Processing of personal data

Why do we process your personal data?

We process your personal data for the following purposes:

• Salary and fee payments, the reception of salary calculation data and the transfer of salary calculation data to different stakeholder groups. The planning, management, monitoring and statistics related to staff, salary and employment relationship matters as well as the handling of an employer’s statutory and voluntary tasks.
• Development of forms of work, working methods, and support services
• Monitoring and allocation of working hours of the staff (for distribution of wage costs of projects).
• The management of the evaluation process that is conducted according to salary system for Finnish universities (YPJ) 
  • Evaluation of the requirement level of a job
  • Evaluation process for personal performance
• Occupational wellbeing of staff: Occupational wellbeing surveys and reports
• Remembering staff

Do we use automated decision-making or profiling?

We do not use automated decision-making or profiling.

Why are we allowed to process your personal data?

The processing of personal data is based on the EU General Data Protection Regulation. The more precise legal bases are:

1. Data controller’s compliance with a statutory obligation. Statutes: Universities Act (558/2009), Government Decree on Universities (770/2009), Employment Contracts Act (55/2001)
2. Implementation of the data controller’s or third party’s legitimate interests (the legitimate interest in question: the significant relationship between the data controller and the data subject (employment relationship)

Data controller responsible for processing your personal data:

University of Eastern Finland

Joensuu: Yliopistokatu 2, P.O. Box 111, 80101 Joensuu

Kuopio: Yliopistonranta 1, P.O. Box 1627, 70211 Kuopio

Phone 0294 45 1111 (PBX)

Representative of data controller

Director of Administration Tuomo Meriläinen

Director of Human Resources and Staff Well-being Ulla Hurskainen

Data controller’s contacts

Head of Human Resources Jenni Varis

Human Resources Specialist Minna Kuosmanen

What kind of personal data do we process?

The following data from people in an employment relationship with the University is collected while managing human resources and employment relations (employees, fee earners, elected officials, and grantees):

• Basic information of the person (name, date of birth, personal identity code, contact information etc.)
• Performance review data
• Early support memorandums
• Payment information (account number, salary determinants, trade union membership)
• Salary and fee payment data
• Employment relationship data
• Education data
• Working hours allocation data
• Working hours monitoring data
• Data required for occupational health and safety
• Occupational wellbeing surveys: unit of work as a requisite information, gender, campus, age bracket, years of work experience, role, employment contract (temporary/permanent)
• In the surveys regarding development of the forms of work and working methods, you can voluntarily give your contact information. Otherwise the surveys are answered anonymously
• Evaluation process data in accordance with salary system at universities: job description and assessment data in accordance with the salary system, assessment data of personal performance

How long do we retain your personal data?

The data retention periods are determined according to the filing system of the university as follows:

• Retained permanently: Staff list
• Retained permanently/10 years:  Distant work and employment contracts
• Period of validity + 10 years: Documents regarding permissions for secondary occupation
• Period of validity:
  • Applications for enabling annual holidays, period of validity
  • authorisation for employee association membership fees, period of validity
  • Access control and working hours monitoring reports, period of validity
  • Staff education data, period of validity

Determined by the validity of the document

• 50 years:
  • Pay slips and other related documents
  • Resolution/certificate of the termination of the employment relationship
• 13 years: Working hours allocation reports
• 10 years:
  • Accounts of trade union member charges
  • Performance review memorandums
  • Job descriptions
  • Work plans
  • Forms and resolutions regarding the evaluation of the requirement level of work duties
  • Forms and resolutions regarding the evaluation of personal performance
  • Occupational wellbeing surveys and reports
  • Job certificates with attachments
• 5 years:
  • Holiday bonus exchange contract
  • Carried-over leave contract
  • Documents related to the verification of the annual leave
• 2 years:
  • Medical certificates (Certificate A)
  • Lists of those who participated in staff training
  • Absence notifications
  • Notifications of annual leave, carried-over leave, and leave in lieu of holiday bonus
• Surveys related to the development of forms of work: answers are retained for one year at most. 

How do we obtain the personal data for processing?

The personal data required for processing is obtained as follows:

From the person themselves: personal data (on a form), the payment of remuneration data (on a form), working hours monitoring (to Timecon or Promid system), working hours allocation (to SoleTM allocation system), education data (on a form), performance review data, the background information of the occupational wellbeing survey

From the person in charge of the unit’s personnel matters: the proposal to employ a person on a contract (a form), the data of the person’s immediate superior

The person themselves, the person’s immediate superior, the director of the unit, the head of department, the dean if need be, university salary system assessment team and the employer’s representative (the rector, the human resources director, the director of administration): the data for the evaluation of the difficulty of the job and personal performance

From tax authorities: the data regarding tax rate (electronic data transfer)

From population register: updates regarding the person’s name data (electronic data transfer)

The data subject must deliver the necessary personal data for the management of the employment relationship. If the data subject does not deliver the necessary information, the employment relationship cannot be verified, and the salary payment will be prevented.

