Personnel register
Information to the data subject in accordance with the EU General Data Protection Regulation (2016/679) articles 13-14.
1. Controller
Arcada University of Applied Sciences Ltd
Jan-Magnus Janssonin aukio 1
00560 Helsinki
Business ID: 2553871-2
2. The controller’s representative
Adminstrative and HR director Susanne Homén-Lindberg
Tel. 0294 282 609
E-mail address in the format E-mail: firstname.surname
3. Contact person for the register
Administrative Coordinator Emilia Nygård
Tel. 050 468 89 55
Payroll clerk Susanne Tuominen
Tel. 0294 282 605
E-mail address in the format E-mail: firstname.surname
4. Data protection officer
Data protection officer, legal counsel Anna Härmä
Tel. 0294 282 888
E-mail address E-mail: dataprotection
5. Purposes of processing personal data
The data is used to manage employment relationships during the employment’s entire life cycle as well as for payments of salaries and remunerations.
6. Legal basis for processing personal data
The legal basis for processing personal data is Arcada’s legal obligation and legitimate interests as an employer.
Data that belongs to special categories of personal data (according to the General Data Protection Regulation, article 9) are processed in the register. Data about the employee’s state of health is processed to ensure that Arcada fulfills its legal obligations as an employer, which includes providing occupational health care for the personnel and assessing the employees’ working ability and capacity. Information about memberships in labor unions is processed with the employee’s consent.
7. Categories of personal data and the duration of storage
- Basic data about the person (name, date of birth, social security number, contact information)
- Information about the employment, including the entire life cycle of the employment
- Information about salary payments (salaries, bank account number, information about the employment, distrains, personal salary additions, employee benefits, memberships in labor unions)
- Documentation in connection to yearly performance reviews and exit dialogues
- Education, follow-up of competencies, CV
- Working hours, annual holidays and leaves, sick leaves and other absences and certifications regarding these
- Information on job measurement for salary levels
- Position profile and job description
- Information about work equipment (phone, computer, special tools)
- Written warnings, notices on termination of employment, employment certificates, information about intellectual property rights and other documentation in connection to the employment
The duration of storage of the data is:
| Personnel register | time of storage: permanent |
|---|---|
| Documents in connection to sidelines | time of storage: validity + 10 years |
| Absence notification | time of storage: 2 years |
| Annual holiday confirmation | time of storage: 5 years |
| Annual holiday notification | time of storage: 2 years |
| Decision/certificate on termination of employment | time of storage: 50 years |
| Power of attorney, membership in labor union | time of storage: 10 years |
| Documents regarding salaries and salary additions | time of storage: 50 years |
| Time sheets | time of storage: 10 years |
| Notes from yearly performance reviews | time of storage: 10 years |
| Job measurements (forms and decisions) | time of storage: 10 years |
| Personnel training | time of storage: validity |
| List of attendees in personnel trainings | time of storage: 2 years |
| Requests of leaves | time of storage: validity |
| Employment certificate with annexes | time of storage: 10 years |
| Position profiles and job description | time of storage: 10 years |
8. IT systems used when processing personal data
SD Worx W Web – personnel administration and payroll system
ASE and Apache Syncope – identity management systems
Trail – inventory system
Arbetstidsplan – time sheet processing system
Aditro Trip & Expense – travel administration system
Ugglan – project follow-up system
Siqni - employee survey
9. Data sources
The data in the register is provided by:
- The employee: Basic information, bank account number, further education, membership in labor unions. The basic information and bank account number is necessary in order for Arcada to fulfill its legal responsibilities as an employer and in order for an employment contract to be made with the employee
- Recruitment register: CV, employment certificates, diplomas
- HR unit: Employment contract, job measurement, exit dialogues
- The employee’s manager: Time sheet, yearly performance reviews, other matters regarding the employment and the employee’s performance
- The tax authorities: Taxation information
- Office of the Bankruptcy Ombudsman: Information about distrains
- Labor unions: Power of attorney for deductions of labor union fees
10. Recipients of the personal data
Data may be transferred to:
Pension insurance companies
The Finnish Centre for Pensions
The Social Insurance Institution of Finland (KELA)
Finnish Education Employers (FEE) and Confederation of Finnish Industries (EK)
Labor unions
The Tax Administration
Tax authorities abroad (for personnel residing abroad)
The Ministry of Education and Culture
The Employment Fund
Enforcement offices
Banks and auditors
Insurance companies
Occupational health care and other companies providing services relating to employees’ health.
The Civilian Service Centre
Teleoperators
Travel agencies and other companies providing services relating to business trips
11. Transfer of personal data outside the EU and the EEA and the basis for the transfer
Personal data is not regularly transferred outside the EU or the EEA without the data subject’s consent.
If suppliers or services which require personal data to be transferred outside the EU or the ETA are used, Arcada will make sure that the requirements for adequate level of protection are met or that appropriate safeguards are provided in accordance with the General Data Protection Regulation 44-50.
12. Principles for the protection of personal data
Material in electronic format is stored in IT systems and on computers protected from unauthorized use with security measures including firewalls and passwords. The systems have different user levels, and users are granted access to the data only to the extent the user’s work tasks require.
Material in paper format is stored in locked rooms with limited access and access control.
13. Automated decision-making
Automated decisions and profiling are not made based on personal data within the register.
14. The data subject’s rights
Information about the data subject's rights can be found here.