Privacy Policy

Privacy Policy

The Institute of Adult Education in Helsinki privacy policy, drawn up May 22, 2018.

This privacy policy document reports the information required in EU General Data Protection Regulation and Personal Data Act (523/1999) concerning the personal data registers of the Institute of Adult Education in Helsinki. The contents are updated accordingly when the information changes.

Controller

Controller: The Institute of Adult Education in Helsinki
Business ID: 0203131-0
Postal Addresss: Runeberginkatu 22-24, 00100 Helsinki
Phone: 09 41 500 300
Mail: toimisto@helao.fi

The Functions and Units of the Controller

A private institute of adult education, open for all. The Institute serves its customers as a goal-oriented study community, where an adult can futher life-long, continuous studies and mental growth.

Contact Person for Data Protection

Name: Hanna Nummenranta
Postal Address: Runeberginkatu 22-24, 00100 Helsinki
Email: hanna.nummenranta@helao.fi

There is no named ombudsman for data protection (grounds: EU General Data Protection Regulation Article 37)

The Purpose of Handling Personal Data

The controller handles students’ personal data for the purposes of arranging education and teaching and for customer service improvement. Data is also collected for statutory authority required statistics and for funding application purposes.

The controller also handles personal data for the purposes of fulfilling personnel’s working relationship obligations.

Personal data is not handled for the purposes of marketing without the data subject’s consent.

Updated Registers

The Informational Content of the Registers

Necessary information for individualising, identifying and arranging training, such as:

  • the customer’s/student’s name and social security number;
  • contact information: address, home county, phone number and e-mail address;
  • background information such as native language, educational background and work experience;
  • other more specifically individualised information as specified in the said registry documents.

Regular Sources of Information

The information in the registers mainly comes from the data subject.

Giving Out Information

The customer’s/student’s personal data is not given out outside the third parties acting on behalf of the controller per se. Data can, however, be given out statutorily to the National Agency for Education, employment and business authorities and Kansaneläkelaitos (Kela).

The controller does not move or give out personal data outside the European Union or the European Economic Area.

Personal data is not given out for direct marketing purposes.

The Registers’ Protection Principles

TData protection and the confidentiality, integrity and usability of personal data of the controller is secured by the appropriate technical and adminstrative measures. The information and service is protected by, for example, a firewall, the protection of equipment premises, access control, access rights and encryption techniques, and also active surveillance. The personal data is protected from unauthorized access and illegal or accidental data handling.

Personal data is only handled by specifically appointed persons designated by the controller and those controller employed third parties who maintain or develop services for the controller.

Rights of the Data Subject

The data subject has, as stated below in points 1–7, rights to the aquisition, correction, restriction, removal and moving the data concerning them as well as the right to complain about the handling of their data.

  1. The right to ask for access to one’s personal data and check what data concerning them has been saved to the controller’s register;
  2. The right to ask for the correction or removal of erroneous or inconcise data concerning them;
  3. The right to ask for the restriction of the handling of one’s personal data;
  4. The right to oppose the handling of one’s personal data (by prohibiting its handling for, for example direct marketing, marketing or opinion polls or vital records, or geneaological studies);
  5. The right to demand the transfer of one’s personal data to another system in a commonly used data format. (This right only pertains to information the data subject has given themselves.);
  6. The right to withdraw one’s consent to handle one’s personal data:
  7. The right to make a complaint to a supervising authority.

The request or demand stated in points 1–6 above must be sent in written form and signed to the address Toimihenkilöjärjestöjen Opintoliitto ry, Runeberginkatu 22–24, 00100 Helsinki. In it must be stated the data subject’s name, social security number, postal address and phone number. The answer to the request will be delivered to the Population Register Centre certified address of the data subject. The register keeper has a right to take identification actions before sending information. The request or demand concerning data handling can also be presented in person at the above mentioned address, and the data subject must upon request present an official document for the purposes of identification (personal ID, driver’s lisence or passport).

The compaint to the supervising authority is made following the authority provided instructions straight to the appropriate authority, which in Finland is the Ombudsman for Data Protection: http://www.tietosuoja.fi/fi.