If the data subject gives their personal data for processing, the bases for giving the personal data are both the data controller’s statutory obligation and an agreement between the data controller and the data subject.

Regular transfer and disclosure of personal data

Personal data is transferred from the Human Resources system Mepco to the following internal services of the University of Eastern Finland:

Abloy KeyControl, users

Maintenance of Dynamics 365 contact information, users + employment relationships

HelpNet phone book, users

IDM user management, users

Chemical register, users

M2 travel control system, users + employment relationships

Miilu databank, users + employment relationships + absences

Peppi study information system, teachers

Proha project management, users

Raindance financial administration system, users + salary transactions

Recycling and filing of Rondo invoices, payslips

SoleCRIS research administration’s system, users + employment relationships

SoleTM working hours allocation system, users + employment relationships

E-service, users

UEF Connect, users

Vakka election system, users

Financial administration and human resources service center Certia Ltd. acts as the processor of the university’s calculation of payments. The university has a contract of service with Certia Ltd. that also includes an accord of the processing of personal data. Other service providers can also be used as the processers of personal data in one-off acquisitions or projects for example, in the context of remembering staff. With these service providers, a separate sales contract or a separate contract of service is made on a case-by-case basis.

Personal data is disclosed as follows: statutory disclosures to tax administration’s incomes register, notifications to pension insurance companies, a notification of employee association membership fees to the employee associations, statistics to ministry, other statutory disclosures, salary payment data to banks and accounting, and transferring data to the occupational health care and the public employment and business services to manage a person’s benefits.

Transfer or disclosure of personal data outside the EU or EAA and the basis for it

Personal data will not be transferred outside the EU or EEA.

Read more about how we protect your personal data.

Read more about your rights as a data subject. 

Why do we process your personal data?

The purpose of processing personal data is to comply with international sanctions, export restrictions and funding terms.

Do we use automated decision-making or profiling?

Automatic decisions or profiling are not used.

Why are we allowed to process your personal data?

The legal basis for processing personal data is to comply with a legal obligation of the controller. 

Laws and regulations:

• Regulation of the European Union setting up a Community regime for the control of exports, transfer, brokering and transit of dual-use items, (EC) N:o 428/200
• Act on the Fulfilment of Certain Obligations of Finland as a Member of the United Nations and of the European Union (659/1967), or the so-called Sanctions Act

What personal data do we process?

Name, place of residence, date of birth, email address, telephone number, nationality.

How long do we store your personal data?

Retention period: 17 years.

Where do we obtain the personal data needed for processing?

The data are obtained from the data subject directly, the organisation they represent or from the register of Asiakastieto Oy. The data subject is obliged to provide access to the necessary personal data.

Transfer of personal data

Where required, to funders, auditors and the authorities.

Transfer or disclosure of data outside the EU or EEA and the basis for this

No transfers.

The data controller responsible for the processing of your personal data:

University of Eastern Finland
Joensuu: Yliopistokatu 2, P.O. Box 111, FI-80101 Joensuu, Finland
Kuopio: Yliopistonranta 1, P.O. Box 1627, FI-70211 Kuopio, Finland
Telephone +358 294 45 1111 (switchboard)

Helena Eronen, Data Protection Officer

Learn more about how we protect your personal data.

Read more about the data subject’s rights. 

Why do we process your personal data?

We process your personal data to organise teaching and carry out study administration tasks in the following tasks:

• Maintenance of students' personal and contact information
• Maintenance of study rights
• Management of those enrolled in teaching and exams
• Organizing teaching, training and exams Assessment and registration of study attainments
• Control and review of Thesis
• Study advice and guidance, provision and development of teaching and related support services
• Management and statistics of study attainments and completed degrees, as well as the issuance of certificates, extracts and diplomas
• Information related to studies, studies and university activities (e.g., a public event, career monitoring surveys and alumni activities)
• Statistics and reporting
• Developing teaching using student feedback and learning analytics (information separate from the collection of student feedback and the use of learning analytics on this website)

In addition, personal data may be processed:

• For scientific research or other specific purpose
• Physical security and related communication information security and related communication

Do we use automated decision-making or profiling?

