Data Protection and Privacy Policy
Name of the Register
Customer register of Open UAS
User register of Humak.fi
Registrar
Suomen Humanistinen Ammattikorkeakoulu Oy
Ilkantie 4, 00400 Helsinki
kirjaamo{at}humak.fi
www.humak.fi
Registrar’s responsible person
Jukka Määttä, Principal-CEO
Contact person in privacy and data protection issues
Suomen Humanistinen Ammattikorkeakoulu Oy (Humak)
Ilkantie 4, 00400 Helsinki
kirjaamo(at)humak.fi
www.humak.fi
Data Protection Officer
Christa Sairio, Specialist, Data protection officer
christa.sairio(at)humak.fi
Legal basis and administration of personal data
The groups of people whose data can be processed are participants in training organized by the controller, those who have given marketing permission, or buyers of other services or products who log in separately to the online service
Humak as the data controller is responsible for complying with the data protection principles defined in the law at all stages of processing personal data. All processing of personal data must be done carefully and in compliance with the law and Humak’s data protection policy.
Personal data must be processed appropriately and only for a specific purpose. The processing of personal data is done with the consent of the person in question or on other legitimate grounds defined by the law. To perform its duties, Humak will process the personal data of various interest groups in addition to the personal data of staff and students.
Humak processes personal data based on the General Data Protection Regulation of the EU, the University of Applied Sciences Act, the Government Decree on Universities of Applied Sciences and the consent of the
Humak collects data (kauppa.humak.fi | Open UAS) when a customer registers to the studies in open university of applied sciences. In humak.fi the personnel data is always anonymized and the cookies are opted out by default. The user register consists of Humak staff and the students who has been given rights to update the contents of the websites.
In open UAS website the personal data is processed to implement the agreement between the data controller and the data subject and, based on the data subject’s consent, to process registrations, orders, contacts, transactions, marketing, reporting and other measures related to customer service or website maintenance, and to receive donations.
Purchase and transaction data and location data processed in the register can also be used for marketing measures and customer communication if the used actively selects the cookie practices in the webpage. The visit history of individual visitors is always anonymized, except for purchases in the online store.
Personal data in the register can also be processed in connection with sending the newsletter, participating in events, trainings and other marketing measures but only if the user gives a consent to it.
If the data subject does not provide the requested information to the extent that the data is related to the registration of the open university of applied sciences or the maintenance of the website, the data controller cannot accept the registration of the data subject nor commit to an agreement between the data controller and the data subject on the organization of education or the right to update the website.
Rekisterin tietosisältö
The register stores the following self-declared and saved data in the system by the customer of the Open UAS online store:
Name
Username
Telephone
Street adress
Post number
City
Country
Total amount of the purchases in order to calculate the annual maximum study fee
Information required to get a discounted price (alumni, labour market status)
Purchased courses
Order number
Order status
Notes in the order service and eventual communication with the customer
Payment transaction service is a third party service collecting the payments securely. Paytrail is storaging:
Name
Telephone
Adress
Purchased product
Amount of purchase
Transaction number, date, time and payment method
Information systems that use the register
Humak’s website www.humak.fi and its affiliate *.humak.fi sites (subdomains).
Open UAS website, ecommerce: https://kauppa.humak.fi
www.paytrail.com
Regular sources of information
Google Analytics GS4
Google Tag Manager
Hotjar
VWO
Zendesk-chat (ent. Zopim)In addition MailChimp-service is used for news letters when the user has given a consent for the correspondance.
Regulatory disclosures of intormation
Register data can be shared within the organization and to the authorities in cases required by law. In addition, the register data is transferred to the defined personal data processor in the student affairs administration. Register data can be accessed by persons with the main user level of the website and administrators of the online store.
Data transfer outside the EU or ETA
Our website uses the Indian VWO service, which means that information related to the use of the website is transferred outside the EU. However, VWO is committed to complying with GDPR requirements. More information can be found at the link below.
In addition, we use MailChimp service for direct marketing and communication, which is committed to complying with GDPR requirements. More information can be found at the link below.
Our website uses a chat service provided by Zendesk from the United States. If the user decides to provide their email address via chat, the address is saved in Zendesk’s system.
Securing the data
Information storage is technically protected. Physical access to data is prevented by means of access control and other security measures.
Access to information requires sufficient rights and identification. Unauthorized access is also prevented e.g. with the help of firewalls and technical protection. Logging in to the website is blocked from unknown IP addresses outside operational area and strong password policy is obligatory.
Only the data controller and specially designated technical persons can access the register data. Only named persons have the right to process and maintain the data in the register.
Users are bound by a duty of confidentiality. The registry data is backed up securely and can be restored if necessary. The level of information security is audited at frequent intervals either by external or internal auditing.
Employees have the right to see only such information as they need in their work.
Rights of registrants
To the extent that the processing of personal data is based on the data subject’s consent, the data subject has the right to withdraw consent to the storage of his data at any time. This does not affect the legality of the processing carried out before the cancellation. The request must be made in writing to the keeper of the register.
The inspection request must be made in person or in writing. The right of inspection shall be exercised without delay. Without undue delay, the controller must, on his own initiative or at the request of the data subject, correct, delete or supplement the data in the register that is incorrect, unnecessary, incomplete or outdated in terms of the purpose of the processing. (Finnish Personal Data Act § 29). If the correction of information is refused, a written certificate of refusal will be given. The registered person has the right to refer the matter to the data protection commissioner. The data protection commissioner can issue an order to the data controller to correct the information.
Changes to the privacy statement
We reserve the right to change this privacy statement. The content of the data protection statement should be checked regularly.