Active Directory user directory's privacy statement
Articles 13 and 14 of the EU General Data Protection Regulation
Data Protection Act (1050/2018)
Articles 13 and 14 of the Combined Data Subject Information Document (EU Data Protection Regulation 2016/679)
1. Controller
Seinäjoki University of Applied Sciences, SeAMK Library
Kampusranta 11, Frami F
FI-60320 Seinäjoki, Finland
+358 20 124 3000
seamk(at)seamk.fi
2. Controller’s representative
Asmo Myllyaho, Head of Property and Information Management, Seinäjoki University of Applied Sciences
tel. +358 40 830 4262
asmo.myllyaho(at)seamk.fi
2a. Official responsible for the personal data file
Veli-Matti Mäkelä, Planning Officer, Information Management, Seinäjoki University of Applied Sciences
tel. +358 40 830 3990
veli-matti.makela(at)seamk.fi
2b. Contact persons in matters relating to the data file
–
2c. Contact details of the Data Protection Officer
Jarmo Jaskari, Data Protection Officer, Seinäjoki University of Applied Sciences
tel. +358 40 868 0680
jarmo.jaskari(at)seamk.fi
3. Name of the data file
User directory of Seinäjoki University of Applied Sciences’ information network (Active Directory, AD).
4. Purpose of processing personal data/data file use
Personal data are processed for the purpose of making the information network and its services available on the basis of an employment relationship and/or right to study, or other general prerequisites laid down in section 8 of the Personal Data Act.
The user directory and the data contained in it are used to manage access rights to SeAMK’s network and its services, including the Intranet, student administration services, and e-mail.
User data are also transmitted to external systems which base their user identification on SeAMK’s directory. They include services using the HAKA trust network, Microsoft 365 cloud service, online library services (Nelli portal), and wireless networks (eduroam).
5. Purpose of maintaining the data file
–
5a. Data content of the file
- User ID
- work ID (employee number for staff members
- student number for students)
- organisation data
- unit
- name data
- telephone number data
- e-mail addresses
- SIP address, title
- password
- ID status
- home folder address
- login script
- info field
- description
- website
- login data
- photograph of user (staff)
- group memberships
- role
- student role ID
- student name
- degree programme name (students)
- start and end date of studies (students)
- gender
- student’s year of birth
- date of birth
- preferred language
- ID registration date
- ID registration method
- HAKA home organisation
- HAKA home organisation type
5b. Information systems using the data file
–
6. Regular sources of data
Application for user rights to the University of Applied Sciences’ network signed by the user.
Staff
- HR file, through the user administration system
Students
- Student file, through the user administration system
Third-party users
- Third-party user file, through the user administration system
7. Regular disclosure of data
The following data are disclosed to HAKA trust network services:
- preferred name
- last name
- user ID
- unique anonymous identifier
- e-mail address
- role (students)
- degree programme (students)
- organisation type
- personal identity code
The user’s permission is asked before their data are disclosed to a service connected to the HAKA trust network. This permission is given separately to each service, and the user can display a list of the data disclosed to each service. The user can withdraw their permission.
General data from the Active Directory are disclosed to the Microsoft 365 cloud service.
8. Transfer of data outside the EU or the EEA
No data are transferred to non-EU or EEA countries.
9. Principles of data file protection
A. Manual material
No manual version of the user directory exists. The signed user right applications are stored securely.
B. Computer-processed data
The data are protected by usernames and passwords. Data protection is ensured in compliance with SeAMK’s internal information security regulations.