As a rule, no automated decisions or profiling are made based on study data. Profiling may, however, be relevant when study data is used as a source in learning analytics. More information on the processing of personal data in connection with learning analytics is provided on this same website with the Learning Analytics Privacy Policy.

Why do we have the right to process your personal data?

The processing of personal data is based on the European General Data Protection Regulation (GDPR). The more specific grounds for processing are:

1. The consent of the data subject, i.a. for marketing communication
2. Compliance with the legal obligation of the data controller
3. A task carried out in the public interest or the exercise of public authority vested in the data controller 

Statutes:

• Universities Act 558/2009 and the decrees issued under it
• Government Decree on University Degrees 794/2206 including its amendments and the former decrees on degrees in Engineering, Economics, and Art and Design 
• Act on the National Registers of Education Records, Qualifications and Degrees 884/2017 (chapter 5)
• General Data Protection Regulation (EU GDPR) 2016/679 and the national supplementary statutes
• Act on the Openness of Government Activities 621/1999 

Which categories of personal data do we process?

The following personal data is collected on the students:

Basic information:

• Individual-specific identifier data (name, personal identity code, student number, national learner ID, UEF username)
• Background information (e.g. admission information, gender, nationality and language information)
• Contact information (e-mail address, phone number, postal address)

Information related to studies:

• The right to study towards degrees or subjects and modules within degrees
• Earned degrees
• Semester registrations
• Students Union membership
• Study attainments (including theses, examination answers and other assignments used for assessing study attainments) and their evaluation
• Theses publication data
• Registration for examinations and courses and information related to course attendance
• Information on the video monitoring of electronic examinations
• Curricula and other information on study guidance
• Information on practical training
• Information on international student exchange
• Information on tuition fee liability
• Information on grants
• Student feedback data
• Information required for organising student services, including IT- and library services

Surveys and feedback on the development of studies, teaching and the related support services

Information concerning studies which may include special categories of personal data (sensitive data):

• Information on individual study arrangements and information on study support
• Information concerning the extension to the study right and reinstating the right to study
• Accounts of any aberrations in studies and their consequences

Other information:

• Consent regarding disclosures of data
• The personal data of teachers or administrative personnel as well as their access right details to Peppi system

How long do we store your personal data?

The periods for which data is stored are determined in the university archives formation plan:

According to the decision of the National Archives of Finland, AL/3004/07.01.01.03.01/2015 (available in Finnish): 

All information concerning the right to study, registration, degrees and study attainments and information on other matters that have been or will be entered to the university’s electronic student information system will be stored permanently in an electronical form.

The results of surveys concerning the development of activities are stored for a maximum of one year, excluding student feedbacks with specific instructions. 

Training instructors' records are kept for two years.

How do we collect the necessary personal data? 

The personal data necessary for processing is obtained in the following manner:

• The personal data and study rights information of a student are obtained from the national applicant register maintained by the Finnish National Agency for Education (Act 1058/1998), from the enrolment service OILI, from Open University’s electronic enrolment service ILPA, from collaborative educational institutions, from faculties and units or directly from the student.    
• The personal data and information on the study rights of those participating in international student exchange at UEF are transferred from the international exchange system SoleMove to the Oodi system.    
• The personal data of the personnel is collected from the human resources system or directly from the members of the personnel.  
• The UEF e-mail address is obtained automatically from the IT-services user database, or other e-mail addresses may be provided by the student.
• Postgraduate students, non-degree students and continuing education students are responsible for submitting their necessary personal data themselves.  Should the data subject fail to submit the necessary personal data, the right to study cannot be verified.   

In situations where the data subject submits their personal data for processing, the legal obligation of the data controller stands as grounds for the submission.

Do we transfer of disclose your personal data?

The data in the register is transferred to the internal services of the University of Eastern Finland (user management, e-service).

The right to study, enrollment, degree and credit information of the student data registers of higher education institutions are collected for centralized storage and use in the national data repository of higher education institutions (VIRTA), through which this content is provided securely through a technical connection for the use of the student selection register and the common student selection services of higher education institutions (Act on National Study and Degree Registers, 884/2017

Based on legislation, the University of Eastern Finland discloses information from the student register:

