Processing of personal data

Why do we process your personal data?

We process your personal data for the following purposes:

• Salary and fee payments, the reception of salary calculation data and the transfer of salary calculation data to different stakeholder groups. The planning, management, monitoring and statistics related to staff, salary and employment relationship matters as well as the handling of an employer’s statutory and voluntary tasks.
• Development of forms of work, working methods, and support services
• Monitoring and allocation of working hours of the staff (for distribution of wage costs of projects).
• The management of the evaluation process that is conducted according to salary system for Finnish universities (YPJ) 
  • Evaluation of the requirement level of a job
  • Evaluation process for personal performance
• Occupational wellbeing of staff: Occupational wellbeing surveys and reports
• Remembering staff

Do we use automated decision-making or profiling?

We do not use automated decision-making or profiling.

Why are we allowed to process your personal data?

The processing of personal data is based on the EU General Data Protection Regulation. The more precise legal bases are:

1. Data controller’s compliance with a statutory obligation. Statutes: Universities Act (558/2009), Government Decree on Universities (770/2009), Employment Contracts Act (55/2001)
2. Implementation of the data controller’s or third party’s legitimate interests (the legitimate interest in question: the significant relationship between the data controller and the data subject (employment relationship)

Data controller responsible for processing your personal data:

University of Eastern Finland

Joensuu: Yliopistokatu 2, P.O. Box 111, 80101 Joensuu

Kuopio: Yliopistonranta 1, P.O. Box 1627, 70211 Kuopio

Phone 0294 45 1111 (PBX)

Representative of data controller

Director of Administration Tuomo Meriläinen

Director of Human Resources and Staff Well-being Ulla Hurskainen

Data controller’s contacts

Head of Human Resources Jenni Varis

Human Resources Specialist Minna Kuosmanen

What kind of personal data do we process?

The following data from people in an employment relationship with the University is collected while managing human resources and employment relations (employees, fee earners, elected officials, and grantees):

• Basic information of the person (name, date of birth, personal identity code, contact information etc.)
• Performance review data
• Early support memorandums
• Payment information (account number, salary determinants, trade union membership)
• Salary and fee payment data
• Employment relationship data
• Education data
• Working hours allocation data
• Working hours monitoring data
• Data required for occupational health and safety
• Occupational wellbeing surveys: unit of work as a requisite information, gender, campus, age bracket, years of work experience, role, employment contract (temporary/permanent)
• In the surveys regarding development of the forms of work and working methods, you can voluntarily give your contact information. Otherwise the surveys are answered anonymously
• Evaluation process data in accordance with salary system at universities: job description and assessment data in accordance with the salary system, assessment data of personal performance

How long do we retain your personal data?

The data retention periods are determined according to the filing system of the university as follows:

• Retained permanently: Staff list
• Retained permanently/10 years:  Distant work and employment contracts
• Period of validity + 10 years: Documents regarding permissions for secondary occupation
• Period of validity:
  • Applications for enabling annual holidays, period of validity
  • authorisation for employee association membership fees, period of validity
  • Access control and working hours monitoring reports, period of validity
  • Staff education data, period of validity

Determined by the validity of the document

• 50 years:
  • Pay slips and other related documents
  • Resolution/certificate of the termination of the employment relationship
• 13 years: Working hours allocation reports
• 10 years:
  • Accounts of trade union member charges
  • Performance review memorandums
  • Job descriptions
  • Work plans
  • Forms and resolutions regarding the evaluation of the requirement level of work duties
  • Forms and resolutions regarding the evaluation of personal performance
  • Occupational wellbeing surveys and reports
  • Job certificates with attachments
• 5 years:
  • Holiday bonus exchange contract
  • Carried-over leave contract
  • Documents related to the verification of the annual leave
• 2 years:
  • Medical certificates (Certificate A)
  • Lists of those who participated in staff training
  • Absence notifications
  • Notifications of annual leave, carried-over leave, and leave in lieu of holiday bonus
• Surveys related to the development of forms of work: answers are retained for one year at most. 

How do we obtain the personal data for processing?

