Privacy statement: Staff services

Data controller

Diaconia University of Applied Sciences Ltd
PO Box 12, 00511

Contact person for matters related to data protection

Liisa Leppänen, tietosuojavastaava
Kyläsaarenkuja 2, 00580 Helsinki
tietosuojavastaava@diak.fi

Name of privacy statement

Staff services privacy statement

Purpose of the processing of personal data

  • Processing of personal data of staff in the working community throughout the duration of the employment relationship;
  • Information collected in the recruitment process;
  • Processing of personal data of staff in the working community throughout the duration of the employment relationship;
  • Personal information required after the employment relationship has ended (basic information, education-related information and pension information).

Legal basis of processing of personal data

According to Article 6 of the General Data Protection Regulation, data processing is lawful only if, and only to the extent that, at least one of the following conditions is met:

a) The data subject has given their consent
b) The processing is necessary for implementing an agreement to which the data subject is a party
c) The data processing is necessary for compliance with the statutory obligations of the data controller
d) The data processing is necessary for safeguarding the vital interests of the data subject or some other natural person
e) The data processing is necessary for performance of some duty in the public interest, or the processing is necessary for the data controller ‘s exercise of their public power
f) The processing is necessary for fulfilment of the legitimate interests of the data controller or of a third party

The conditions to be met are b, c, e and f.

Personal data groups to be processed and storage periods for personal data

Personal data to be processed: Personal ID number, Email address, Telephone, Address, Name

Other data to be processed:

  • Information related to describing the skills of personnel and jobseekers;
  • Information related to management of employment relationships for the entire duration of employment and salary management.

Periods for which data is stored:

  • Recruitment process documents, two years;
  • Employment information during active employment, filing according to archive creation plan.

Whether sensitive information (race/ethnicity, origin, political opinion, religious or philosophical belief, membership of a trade union, health-related information, sexual orientation or behaviour) is processed. Article 9: Yes.

If yes, is the processing based on consent? Yes.

If sensitive information is processed without the data subject’s consent, please indicate the reason for the processing: Membership of a trade union.

Information systems used and system-specific privacy statements

  • Sympa
  • Personec W
  • Recright
  • Duuri
  • Dynasty
  • ePopulus
  • network disc
  • intranet

Regular sources of information

  • The data subject themselves (staff and job seekers)
  • Recruitment partners

Regular data disclosure

  • Outsourced to payroll management for salary management
  • Occupational health services

Transfer of information outside the EU or the European Economic Area

The data is not transferred outside the EU or the European Economic Area.

Principles of protecting registers

A) Manual material

Is there manual data? Yes.

If yes, how is the material stored and protected?

  • Lockable cabinet
  • In an archive (Kyläsaarenkuja 2)

B) Digitally processed data

Is there data in electronic form? Yes.

If yes, how is the material stored and protected? The data will be stored in accordance with Diaconia University of Applied Sciences’ archive creation plan (AMS). The material can be accessed only by personnel who gave been given authorisation for the purposes of carrying out their work duties. The server is protected by an appropriate firewall and other technical protection.

Rights and responsibilities of data subjects

The data subject has the right to request access to personal data concerning him or her, the right to request correction or erasure of such data and the right to request restriction of the processing of it, the right to oppose processing or it, and the right to transfer from one controller to another.

The data subject has the right to withdraw their consent at any time without this affecting the lawfulness of the processing carried out prior to this withdrawal, if the processing of personal data is based on the consent of the data subject.

Upon request, the data subject may use the model form drawn up in the Office of the Data Protection Ombudsman.

The data subject has the right to file a complaint with the Office of the Data Protection Ombudsman.

Profiling is not carried out on the basis of personal data contained in the register.

If personal data is processed for direct marketing purposes, the data subject has the right at any time to oppose the processing of their personal data for such marketing, including profiling when it is related to such direct marketing.

The data protection officer is the contact person in matters relating to the rights and obligations of the data subjects. The contact details of the data protection officer are given at the beginning of the privacy statement.