• The university discloses student data using a technical connection through the national data reserve of higher education institutions for use in the student selection register (Act 884/2017).
• The Ministry of Education and Culture produces data sets required for the evaluation, development, statistics and other monitoring and guidance of education and research through the national data resource of higher education institutions (Act 884/2017).
• To Statistics Finland (Statistics Act 280/2004, Section 15) as a technical recording directly and through the national data reserve of higher education institutions.
• The National Supervisory Authority for Welfare and Health (Valvira) for use directly or through the national data reserve of higher education institutions (Act and Decree on Health Care Professionals L 559/1994, A 564/1994).
• The Social Insurance Institution of Finland (Study Support Act 65/1994, section 41) directly or through the national data reserve of higher education institutions as a technical recording for the processing of student financial aid matters.
• To the Labour Authority, Social Insurance Institution or Unemployment Fund (Unemployment Security Act 1290/2003) as a paper printout for the processing of labour market subsidy and the conditions for receiving unemployment allowance.
• For the Student Union of the University of Eastern Finland through a technical user connection, member information for the election of the Representative Council and the performance of statutory duties (Section 46 of the Universities Act 558/2009) and for the Frank Students service for the preparation of student cards.
• To the Student Health Care Foundation directly or through the national data reserve of higher education institutions as a technical recording for student health care in accordance with section 14 of the Public Health Act (71/1991).
• For scientific research (Public Law 621/1999, EU General Data Protection Regulation 2016/679). The requester must provide the controller with the purpose of use of the data as well as other matters necessary to determine the conditions for the disclosure of the data and, if necessary, an explanation of how the data protection is to be arranged. Data may be disclosed for research either directly from the university or via the FIONA research data remote access environment of the Statistics Finland. In the FIONA remote access environment, data is transferred from the national data repository of higher education institutions.
• Data from trainee instructors is transferred to Certia to pay the guidance fee. Certia acts as a processor of personal data in accordance with an appropriate personal data processing agreement.

The university follows good data processing practices and requires that the person applying for the donation has a proper connection to the target group whose data they request.

Whether personal data is transferred outside the EU or EEA and the grounds for possible transfer

As a rule, personal data is not transferred outside the EU or EEA.

In cooperation related to studies, personal data may be transferred outside the EU and EEA if the student is involved in a student exchange or completes part of his or her studies at a foreign university. Any transfers are based on the grounds set out in Chapter V of the General Data Protection Regulation.

As the controller, it is responsible for the processing of your personal data

University of Eastern Finland
Joensuu: Yliopistokatu 2, P.O. Box 111, FI-80101 Joensuu, Finland
Kuopio: Yliopistonranta 8, P.O. Box 1627, FI-70211 Kuopio, Finland
Telephone +358 294 45 1111 (switchboard)

Helena Eronen, Data Protection Officer

Learn more about how we protect your personal data.

Read more about the data subject’s rights. 

Why do we process your personal data?

We process your personal data in the following tasks:

• Processing job ads and applications
• Selecting a person for an employment relationship at the University of Eastern Finland.
• In addition in connection with recruitment, an analysis can also be made on some applicants’ personal operating methods, which is carried out as a self-assessment and with the relevant applicant’s consent. 

Do we use automated decision-making or profiling?

We do not make automated decisions or use profiling.

Why are we allowed to process your personal data?

The processing of personal data is based on EU’s General Data Protection Regulation. A more precise basis for processing is the legitimate interest of the data controller (significant relationship between the data controller and the data subject).

With regard to the self-assessment of the personal operating methods analysis, the basis for processing personal data is the data subject’s consent. 

What personal data do we process?

The following personal data is stored in connection with recruitment:

• Job applicant’s personal data (name, date of birth, gender) and contact information (email address, street address, telephone number)
• Information on the applicant’s education, language skills and work experience and other relevant competences, as well as information on their references.
• Depending on the job applied for; CV, list of publications, selected publications, research plan, application, teaching portfolio, scientific merit, international activities, postgraduate study plan and development plans for the applicant’s field of study.
• The analysis of the applicant’s personal operating methods includes processing their name, email address, gender and location (country), which are mandatory information. In addition, the applicant may choose to fill in other background information that are not mandatory (such as job title and organisation). The applicant chooses the characteristics proposed by the system that best and least describe them. Based on the responses, the system creates an HPA analysis proposal that is reviewed together with the person who has sent the request to fill out the information. The applicant comments and accepts/rejects their analysis during the feedback discussion.
• The applicant may also include their profiles from social media or research communities (for example, Twitter, LinkedIn, Instagram or ResearchGate) in their contact information.

How long do we store your personal data?

Applications are stored in the Saima recruitment system for 36 months after the application has been last updated. Open applications are stored for six months after they have been updated. The application of the person selected for the position will be permanently stored in the archives of the University of Eastern Finland.

Self-assessments of the analysis of personal operating methods are stored for six months.

Where do we obtain the personal data needed for processing?