The personal data required for processing is obtained as follows:

From the person themselves: personal data (on a form), the payment of remuneration data (on a form), working hours monitoring (to Timecon or Promid system), working hours allocation (to SoleTM allocation system), education data (on a form), performance review data, the background information of the occupational wellbeing survey

From the person in charge of the unit’s personnel matters: the proposal to employ a person on a contract (a form), the data of the person’s immediate superior

The person themselves, the person’s immediate superior, the director of the unit, the head of department, the dean if need be, university salary system assessment team and the employer’s representative (the rector, the human resources director, the director of administration): the data for the evaluation of the difficulty of the job and personal performance

From tax authorities: the data regarding tax rate (electronic data transfer)

From population register: updates regarding the person’s name data (electronic data transfer)

The data subject must deliver the necessary personal data for the management of the employment relationship. If the data subject does not deliver the necessary information, the employment relationship cannot be verified, and the salary payment will be prevented.

If the data subject gives their personal data for processing, the bases for giving the personal data are both the data controller’s statutory obligation and an agreement between the data controller and the data subject.

Regular transfer and disclosure of personal data

Personal data is transferred from the Human Resources system Mepco to the following internal services of the University of Eastern Finland:

Abloy KeyControl, users

Maintenance of Dynamics 365 contact information, users + employment relationships

HelpNet phone book, users

IDM user management, users

Chemical register, users

M2 travel control system, users + employment relationships

Miilu databank, users + employment relationships + absences

Peppi study information system, teachers

Proha project management, users

Raindance financial administration system, users + salary transactions

Recycling and filing of Rondo invoices, payslips

SoleCRIS research administration’s system, users + employment relationships

SoleTM working hours allocation system, users + employment relationships

E-service, users

UEF Connect, users

Vakka election system, users

Financial administration and human resources service center Certia Ltd. acts as the processor of the university’s calculation of payments. The university has a contract of service with Certia Ltd. that also includes an accord of the processing of personal data. Other service providers can also be used as the processers of personal data in one-off acquisitions or projects for example, in the context of remembering staff. With these service providers, a separate sales contract or a separate contract of service is made on a case-by-case basis.

Personal data is disclosed as follows: statutory disclosures to tax administration’s incomes register, notifications to pension insurance companies, a notification of employee association membership fees to the employee associations, statistics to ministry, other statutory disclosures, salary payment data to banks and accounting, and transferring data to the occupational health care and the public employment and business services to manage a person’s benefits.

Transfer or disclosure of personal data outside the EU or EAA and the basis for it

Personal data will not be transferred outside the EU or EEA.

Read more about how we protect your personal data.

Read more about your rights as a data subject. 

Why do we process your personal data?

We process your personal data in the following tasks:

• Processing job ads and applications
• Selecting a person for an employment relationship at the University of Eastern Finland.
• In addition in connection with recruitment, an analysis can also be made on some applicants’ personal operating methods, which is carried out as a self-assessment and with the relevant applicant’s consent. 

Do we use automated decision-making or profiling?

We do not make automated decisions or use profiling.

Why are we allowed to process your personal data?

The processing of personal data is based on EU’s General Data Protection Regulation. A more precise basis for processing is the legitimate interest of the data controller (significant relationship between the data controller and the data subject).

With regard to the self-assessment of the personal operating methods analysis, the basis for processing personal data is the data subject’s consent. 

What personal data do we process?

The following personal data is stored in connection with recruitment:

• Job applicant’s personal data (name, date of birth, gender) and contact information (email address, street address, telephone number)
• Information on the applicant’s education, language skills and work experience and other relevant competences, as well as information on their references.
• Depending on the job applied for; CV, list of publications, selected publications, research plan, application, teaching portfolio, scientific merit, international activities, postgraduate study plan and development plans for the applicant’s field of study.
• The analysis of the applicant’s personal operating methods includes processing their name, email address, gender and location (country), which are mandatory information. In addition, the applicant may choose to fill in other background information that are not mandatory (such as job title and organisation). The applicant chooses the characteristics proposed by the system that best and least describe them. Based on the responses, the system creates an HPA analysis proposal that is reviewed together with the person who has sent the request to fill out the information. The applicant comments and accepts/rejects their analysis during the feedback discussion.
• The applicant may also include their profiles from social media or research communities (for example, Twitter, LinkedIn, Instagram or ResearchGate) in their contact information.

How long do we store your personal data?

Applications are stored in the Saima recruitment system for 36 months after the application has been last updated. Open applications are stored for six months after they have been updated. The application of the person selected for the position will be permanently stored in the archives of the University of Eastern Finland.

Self-assessments of the analysis of personal operating methods are stored for six months.

Where do we obtain the personal data needed for processing?

