Privacy Statement – An Authentication Solution for Degree Certificates

GDPR (2016/679)

Update 21.1.2019

1 Name of the register

An Authentication Solution for Degree Certificates

2 Controller

Jamk University of Applied Sciences
P.O. Box 207
FI-40101 Jyväskylä, Finland

The service provider’s privacy policy

3 Contact person in matters concerning the register, contact information during office hours

Director in charge of the register: Vice Rector Heikki Malinen

Responsible for the process: Student Services Manager Kristiina Korhonen
Main users in content: Jaakko Ijäs


4 Purpose of the processing of personal data

The purpose of the processing of personal data is to ensure the authenticity of the degree certificate. Authentication is shown in the certificate as a two-dimensional barcode containing a digital certificate. Verification of the degree certificate is verified by reading the barcode on a smartphone for the service provider’s online service.

5 Data contents of the register

  • Name
  • ID number
  • Date of birth
  • Student ID
  • Degree programme
  • Field of study
  • Organisation
  • Unit
  • IP-address
  • Name of the theses
  • Grades
  • Language

6 Legal bases for processing personal data

The controller’s legal obligation/the legitimate interests of the controller.

7 Regular information sources

Information on the service is provided by the student administration system.

8 Regular information disclose and information transfer outside the EU or the European Economic Area

The processing of personal data has been outsourced by contract: Prime Authentication Solutions Finland Oy.

Data is not transmitted outside the EU or EEA, or international organizations.

9 Register protection principles

The register does not contain manually collected material.

The information provided by the Finnish customer organizations of the service provider is stored in Finland. Information can not be accessed by external parties. Communications are encrypted. Access to the information is limited to the technical maintenance of the service.

10 Retention period or criteria for determining

Jamk stores any information on documents pertaining to degree certificates and transcripts of records electronically and permanently (Decision of the National Archives of Finland  AL/20757/ ).

The encryption key is located in the protected document as a QR code. The document holder must provide the encryption key to the certification service for each authentication. The encryption key is only used for authentication purposes. It will be removed immediately after verification has been completed.

11 Automatic decision-making/profiling

Automated profiling related to personal data is not conducted.

12 Rights of the Data Subject

Read more information about the Jamk’s Privacy Policy, Data Protection Officer and the rights of the data subject and their implementation.