Whistleblowing channel

Information to data subjects in accordance with the EU General Data Protection Regulation (2016/679) articles 13-14.

1. Controller

Arcada University of Applied Sciences Ltd
Jan-Magnus Janssonin aukio 1
00560 Helsinki
Business ID: 2553871-2

3. Contact person for the register

Head of Security David Sjöberg
Tel. 0294 282 606

Legal Counsel Anna Härmä
Tel. 0294 282 888

E-mail addresses in the form firstname.surname@arcada.fi

4. Data Protection Officer

Data Protection Officer, Legal Counsel Anna Härmä
Tel. 0294 282 888
E-mail address in the form firstname.surname@arcada.fi

5. Purposes of processing personal data

Through Arcada’s whistleblowing channel, Arcada’s current and former employees, job applicants, interns and other persons who have or have had a connection to Arcada in work-related contexts can report suspicions of misconduct at Arcada University of Applied Sciences. Personal data is processed to enable the receipt and processing of reports.

The processing of personal data is based on a legal obligation in accordance with the Finnish Whistleblowing Act.

7. Categories of personal data and the duration of storage

In the register, personal data provided by the notifier in the report as well as personal data generated during the processing of the report is processed. The data may concern, for example, the whistleblower, the person who has been reported and the witnesses of the reported events. Sensitive personal data shall not be included in the report nor be processed in the system.

The whistleblower may, if they wish, submit the report anonymously.

All material related to the report will be deleted within five years of receiving the report, unless it is necessary to retain the data for a longer period of time in order to fulfil legal rights or obligations or to establish, exercise or defend legal claims. Personal data that is clearly irrelevant to the processing of the report will be deleted without undue delay.

8. IT systems used when processing personal data

Falcony – whistleblowing channel

9. Data sources

The information in the register is obtained from the notifier. Data is also obtained in connection with the processing of the report, for example, from persons who are heard in connection with the report.

10. Recipients of the personal data

Personal data may be disclosed to authorities in situations where Arcada has a legal obligation to report violations or in which continued investigation of reported cases requires cooperation with authorities. Personal data concerning the whistleblower is not disclosed when the report is covered by the provisions of the Finnish Whistleblowing Act.

11. Transfer of personal data outside the EU and EEA and the basis for the transfer

Personal data is not transferred outside the EU or the EEA.

12. Principles for the protection of personal data

Material in electronic format is stored in IT systems and on computers that are protected from unauthorized use with security measures including firewalls and passwords. Only persons appointed by Arcada have access to the system. These persons are bound by a duty of confidentiality and the obligation to protect the identity of the whistleblower also when the further processing of the matter requires the involvement of other persons in the investigation.

13. Automated decision-making

Automated decisions and profiling are not made based on personal data within the register.

To the top of the page