Our privacy policy and your personal data

We want to inform you about the processing of your personal data in a transparent and understandable way. When you know how your data is processed, you can assess the appropriateness of the processing and also exercise your own rights regarding the processing of the data.
We process your personal data in accordance with data protection regulations, other legislation and this Privacy Policy. We regularly review our policies and update this website with changes. We are developing the page in accordance with changes in legislation and based on the feedback we have received.
Check out the key questions and answers about your privacy below.

What is personal data and data protection?

The concept of personal data is broad. Personal data is practically all information from which a person can be identified directly (e.g. name or personal identity code) or indirectly (e.g. camera surveillance or online identification).
Data protection is the correct and lawful processing of personal data. The purpose of data protection is to protect your personal data throughout the life cycle of data processing.

What personal data do we collect about you?

The personal data we collect about you depends on your relationship with us when we act as a data controller.
For example, certain personal data is collected from students, our own staff or users of our services in each case. These are explained in more detail in the privacy policy, which you can find further down on this page.

Where do we collect your personal data from?

We collect information about you from various sources.
Some of the information comes from external sources, such as the joint search. Some of the information we receive from you, for example, when you apply for training (continuous application or training calendar)..

What do we use your personal data for?

We use personal data in almost everything we do because it allows us to provide the best possible service to you.
We use personal data to fulfil our legal obligations and to market, produce and invoice our various services.
In addition, we use personal data to develop our operations and to report to the authorities in accordance with laws and obligations.

On what basis do we process your personal data?

We ensure that there is a legal basis for the processing of your personal data laid down by law. We always process your personal data on one of the following legal grounds:

• you have given your consent to the processing of your personal data for one or more specific purposes;
• the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
• the processing is necessary for compliance with our legal obligation;
• the processing is necessary to protect your vital interests or those of another person
• the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
• the processing is necessary for the purposes of fulfilling our or a third party’s legitimate interests;

Who processes your personal data and where is it processed?

Your data will only be processed by those employees who, due to their work duties, have the need and justification to process your personal data.
We use subcontractors and partners to produce and provide some services. For this reason, your personal data may be transferred to such parties for processing on our behalf. These entities may process your data only in accordance with our instructions. They are not allowed to use your data for their own purposes.
Through contractual and other arrangements, we ensure that your data is always processed carefully, in accordance with good data processing practices and in accordance with the General Data Protection Regulation, also by our subcontractors and partners.
As a rule, we process your data within the EEA. The EEA refers to the EU Member States as well as Iceland, Liechtenstein and Norway. If we transfer data outside the EEA, we ensure an adequate level of protection of personal data as required by law and use data transfer mechanisms approved by the European Commission, primarily the European Commission’s standard contractual clauses.

How is the storage and security of your data taken care of?

We protect your personal data by using appropriate technical and organisational safeguards. Such means include, for example, proactive and reactive risk management, controlled granting and monitoring of access rights, the use of firewalls, encryption technologies and secure device rooms, terminals, as well as access control and security systems.
We ensure the competence of our personnel involved in the processing of personal data through regular training and assessments, and we monitor the use of systems containing personal data, rights and their log data. We are constantly updating our internal policies and guidelines.
We store your necessary data at least for the duration of your studies or customer or employment relationship. After that, the storage period of the data depends on the data and its purpose. We comply with legal obligations regarding data retention.
We strive to keep the personal data we process accurate and up-to-date by updating the data and removing unnecessary data.

Will your personal data be disclosed to third parties?

Disclosure of personal data refers to situations in which your personal data is given for the independent use of another controller. Such disclosure of data does not include a situation where we use service providers with whom we have an agreement on the processing of personal data.

We will not disclose your data to third parties without your consent, unless the disclosure is based on a legal provision. We may also disclose your personal data to authorities in order to fulfil legal obligations (for example, the KOSKI service and tax or enforcement authorities).
We may also disclose your information to third parties with your consent or when disclosure is part of the product or service offered.

What kind of rights do you have in relation to the processing of personal data?

