At the University of Eastern Finland, personal data are processed within the following processes. Please refer to the list below to learn more about the processing of personal data.
More information: tietosuoja@uef.fi.
As a Data Controller, responsible for processing your personal data is
University of Eastern Finland
Joensuu: Yliopistokatu 2, PO Box 111, 80101 Joensuu
Kuopio: Yliopistonranta 1, PO Box 1627, 70211 Kuopio
Phone 0294 45 1111 (exchange)
For scientific research, the data controller is defined separately for each research. The controller can be the researcher him/herself, the research group or the university.
Why do we process your personal data?
We process your personal data for the following purposes:
- Salary and fee payments, the reception of salary calculation data and the transfer of salary calculation data to different stakeholder groups. The planning, management, monitoring and statistics related to staff, salary and employment relationship matters as well as the handling of an employer’s statutory and voluntary tasks.
- Development of forms of work, working methods, and support services
- Monitoring and allocation of working hours of the staff (for distribution of wage costs of projects).
- The management of the evaluation process that is conducted according to salary system for Finnish universities (YPJ)
- Evaluation of the requirement level of a job
- Evaluation process for personal performance
- Occupational wellbeing of staff: Occupational wellbeing surveys and reports
- Remembering staff
Do we use automated decision-making or profiling?
We do not use automated decision-making or profiling.
Why are we allowed to process your personal data?
The processing of personal data is based on the EU General Data Protection Regulation. The more precise legal bases are:
- Data controller’s compliance with a statutory obligation. Statutes: Universities Act (558/2009), Government Decree on Universities (770/2009), Employment Contracts Act (55/2001)
- Implementation of the data controller’s or third party’s legitimate interests (the legitimate interest in question: the significant relationship between the data controller and the data subject (employment relationship)
Data controller responsible for processing your personal data:
University of Eastern Finland
Joensuu: Yliopistokatu 2, P.O. Box 111, 80101 Joensuu
Kuopio: Yliopistonranta 1, P.O. Box 1627, 70211 Kuopio
Phone 0294 45 1111 (PBX)
Representative of data controller
Director of Administration Tuomo Meriläinen
Director of Human Resources and Staff Well-being Ulla Hurskainen
Data controller’s contacts
Head of Human Resources Jenni Varis
Human Resources Specialist Minna Kuosmanen
What kind of personal data do we process?
The following data from people in an employment relationship with the University is collected while managing human resources and employment relations (employees, fee earners, elected officials, and grantees):
- Basic information of the person (name, date of birth, personal identity code, contact information etc.)
- Performance review data
- Early support memorandums
- Payment information (account number, salary determinants, trade union membership)
- Salary and fee payment data
- Employment relationship data
- Education data
- Working hours allocation data
- Working hours monitoring data
- Data required for occupational health and safety
- Occupational wellbeing surveys: unit of work as a requisite information, gender, campus, age bracket, years of work experience, role, employment contract (temporary/permanent)
- In the surveys regarding development of the forms of work and working methods, you can voluntarily give your contact information. Otherwise the surveys are answered anonymously
- Evaluation process data in accordance with salary system at universities: job description and assessment data in accordance with the salary system, assessment data of personal performance
How long do we retain your personal data?
The data retention periods are determined according to the filing system of the university as follows:
- Retained permanently: Staff list
- Retained permanently/10 years: Distant work and employment contracts
- Period of validity + 10 years: Documents regarding permissions for secondary occupation
- Period of validity:
- Applications for enabling annual holidays, period of validity
- authorisation for employee association membership fees, period of validity
- Access control and working hours monitoring reports, period of validity
- Staff education data, period of validity
Determined by the validity of the document
- 50 years:
- Pay slips and other related documents
- Resolution/certificate of the termination of the employment relationship
- 13 years: Working hours allocation reports
- 10 years:
- Accounts of trade union member charges
- Performance review memorandums
- Job descriptions
- Work plans
- Forms and resolutions regarding the evaluation of the requirement level of work duties
- Forms and resolutions regarding the evaluation of personal performance
- Occupational wellbeing surveys and reports
- Job certificates with attachments
- 5 years:
- Holiday bonus exchange contract
- Carried-over leave contract
- Documents related to the verification of the annual leave
- 2 years:
- Medical certificates (Certificate A)
- Lists of those who participated in staff training
- Absence notifications
- Notifications of annual leave, carried-over leave, and leave in lieu of holiday bonus
- Surveys related to the development of forms of work: answers are retained for one year at most.
