Privacy Statement – Identity management

GDPR (2016/679)

Update 22.11.2018

1 Name of the register

Identity management

2 Controller

Jamk University of Applied Sciences
P.O. Box 207
FI-40101 Jyväskylä, Finland

3 Contact person in matters concerning the register, contact information during office hours

  • Director of Administration:  Mikko R. Salminen
  • System Specialist: Jyri Helakangas
  • System Specialist:  Sami Mäkinen
  • firstname.surename[a]

4 Purpose of the processing of personal data

The identity Management System maintains up-to-date information on Jamk’s information systems and information services users’ access rights, access duration and access rights (access and access control). The register contains information about staff, students and external users.

5 Data contents of the register

Name (obligatory)Title
ID number/Date of birth (is required of persons who do not have a Finnish personal identification number) (obligatory)Personal ID number (obligatory)
Gender (obligatory)ID number information
Nationality (obligatory)User name
LanguageArrival date to the group, start date and end date of employment relationship
AdressUnit, department and cost centre
e-mail addressWorking hours information
Telephone numberProject information
StudentsExternal users
Student IDAgreement (obligatory)
Student typeTitle (obligatory)
Field of study and degree typeOrganisation (obligatory)
Group informationStart date and end date of relationship
Status (obligatory)Contact person (obligatory)
Password (obligatory)Adoption of a usage rule (obligatory)
Transfer information (national data warehouse) 

6 Legal bases for processing personal data

  • The controller’s legal obligation
  • A task carried out in the public interest or the exercise of public authority and
  • The legitimate interests of the controller or a third party

7 Regular information sources

  • Students: Study information system
  • Staff: Human resources
  • External users: Questionnaire

8 Regular information disclose and information transfer outside the EU or the European Economic Area

Information is not regularly rendered to third parties. Data is not transmitted outside the EU or EEA, or international organizations.

9 Register protection principles

The register does not contain manually collected material. All servers are located in a locked location and access is monitored. Servers are only allowed for administrators.

10 Retention period or criteria for determining

  • Student information is stored in primarily for the duration of the studies  + four months after graduation
  • Information on personnel is stored in the HR management systems for the duration of their employment + four months after termination of employment. The username remains archive forever, ie the same ID can not be reissued to another person.
  • External users information is stored in primarily for the duration of the  contractual relationship + four months after termination of contractual relationship. Data collected through a questionnaire will be deleted as soon as they are transferred to the identity management system.

11 Automatic decision-making/profiling

Automated profiling related to personal data is not conducted.

12 Rights of the Data Subject

User information is corrected according to notifications. The correctness of personal data is checked if necessary from the student administration system or from the human resources management system. User information is updated according to the notifications. The correctness of personal data is checked if necessary from the student administration system or from the human resources management system. Administrators and other staff take care of correcting the error immediately.
Read more information about the Jamk’s Privacy Policy, Data Protection Officer and the rights of the data subject and their implementation.