As described below, you have the right, among other things, to inspect your data in our personal data files, to demand the correction of incorrect data and to prohibit the processing of unnecessary data. However, we may have legal obligations to process and store your personal data even if you request the restriction of processing or the erasure of the data.
We will respond to the request to exercise your rights no later than one month after receipt of the request. In exceptional circumstances, we may extend the deadline by two months, as permitted by law, taking into account the complexity and number of requests.

Right of access

You have the right to receive confirmation as to whether we are processing personal data concerning you. If your personal data is processed, you have the right to access and inspect your data.

Right to rectification

You have the right to require us to rectify any inaccurate personal data and to complete any incomplete data.

Right to erasure (right to be forgotten)

In certain situations, you have the right to request the erasure of your personal data and to withdraw your consent to the processing of personal data. Such situations include, for example, that we no longer need your personal data for the purposes for which it was originally collected or that you withdraw your consent, which has been a prerequisite for the processing of your personal data.
Your data cannot be deleted when your personal data is processed in connection with statutory tasks or if its storage is based on a legal provision. Your data cannot be deleted either if it is necessary for the establishment, exercise or response to a legal claim. We will destroy your data without further request when we no longer have grounds to process your personal data.

Right to restrict the processing of personal data

If the conditions laid down separately are met, you have the right to restrict the processing of your personal data. However, the right to request the restriction of the processing of personal data does not apply to situations where the processing is based on a legal obligation.

Right to data portability

To the extent that the processing of your personal data is based on consent or a contract, you have the right to receive the personal data you have provided yourself from us in a structured and commonly used format and the right to have the data transferred to another controller.

Right to object to the processing of personal data

You have the right to object to the processing of your personal data to the extent that the processing is based on the fulfilment of our legitimate interests or those of a third party. You have the right to object at any time to the processing of your personal data for direct marketing purposes and to profiling with your personal data.

Right to lodge a complaint

If you consider that the processing of your personal data conflicts with current legislation, you can file a complaint with the Data Protection Ombudsman (An external link opens on the website of the Office of the Data Protection Ombudsman).

How can you exercise your rights related to the processing of personal data?

You have the right to know what personal data we process about you – or that it is not being processed. To find out, you can make a request to check the register data. You can check your data free of charge once a year. On the other hand, if you notice any errors or omissions in your data, you have the right to demand that the register data be corrected.

You can make a request or claim by:

• By submitting the signed form in person to the info point of our Asevelikatu office at Asevelikatu 4, 74100 IISALMI. We check your identity with your driver’s license, an identity card issued by the police, a passport or a Kela card with a picture to ensure that the necessary measures are directed to the correct personal data of the person.
• If you are unable to do business in person on Asevelikatu, you can mail us the form you have signed and with it a copy of your identity document (driver’s license, identity card issued by the police, passport or Kela card with a photo) certified by two persons over the age of 18. Send the documents to the address Ylä-Savon koulutuskuntayhtymä, Data Protection Officer, P.O. Box 30, FI-74101 IISALMI.
• If the above-mentioned methods do not suit you, please contact Data Protection Officer Teija Strandman, tel. 040 823 9913 and agree to submit documents to one of our locations.

Forms

• Request for inspection of register data
• Requirement to correct register data

Copies of the personal data being processed will be disclosed to you on the spot after verifying your identity or sent to you by registered mail.
As a data controller, we may in certain cases have the right to refuse to provide, correct or delete the data you have requested. In such situations, we will provide you with a written certificate stating the reasons for the refusal. If you wish, you can refer your matter to the Data Protection Ombudsman. For more information, please visit the Data Protection Ombudsman’s website https://tietosuoja.fi/

Who can you contact?

The data protection officer of the Ylä-Savo Joint Authority for Education is Quality Manager Teija Strandman.

Ylä-Savon koulutuskuntayhtymä
Data Protection Officer Teija Strandman
P.O. Box 30
74101 IISALMI
Phone: 040 823 9913
teija.strandman@ysao.fi

The Office of the Data Protection Ombudsman acts as the national supervisory authority, and its contact details can be found at https://tietosuoja.fi/fi/yhteystiedot