Applicants store their own data in the Saima system. With the consent of the applicant, the information necessary for recruitment can also be requested from other data sources, such as from the applicant’s former employers. The data subject is obliged to provide the necessary personal data. If the data subject does not provide the necessary personal data, the recruitment process cannot proceed.

For the purpose of analysing the personal operating methods, personal data is obtained from the data subject themselves. 

Transfer of personal data

Data is transferred from the recruitment system to those involved in the application process and only to those in the position of a party concerned, with the consent of the applicant or on the basis of a right based on law.

In the case of applicants who are subject to an analysis based on the self-assessment of their personal operating method, the analysis approved by the applicant may be transferred on the basis of consent to the person responsible for recruitment. 

As a regular transfer, the recruitment data collection of the Ministry of Education and Culture must be carried out annually, in which the number of applicants by gender and nationality and the basic data on the candidates selected for the position are provided as statistical data.

The processor of personal data is used in analysing the personal operating methods. The processor of personal data is Thomas International Ltd, with whom the university has concluded a data protection agreement. 

Transfer or disclosure of data outside the EU or EEA and the basis for this

As a rule, personal data is not transferred outside the EU or EEA. 

The data controller responsible for the processing of your personal data:

University of Eastern Finland
Joensuu: Yliopistokatu 2, P.O. Box 111, FI-80101 Joensuu, Finland
Kuopio: Yliopistonranta 1, P.O. Box 1627, FI-70211 Kuopio, Finland
Telephone +358 294 45 1111 (switchboard)

Helena Eronen, Data Protection Officer

Learn more about how we protect your personal data.

Read more about the data subject’s rights. 

Why do we process your personal data?

We process your personal data for the following purposes:

The stakeholder groups of community relations in the University of Eastern Finland include people who contribute to the university’s activities as specialists, partners, guest lecturers, research subjects or in other similar university activity such as alumni relations. Stakeholder groups also include the people who have subscribed to the university newsletter or other communications and those who are being sent sales and marketing communications or needs assessment surveys to public services via various distribution channels. Stakeholder engagement also includes various search engines to our partners, stakeholder groups, and the public interested in research.

Sales, marketing, alumni relations, public relations, communications, attending events, and needs assessment surveys.

Do we use automated decision-making or profiling?

We do not use automated decision-making or profiling.

Why are we allowed to process your personal data?

The processing of personal data is based on the EU General Data Protection Regulation. The more precise legal bases are:

• Data subject’s consent
• Enforcement of contract (in which the data subject is a party), contracts: Subscription, attending an event or a previous customer relationship
• Data controller’s compliance with a statutory obligation. Universities Act (558/2009, section 2)
• A task carried out in the public interest/the exercise of public authority vested in the data controller
• Execution of data controller’s or a third party’s legitimate interests (the legitimate interest in question: Information Society Code [917/2014] chapter 24 on Electronic Direct Marketing and Cookies)

Concerning event attendance, we also process sensitive data (the dietary information can include sensitive data). The exception for the processing of this data is the data subject’s consent.

What personal data do we process?

We process the following data:

• Alumni: name, contact information, degree information, date of birth, professional status, interests.
• Donors: name, personal identity code/Business ID, address, phone number, email, amount and recipient of the donation.
• Attending events: name, contact information, event information, diet. 
• Communications: communication with alumni, donors, and partners
• Newsletters and marketing communications: emails
• UEF Connect and similar databases: name, contact information, profession, organizational information, information written by the person themselves, and the contact information of partners
• All the courses organized by the university

How long do we keep your personal data?

Personal data is retained for as long as is required for the service to be executed. 

• Donors: data is permanently retained

Where do we get the personal data that is needed?

• From the data subject themselves
• Data of the university staff is transferred from the Human Resources systems (Mepco, Helpnet, and SoleCris)

Transfers of personal data

The diet information is transferred to the caterer when signing up to events. Email addresses collected in needs assessment surveys can be transferred to the marketing of the university’s course selection if the respondent gives their consent. 

For public relations and communications, the personal data is available on the public website of the university.

Transfers outside the EU or the EEA and criteria for transfers

Personal data will not be transferred outside the EU or EEA. The UEF website can also be viewed outside the EU and EAA area.

Data Controller is:

University of Eastern Finland

Joensuu: Yliopistokatu 2, PO Box 111, 80101 Joensuu

Kuopio: Yliopistonranta 1, PO Box 1627, 70211 Kuopio

Phone 0294 45 1111 (exchange)

Helena Eronen Data Protection Officer

Learn more about how we protect your personal information.

Read more about the rights of the data subject