Privacy Notice: Processing of Employee Personal Data
(EU General Data Protection Regulation 2016/679, Articles 13 and 14)
In this notice, we provide detailed information about the purposes for which we collect your personal data and how we process it. Personal data refers to information by which you can directly or indirectly identified.
What is the basis for processing your personal data?
We process your personal and employment-related data for the maintenance and development of the employment relationship. The processing of personal data is based on our legal obligations as an employer, the execution of the employment contract between the employee and the employer, the legitimate interests of the employee, and the consent provided by the employee.
The processing is based on the following laws, among others:
- Universities of Applied Sciences Act (932/2014)
- Employment Contracts Act (55/2001)
- Working Hours Act (605/1996)
- Act on the Protection of Privacy in Working Life (759/2004)
- Act on the Openness of Government Activities (621/1999)
- EU General Data Protection Regulation (2016/679)
- Data Protection Act (L1050/2018)
What personal data do we process and for what purpose?
We only process necessary personal data for the performance of our tasks. This includes employee’s personal and contact information, bank account details, employment-related information, salary information, absence and leave details, job descriptions, work history, qualifications and other education, employee training, and other information related to the maintenance of the employment relationship and skills management.
We process your data for planning, managing, monitoring, developing, reporting, and statistical purposes related to personnel and employment matters.
Where do we obtain your personal data?
We primarily obtain the necessary personal data from the employees themselves. Information may also be obtained from tax authorities and within our own organization.
The data may also be derived from the use of university IT services and equipment or collected through management and surveillance services used by the university (such as camera surveillance and access control).
To whom do we disclose your personal data?
We only disclose your personal data to entities that have a legal right to access the information or where disclosure is necessary for the management of employment-related matters and employer activities, or with your consent.
These may include tax authorities, the Social Insurance Institution of Finland (Kela), pension insurance companies, contractual partners (payroll, occupational health care), employees’ trade unions, enforcement authorities.
Salary and working hour information of individuals participating in RDI projects may be disclosed to the Ministry of Education and Culture (OKM), project funders, and other authorities.
Anonymised statistical data may be disclosed to educational employers’ organizations, the Ministry of Education and Culture (OKM), and Statistics Finland.
Data from the personnel register may also be disclosed for research purposes through a separate research permit process.
Do we transfer your data outside the EU or EEA?
Your data is not generally transferred.
In some exceptional cases, such as international work assignments or the use of certain services, personal data may need to be transferred outside the EU or EEA. In such cases, the protection of personal data is ensured in compliance with legal requirements.
How long do we retain your personal data?
Retention periods are determined according to legal requirements, decisions of the National Archives of Finland, and Vaasa University of Applied Sciences’ record management plan.
How do we protect your personal data?
We ensure that your privacy is not compromised during the processing of your personal data. Information is processed and stored in a manner that complies with legal requirements and appropriate security measures. All individuals processing personal data are bound by confidentiality obligations.
Manual material
- Manual materials are stored and protected to prevent unauthorized access and accidental destruction, alteration, disclosure, transfer, or other unlawful processing.
- Persons processing personal data have the right to access only the information necessary for their tasks.
- Documents containing personal data are destroyed by shredding or as confidential waste.
Electronically processed information
- The responsibility for maintaining server equipment lies with the controller’s IT administration. The network and servers are adequately protected.
- Access rights are restricted by user groups. Data visibility and update rights in the system are determined by usage roles for different user groups.
- Access to the data is granted only to those who have received system access rights. Access to the system is determined by the person’s job tasks.
Do we use automated decision-making?
Automated decision-making does not occur in the processing of personal data.
When we process your personal data, you have a right to:
- receive information about the processing
- view and verify your data
- request that your data be rectified
- demand that your data be erased (not applicable to statutory duties)
- demand limitations to the processing of your personal data
- oppose the processing of your personal data
- request that the personal data you have submitted be transferred from one controller to another
- withdraw your consent, if the processing of your personal data is based on consent
- avoid being subject to automated decision-making.
Requests regarding the verification, rectification and erasure of data should be sent to VAMK’s data protection officer. The contact details can be found below.
You have a right to submit a complaint to the national Office of the Data Protection Ombudsman if current data protection legislation has been violated while processing your personal data.
Data controller:
Oy Vaasan ammattikorkeakoulu – Vasa yrkeshögskola Ab
Wolffintie 30
65200 Vaasa
Phone +358 207 663 300
Representative of the data controller:
Henkilön tunnistetta kati.komulainen@vamk.fi ei löydy. Tarkista lyhytkoodi.
Responsible person for processing employee personal data:
Henkilön tunnistetta piia.kujala@vamk.fi ei löydy. Tarkista lyhytkoodi.
Contact person for processing employee personal data: Anna Sjöholm, HR and Occupational Health and Safety Manager (anna.sjoholm@vamk.fi, +358 207 663 368)
Data protection officer: Eija Grims tietosuojavastaava@vamk.fi
This privacy notice has been updated on 10 August 2023.