How do we obtain the personal data for processing?
The personal data required for processing is obtained as follows:
From the person themselves: personal data (on a form), the payment of remuneration data (on a form), working hours monitoring (to Timecon or Promid system), working hours allocation (to SoleTM allocation system), education data (on a form), performance review data, the background information of the occupational wellbeing survey
From the person in charge of the unit’s personnel matters: the proposal to employ a person on a contract (a form), the data of the person’s immediate superior
The person themselves, the person’s immediate superior, the director of the unit, the head of department, the dean if need be, university salary system assessment team and the employer’s representative (the rector, the human resources director, the director of administration): the data for the evaluation of the difficulty of the job and personal performance
From tax authorities: the data regarding tax rate (electronic data transfer)
From population register: updates regarding the person’s name data (electronic data transfer)
The data subject must deliver the necessary personal data for the management of the employment relationship. If the data subject does not deliver the necessary information, the employment relationship cannot be verified, and the salary payment will be prevented.
If the data subject gives their personal data for processing, the bases for giving the personal data are both the data controller’s statutory obligation and an agreement between the data controller and the data subject.
Regular transfer and disclosure of personal data
Personal data is transferred from the Human Resources system Mepco to the following internal services of the University of Eastern Finland:
Abloy KeyControl, users
Maintenance of Dynamics 365 contact information, users + employment relationships
HelpNet phone book, users
IDM user management, users
Chemical register, users
M2 travel control system, users + employment relationships
Miilu databank, users + employment relationships + absences
Peppi study information system, teachers
Proha project management, users
Raindance financial administration system, users + salary transactions
Recycling and filing of Rondo invoices, payslips
SoleCRIS research administration’s system, users + employment relationships
SoleTM working hours allocation system, users + employment relationships
E-service, users
UEF Connect, users
Vakka election system, users
Financial administration and human resources service center Certia Ltd. acts as the processor of the university’s calculation of payments. The university has a contract of service with Certia Ltd. that also includes an accord of the processing of personal data. Other service providers can also be used as the processers of personal data in one-off acquisitions or projects for example, in the context of remembering staff. With these service providers, a separate sales contract or a separate contract of service is made on a case-by-case basis.
Personal data is disclosed as follows: statutory disclosures to tax administration’s incomes register, notifications to pension insurance companies, a notification of employee association membership fees to the employee associations, statistics to ministry, other statutory disclosures, salary payment data to banks and accounting, and transferring data to the occupational health care and the public employment and business services to manage a person’s benefits.
Transfer or disclosure of personal data outside the EU or EAA and the basis for it
Personal data will not be transferred outside the EU or EEA.
Read more about how we protect your personal data.
Read more about your rights as a data subject.
Why do we process your personal data?
We process your personal data in the following tasks:
- Processing job ads and applications
- Selecting a person for an employment relationship at the University of Eastern Finland.
- In addition in connection with recruitment, an analysis can also be made on some applicants’ personal operating methods, which is carried out as a self-assessment and with the relevant applicant’s consent.
Do we use automated decision-making or profiling?
We do not make automated decisions or use profiling.
Why are we allowed to process your personal data?
The processing of personal data is based on EU’s General Data Protection Regulation. A more precise basis for processing is the legitimate interest of the data controller (significant relationship between the data controller and the data subject).
With regard to the self-assessment of the personal operating methods analysis, the basis for processing personal data is the data subject’s consent.
What personal data do we process?
The following personal data is stored in connection with recruitment:
- Job applicant’s personal data (name, date of birth, gender) and contact information (email address, street address, telephone number)
- Information on the applicant’s education, language skills and work experience and other relevant competences, as well as information on their references.
- Depending on the job applied for; CV, list of publications, selected publications, research plan, application, teaching portfolio, scientific merit, international activities, postgraduate study plan and development plans for the applicant’s field of study.
