Access control register
Information to the data subject in accordance with the EU General Data Protection Regulation (2016/679) articles 13-14.
1. Controllers
Fastighets Ab Arcada Nova
Jan-Magnus Janssonin aukio 1
00560 Helsinki
Business ID: 2493277-7
Arcada University of Applied Sciences Ltd
Jan-Magnus Janssonin aukio 1
00560 Helsinki
Business ID: 2553871-2
2. The controllers’ representatives
CEO Jörgen Wiik
Tel. 0294 282 805
E-mail address in the format E-mail: firstname.surname
Rector Mona Forsskåhl
Tel. 0294 282 699
E-mail address in the format E-mail: firstname.surname
3. Contact person for the register
Laboratory Engineer Harri Anukka
Tel. 0294 282 606
E-mail address in the format E-mail: firstname.surname
4. Data protection officer
Data protection officer, legal counsel Anna Härmä
Tel. 0294 282 888
E-mail address E-mail: dataprotection
5. Purposes of processing personal data
The data is used to administer rights of access to Arcada's buildings and to enable access control.
The data can, if necessary, be used to investigate suspected harassments, improper behavior and unlawful usage of keys.
Access control can be used for the reporting of student’s course attendance and attendance in mandatory lectures, provided this is announced in the course description, or in other ways communicated to the participants beforehand.
6. Legal basis for processing personal data
The processing of personal data is based on the controller’s legal obligation as employer and university to provide suitable access to work and study spaces and to strive for a safe work and study environment for personnel, students and guests.
All employees are granted a key. Students and guests can be granted a key, and for these groups the legal basis for processing is consent.
7. Categories of personal data and the duration of storage
1) The key holder (name, the personnel’s or guests position or role, the student’s educational programme)
2) Information about granted keys and to which spaces they give access
3) User log (the key used, door and time)
The data is stored during the period when the person has a role, which grants him or her access to the building and has an electronic key, after the person’s access is terminated, the data is stored for two years.
8. IT systems used when processing personal data
Abloy OS – system for access control
9. Data sources
Basic data about the personnel is provided by the personnel register, basic data about the student is provided by the student register, and basic data about guests is provided by the guest him- or herself or by his or her contact person at Arcada. The information is necessary to allow access to the spaces at Arcada.
10. Recipients of the personal data
Data may be transferred within the Arcada group.
Data from the register can be disclosed to the Police, in accordance with the Police Act (87/2011) chapter 4, when suspecting or investigating a crime.
11. Transfer of personal data outside the EU and the EEA and the basis for the transfer
Personal data is not transferred outside the EU or the EEA.
12. Principles for the protection of personal data
Material in electronic format is stored in IT systems and on computers protected from unauthorized use with security measures including firewalls and passwords. The systems have different user levels, and users are granted access to the data only to the extent the user’s work tasks require.
Material in paper format is stored in locked rooms with limited access and access control.
13. Automated decision-making
Automated decisions and profiling are not made based on personal data within the register.
14. The data subject’s rights
Information about the data subject's rights can be found here.