is communicated to designated persons involved in the project and designated persons in financial management. With regard to collaboration projects, only the main project executor is granted with access to the system.
Automated decision-making
No automated decision-making is performed on the recorded data.
Transfer of data outside the EU or EEA
No data is transferred outside the EU or EEA.
Rights of the data subject
The EU General Data Protection Regulation (2016/679) provides the data subject with the following rights:
The data subject shall have the right to withdraw his or her consent at any time. (Article 7)
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. The data subject shall have the right to access to the personal data concerning him or her. Where requests are manifestly unfounded or excessive, in particular because of their repetitive character, the data controller may charge a fee or refuse to act on the request. (Article 12 and Article 15)
The data subject shall have the right to obtain from the data controller the rectification of inaccurate personal data concerning him or her contained in the register (Article 16). A request for rectification shall be submitted in writing. Persons in an employment relationship (with HAMK or HAMI) are able to do rectification suggestions concerning their recorded working hours, which are then approved by their supervisor or salary administration personnel.
The data subject shall have the right to request the erasure of personal data concerning him or her where one of the following grounds applies (Article 17):
- the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing;
- the data subject objects to the processing, and there are no overriding legitimate grounds for the processing (Article 21);
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
The data subject shall have the right to obtain restriction of processing where one of the following applies (Article 18):
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where the processing is based on consent and carried out by automated means, the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a data controller, in a machine-readable format. (Article 20)
Requests to exercise these rights are to be submitted:
Häme University of Applied Sciences Ltd
Data protection officer
P.O. Box 230 (Visamäentie 35A)
FI-13101 Hämeenlinna, Finland
email: tietosuojavastaava@hamk.fi. You can also send the message via secured e-mail https://www.securedmail.eu/ .
The data subject shall have the right to lodge a complaint with the Office of the Data Protection Ombudsman.
Data controller
Häme University of Applied Sciences Ltd and Häme Vocational Institute Ltd
P.O. Box 230 (Visamäentie 35A), FI-13101 Hämeenlinna
13101 Hämeenlinna
Telephone: +358 3 6461, e-mail address: hamk@hamk.fi
Contact person of the register
Data protection officer
Häme University of Applied Sciences Ltd
data protection officer
P.O. Box 230
FI-13101 Hämeenlinna