- The analysis of the applicant’s personal operating methods includes processing their name, email address, gender and location (country), which are mandatory information. In addition, the applicant may choose to fill in other background information that are not mandatory (such as job title and organisation). The applicant chooses the characteristics proposed by the system that best and least describe them. Based on the responses, the system creates an HPA analysis proposal that is reviewed together with the person who has sent the request to fill out the information. The applicant comments and accepts/rejects their analysis during the feedback discussion.
- The applicant may also include their profiles from social media or research communities (for example, Twitter, LinkedIn, Instagram or ResearchGate) in their contact information.
How long do we store your personal data?
Applications are stored in the Saima recruitment system for 36 months after the application has been last updated. Open applications are stored for six months after they have been updated. The application of the person selected for the position will be permanently stored in the archives of the University of Eastern Finland.
Self-assessments of the analysis of personal operating methods are stored for six months.
Where do we obtain the personal data needed for processing?
Applicants store their own data in the Saima system. With the consent of the applicant, the information necessary for recruitment can also be requested from other data sources, such as from the applicant’s former employers. The data subject is obliged to provide the necessary personal data. If the data subject does not provide the necessary personal data, the recruitment process cannot proceed.
For the purpose of analysing the personal operating methods, personal data is obtained from the data subject themselves.
Transfer of personal data
Data is transferred from the recruitment system to those involved in the application process and only to those in the position of a party concerned, with the consent of the applicant or on the basis of a right based on law.
In the case of applicants who are subject to an analysis based on the self-assessment of their personal operating method, the analysis approved by the applicant may be transferred on the basis of consent to the person responsible for recruitment.
As a regular transfer, the recruitment data collection of the Ministry of Education and Culture must be carried out annually, in which the number of applicants by gender and nationality and the basic data on the candidates selected for the position are provided as statistical data.
The processor of personal data is used in analysing the personal operating methods. The processor of personal data is Thomas International Ltd, with whom the university has concluded a data protection agreement.
Transfer or disclosure of data outside the EU or EEA and the basis for this
As a rule, personal data is not transferred outside the EU or EEA.
The data controller responsible for the processing of your personal data:
University of Eastern Finland
Joensuu: Yliopistokatu 2, P.O. Box 111, FI-80101 Joensuu, Finland
Kuopio: Yliopistonranta 1, P.O. Box 1627, FI-70211 Kuopio, Finland
Telephone +358 294 45 1111 (switchboard)
Helena Eronen, Data Protection Officer
Why do we process your personal data?
We process your personal data for the following purposes:
The stakeholder groups of community relations in the University of Eastern Finland include people who contribute to the university’s activities as specialists, partners, guest lecturers, research subjects or in other similar university activity such as alumni relations. Stakeholder groups also include the people who have subscribed to the university newsletter or other communications and those who are being sent sales and marketing communications or needs assessment surveys to public services via various distribution channels. Stakeholder engagement also includes various search engines to our partners, stakeholder groups, and the public interested in research.
Sales, marketing, alumni relations, public relations, communications, attending events, and needs assessment surveys.
Do we use automated decision-making or profiling?
We do not use automated decision-making or profiling.
Why are we allowed to process your personal data?
The processing of personal data is based on the EU General Data Protection Regulation. The more precise legal bases are:
- Data subject’s consent
- Enforcement of contract (in which the data subject is a party), contracts: Subscription, attending an event or a previous customer relationship
- Data controller’s compliance with a statutory obligation. Universities Act (558/2009, section 2)
- A task carried out in the public interest/the exercise of public authority vested in the data controller
- Execution of data controller’s or a third party’s legitimate interests (the legitimate interest in question: Information Society Code [917/2014] chapter 24 on Electronic Direct Marketing and Cookies)
Concerning event attendance, we also process sensitive data (the dietary information can include sensitive data). The exception for the processing of this data is the data subject’s consent.
What personal data do we process?
We process the following data:
- Alumni: name, contact information, degree information, date of birth, professional status, interests.
- Donors: name, personal identity code/Business ID, address, phone number, email, amount and recipient of the donation.
- Attending events: name, contact information, event information, diet.
- Communications: communication with alumni, donors, and partners
- Newsletters and marketing communications: emails
- UEF Connect and similar databases: name, contact information, profession, organizational information, information written by the person themselves, and the contact information of partners
- All the courses organized by the university
How long do we keep your personal data?