Applicants store their own data in the Saima system. With the consent of the applicant, the information necessary for recruitment can also be requested from other data sources, such as from the applicant’s former employers. The data subject is obliged to provide the necessary personal data. If the data subject does not provide the necessary personal data, the recruitment process cannot proceed.

For the purpose of analysing the personal operating methods, personal data is obtained from the data subject themselves. 

Transfer of personal data

Data is transferred from the recruitment system to those involved in the application process and only to those in the position of a party concerned, with the consent of the applicant or on the basis of a right based on law.

In the case of applicants who are subject to an analysis based on the self-assessment of their personal operating method, the analysis approved by the applicant may be transferred on the basis of consent to the person responsible for recruitment. 

As a regular transfer, the recruitment data collection of the Ministry of Education and Culture must be carried out annually, in which the number of applicants by gender and nationality and the basic data on the candidates selected for the position are provided as statistical data.

The processor of personal data is used in analysing the personal operating methods. The processor of personal data is Thomas International Ltd, with whom the university has concluded a data protection agreement. 

Transfer or disclosure of data outside the EU or EEA and the basis for this

As a rule, personal data is not transferred outside the EU or EEA. 

The data controller responsible for the processing of your personal data:

University of Eastern Finland
Joensuu: Yliopistokatu 2, P.O. Box 111, FI-80101 Joensuu, Finland
Kuopio: Yliopistonranta 1, P.O. Box 1627, FI-70211 Kuopio, Finland
Telephone +358 294 45 1111 (switchboard)

Helena Eronen, Data Protection Officer

Learn more about how we protect your personal data.

Read more about the data subject’s rights. 

Recruiment of research participants

Why do we process your personal data?

We process your personal data for the following purposes:

The stakeholder groups of community relations in the University of Eastern Finland include people who contribute to the university’s activities as specialists, partners, guest lecturers, research subjects or in other similar university activity such as alumni relations. Stakeholder groups also include the people who have subscribed to the university newsletter or other communications and those who are being sent sales and marketing communications or needs assessment surveys to public services via various distribution channels. Stakeholder engagement also includes various search engines to our partners, stakeholder groups, and the public interested in research.

Sales, marketing, alumni relations, public relations, communications, attending events, and needs assessment surveys.

Do we use automated decision-making or profiling?

We do not use automated decision-making or profiling.

Why are we allowed to process your personal data?

The processing of personal data is based on the EU General Data Protection Regulation. The more precise legal bases are:

• Data subject’s consent
• Enforcement of contract (in which the data subject is a party), contracts: Subscription, attending an event or a previous customer relationship
• Data controller’s compliance with a statutory obligation. Universities Act (558/2009, section 2)
• A task carried out in the public interest/the exercise of public authority vested in the data controller
• Execution of data controller’s or a third party’s legitimate interests (the legitimate interest in question: Information Society Code [917/2014] chapter 24 on Electronic Direct Marketing and Cookies)

Concerning event attendance, we also process sensitive data (the dietary information can include sensitive data). The exception for the processing of this data is the data subject’s consent.

What personal data do we process?

We process the following data:

• Alumni: name, contact information, degree information, date of birth, professional status, interests.
• Donors: name, personal identity code/Business ID, address, phone number, email, amount and recipient of the donation.
• Attending events: name, contact information, event information, diet. 
• Communications: communication with alumni, donors, and partners
• Newsletters and marketing communications: emails
• UEF Connect and similar databases: name, contact information, profession, organizational information, information written by the person themselves, and the contact information of partners
• All the courses organized by the university

How long do we keep your personal data?

Personal data is retained for as long as is required for the service to be executed. 

• Donors: data is permanently retained

Where do we get the personal data that is needed?

• From the data subject themselves
• Data of the university staff is transferred from the Human Resources systems (Mepco, Helpnet, and SoleCris)

Transfers of personal data

The diet information is transferred to the caterer when signing up to events. Email addresses collected in needs assessment surveys can be transferred to the marketing of the university’s course selection if the respondent gives their consent. 

For public relations and communications, the personal data is available on the public website of the university.

Transfers outside the EU or the EEA and criteria for transfers

Personal data will not be transferred outside the EU or EEA. The UEF website can also be viewed outside the EU and EAA area.

Data Controller is:

University of Eastern Finland

Joensuu: Yliopistokatu 2, PO Box 111, 80101 Joensuu

Kuopio: Yliopistonranta 1, PO Box 1627, 70211 Kuopio

Phone 0294 45 1111 (exchange)

Helena Eronen Data Protection Officer

Learn more about how we protect your personal information.

Read more about the rights of the data subject