Skip to content

Privacy policy

General part
Privacy policy for employees
Privacy policy for students

1. Processing of personal data at Oamk

Data protection means the protection of personal data and people’s privacy when processing personal data. The purpose of data protection is to prevent personal data from falling into the wrong hands or being misused.

Oamk’s operations require the processing of personal data of students, staff and partners. Therefore, data protection must be considered in all operations, and personal data are processed within the framework of legislation and agreements.

Oamk processes students’ personal data to carry out its task laid down in the Universities of Applied Sciences Act. Partner, customer and alumni data are processed on the basis of a contract, consent, legitimate interest or legal obligation. Personal data are processed for the purpose of performing work duties, enabling students to study, and maintaining user authorisations and data security.

Oamk is also responsible for data protection when the processing of personal data has been acquired as a service from an external supplier.

2. Ensuring data protection and data security is a common concern

Data protection and data security are largely dependent on the actions of individuals. Everyone is responsible for these things for their part. Taking care of safety requires focusing on the basics and actively following bulletins.

Every Oamk employee undertakes to look after their usernames and passwords so they do not fall into the hands of third parties.

Any detected or suspected shortcomings and irregularities in data security must be reported without delay to the Head of Information Management or the Data Protection Officer. The contact details and forms for reporting detected issues concerning data protection or data security are available on the page it.oamk.fi.

As a protective measure, Oamk has the right to restrict or prevent the use of IT services.

3. Rights of the data subject

The data subject has the right to obtain confirmation from the controller as to whether their personal data are being processed. The data subject always has the right to request from the controller access to and copies of their personal data, as well as the right to request rectification or erasure of such data or restriction of processing and to object to processing. As a rule, this is handled by enabling staff members to update their contact information directly in the register. If the data subject does not have access to the register in which they wish to review their data, they may submit a request for review or rectification to Oamk. In accordance with the General Data Protection Regulation, the controller must respond to a request for exercising the data subject’s rights within one month after receiving the request.

The right to erasure does not extend to personal data that the University of Applied Sciences processes on the basis of a statutory task or in the public interest, or for which the University of Applied Sciences has another retention obligation.

The following forms are used to submit requests for the review, rectification and erasure of data to the controller:

To review your data or request correction or deletion of your data, follow these steps:

Staff:

  • Send the form from your own Oamk email or submit it to the Data Protection Officer.

Parties outside the organisation:

  • Submit the form either by mail or by encrypted email to tietosuoja[at]oamk.fi or return it to the Data Protection Officer.

A data subject who wishes to restrict or object to the processing of their data should contact the Data Protection Officer.

Data subjects may have the right to transfer their data from one system to another, provided that this right applies to the data in question.

Data subjects can also file an appeal with the Data Protection Ombudsman if they believe that Oamk is unable to protect their personal data or if they want to ensure that Oamk is operating in compliance with data protection regulations. In other words, they have the right to lodge a complaint  with a supervisory authority.

4. Cookies

Oamk’s website uses cookies. A cookie is a small text file that is sent to and stored on the user’s computer. Cookies do not harm users’ computers or files. Cookies allow websites to, for example, keep you logged in or remember your previous settings. The information is used to improve the site’s functionality, marketing and the site’s content.

You can find out more about our cookie policy and change your cookie settings at any time by visiting our Cookie Policy page.

5. Further information

Separate information packages concerning the data protection of individual systems are available for the main systems used at Oamk. They provide more detailed descriptions of the key information for each system and are usually linked to the system in question.