Personal data is retained for as long as is required for the service to be executed.
- Donors: data is permanently retained
Where do we get the personal data that is needed?
- From the data subject themselves
- Data of the university staff is transferred from the Human Resources systems (Mepco, Helpnet, and SoleCris)
Transfers of personal data
The diet information is transferred to the caterer when signing up to events. Email addresses collected in needs assessment surveys can be transferred to the marketing of the university’s course selection if the respondent gives their consent.
For public relations and communications, the personal data is available on the public website of the university.
Transfers outside the EU or the EEA and criteria for transfers
Personal data will not be transferred outside the EU or EEA. The UEF website can also be viewed outside the EU and EAA area.
Data Controller is:
University of Eastern Finland
Joensuu: Yliopistokatu 2, PO Box 111, 80101 Joensuu
Kuopio: Yliopistonranta 1, PO Box 1627, 70211 Kuopio
Phone 0294 45 1111 (exchange)
Helena Eronen Data Protection Officer
Why do we process your personal data?
The University is processing your personal data in the following purposes:
- To apply for a grant and to prepare grant decisions.
- To inform grant recipients on the grant.
- To prepare and make grant payments and to follow up the payments according to the payment procedures of the University of Eastern Finland.
- To prepare statistics on the grant applications, and to keep contact to grant recipients.
Do we use automated decision making or profiling?
We do not make automated decisions or profiling.
Why are we allowed to process your personal data?
The legal basis to process your personal data is the purposes of legitimate interests pursued by the controller. The grant that you apply makes a significant relation between The University and yourself.
What personal data do we process?
In this purpose university is processing following personal data of the grant applicants: name, year of birth, address, profession, current work unit, email, telephone number, information on the degree completed, name and field of the research work, name, title and institution of the referee and inviter, employment status and information needed to make grant payments.
How long do we keep your personal data?
The retention period of the grant applications and grant decisions is 13 years. The retention period of information related to grant payments is according to the Accounting Act.
Where do we get the personal data that is needed?
The personal data needed is received from the data subject (grant applicant).
Transfers of personal data
Data is transferred nationally to stakeholders (accounting information to tax administration, intermediary bank, State Treasury) and internally at the university to the finance data warehouse for payment and reporting purposes. The report prepared by a grant recipient is delivered to the financer.
Transfers outside the EU or the EEA and criteria for transfers
In principle, personal data will not be transferred outside the EU or the EEA.
Data Controller is:
University of Eastern Finland
Joensuu: Yliopistokatu 2, PO Box 111, 80101 Joensuu
Kuopio: Yliopistonranta 1, PO Box 1627, 70211 Kuopio
Phone 0294 45 1111 (exchange)
Helena Eronen Data Protection Officer
How do we protect your personal data?
The management of information systems used in the processing of personal data is followed by the Information Security Code and Guidelines of the University of Eastern Finland. Technically, data systems and their user interfaces are protected by a firewall, and systems' data are regularly backed up. Access to information systems is limited by access groups so that each user has access only to the information they need for their job assignments.
Persons employed by the university and performing fiduciary functions are subject to a duty of secrecy under section 23 of the Public Authorities Act. In addition, University employees may not use or express to others the employer's professional or trade secrets (Article 4 of the Employment Contracts Act, Chapter 3, Section 4).
The information to be kept secret, as well as the storage times, archiving and disposal, are specified in the university's archival formation plan.
The rights of the data subject
According to the General Data Protection Regulation (GDPR), data subjects have the right
- to obtain information on the processing of their personal data
- of access to their data
- to rectification of their data
- to the erasure of their data and to be forgotten
- to restrict the processing of their data
- to data portability
- to object to the processing of their data
- not to be subject to a decision based solely on automated processing
Not all of these rights can be exercised in all situations, depending on factors such as the basis for the processing of personal data.
In order to exercise their rights, the data subject may submit a request for it through the university's service (staff, students) or through a form available on the university's website.
The data subject has also the right to notify the Office of Data Protection Ombudsman if she/he considers that the processing of personal data does not comply with the law. Contact: Office of the Data Protection Ombudsman, PL 800, 00521 Helsinki, tietosuoja@om.fi
Advice and guidance on matters relating to the processing of personal data is provided by the Data Protection Officer.