Information to the data subject in accordance with the EU General Data Protection Regulation (2016/679) articles 13-14

1. Controller

Arcada University of Applied Sciences Ltd
Jan-Magnus Janssonin aukio 1
00560 Helsinki
Business ID: 2553871-2

2. The controller’s representative

Head of Communications Hanna Donner
Tel. 0294 282 523
E-mail address in the format firstname.surname@arcada.fi

3. Contact person for the register

External relations manager Mia Ingman
Tel. 0294 282 667
E-mail address in the format firstname.surname@arcada.fi

4. Data protection officer

Data protection officer, legal counsel Anna Härmä
Tel. 0294 282 888
E-mail address dataprotection@arcada.fi

5. Purposes of processing personal data

The data about Arcada’s stakeholders is used to initiate, execute, administer and develop cooperation with persons, companies and organizations.

With the consent of the stakeholder, he or she can receive newsletters and information about education, courses and other activities at Arcada.

6. Legal basis for processing personal data

The processing of personal data is based on Arcada’s legal obligation to collaborate with industries and businesses.

7. Categories of personal data and the duration of storage

  1. Name, contact information, organization and title
  2. Collaboration agreement and other information about planned or executed collaboration
  3. Information about participation in events and other activities at Arcada
  4. If the stakeholder subscribes to newsletters, Arcada will also follow up on activities relating to the newsletters

The data is stored during the period when the person, company or organization is collaborating with Arcada and for 10 years thereafter.

8. IT systems used when processing personal data

Lime CRM – contact register

9. Data sources

The data is provided by the stakeholder him- or herself or from the collaboration agreement when the collaboration begins or when there are changes in the contact information. The data is necessary for Arcada to perform the collaboration agreed upon with the stakeholder and the organization he or she is representing. Information can also be collected from public sources.

Information about a planned or completed collaboration and participation in events as well as information about activities relating to newsletters is collected in connection with the planning or performing of the collaboration, when the interested party is signing up for an event and when the newsletter is sent out.

10. Recipients of the personal data

Personal data is not disclosed from the register without the stakeholder’s consent.

11. Transfer of personal data outside the EU and the EEA and the basis for the transfer

Personal data is not transferred outside the EU or the EEA without the stakeholder’s consent.

12. Principles for the protection of personal data

Material in electronic format is stored in IT systems and on computers protected from unauthorized use with security measures including firewalls and passwords. The systems have different user levels, and users are granted access to the data only to the extent the user’s work tasks require.

Material in paper format is stored in locked rooms with limited access and access control.

13. Automated decision-making

Automated decisions and profiling are not made based on personal data within the register.

14. The data subject’s rights

Information about the data subject's rights can be found here.