Information to the data subject in accordance with the EU General Data Protection Regulation (2016/679) articles 13-14

1. Controllers

Fastighets Ab Arcada Nova
Jan-Magnus Janssonin aukio 1
00560 Helsinki
Business ID: 2493277-7

Arcada University of Applied Sciences Ltd
Jan-Magnus Janssonin aukio 1
00560 Helsinki
Business ID: 2553871-2

2. The controllers’ representatives

CEO Jörgen Wiik
Tel. 0294 282 805
E-mail address in the format

Rector Mona Forsskåhl
Tel. 0294 282 699
E-mail address in the format

3. Contact person for the register

IT-administrator Harri Anukka
Tel. 0294 282 606
E-mail address in the format

4. Data protection officer

Data protection officer, legal counsel Anna Härmä
Tel. 0294 282 888
E-mail address

5. Purposes of processing personal data

The data is used to administer rights of access to the Arcada building, to enable access control and to enable easier logins to copiers.

The data can, if necessary, be used to investigate suspected harassments, improper behavior and unlawful usage of keys.

Access control can be used for the reporting of student’s course attendance and attendance in mandatory lectures, provided this is announced in the course description, or in other ways communicated to the participants beforehand.

6. Legal basis for processing personal data

The processing of personal data is based on the controller’s legal obligation as employer and university to provide suitable access to work and study spaces and to strive for a safe work and study environment for personnel, students and guests.

7. Categories of personal data and the duration of storage

1) The key holder (name, the personnel’s or guests position or role, the student’s educational programme)

2) Information about granted keys and to which spaces they give access

3) User log (the key used, door and time)

The data is stored during the period when the person has a role, which grants him or her access to the building and has an electronic key, after the person’s access is terminated, the data is stored for two years.

8. IT systems used when processing personal data

Hedengren Hedsam – system for access control

9. Data sources

Basic data about the personnel is provided by the personnel register, basic data about the student is provided by the student register, and basic data about guests is provided by the guest him- or herself or by his or her contact person at Arcada. The information is necessary to allow access to the spaces at Arcada.

10. Recipients of the personal data

Data may be transferred within the Arcada group.

Data from the register can be disclosed to the Police, in accordance with the Police Act (87/2011) chapter 4, when suspecting or investigating a crime.

11. Transfer of personal data outside the EU and the EEA and the basis for the transfer

Personal data is not transferred outside the EU or the EEA.

12. Principles for the protection of personal data

Material in electronic format is stored in IT systems and on computers protected from unauthorized use with security measures including firewalls and passwords. The systems have different user levels, and users are granted access to the data only to the extent the user’s work tasks require.

Material in paper format is stored in locked rooms with limited access and access control.

13. Automated decision-making

Automated decisions and profiling are not made based on personal data within the register.

14. The data subject’s rights

Information about the data subject's rights can be found here.