Data protection statement for Uniarts Helsinki’s related parties
EU General Data Protection Regulation, Articles 13 and 14. Informing a data subject. Drafted on 8 September 2022.
1. Entity and person in charge of processing personal data
Finance Director Tiina Laino-Asikainen
Email: firstname.lastname(at)uniarts.fi
2. Contact persons for processing personal data
Head of Accounting Juha Kantonen (contact person for board and executive group members)
Head of Finance Timo Lampinen (contact person for members of the investment committee)
Email: firstname.lastname(at)uniarts.fi
3. Data Protection Officer
Data Protection Officer of Uniarts Helsinki is Legal Counsel Minna Eskola.
Email address: privacy(at)uniarts.fi
Phone: +358 (0)294 47 3490
Postal address: P.O. Box 1, 00097 UNIARTS
4. Register name
Private interest register for Uniarts Helsinki’s related parties
5. Purpose and legal basis for processing personal data
The purpose for maintaining the register and for processing personal data is to present information in the financial statements as provided in the Accounting Decree (1339/1997, chapter 2, section 7 b). In connection with the preparation of the financial statements, Uniarts Helsinki must be able to report to, for example, the financial auditor who are the related parties of Uniarts Helsinki, on what the related party relationships are based and what kind of transactions may have been carried out between Uniarts Helsinki and its related parties.
The data collected in the related party register is also used for the following purposes:
- Internal reporting and other administrative measures,
- conduct of any judicial and administrative proceedings and
- prevention and investigation of abuses.
The legal basis for processing personal data is the legitimate interest of the controller. When personal data is processed in order to comply with legal requirements or to fulfil certain reporting obligations, the legal basis for the processing is primarily compliance with a legal obligation
When processing personal data, we do not utilise automated decision-making nor profiling referred to in the GDPR.
6. What data do we process?
Among other things, we process the following data:
- Basic information such as first name, last name and date of birth
- Related party role: a board member, a member of the rector’s executive group, an external member of the investment committee
- Data on the start and end dates of the related party role
- Contact details such as an email address, a phone number, address information
Data on private interests
- Information that there are no private interests to report
- Information on entities in which a related party exercises control or significant influence
Data concerning a related party’s
- management duties and positions of trust in companies and other entities engaged in business activities,
- board memberships in registered associations or foundations,
- employment relationships or assignments outside Uniarts Helsinki and
- other private interests that may be significant regarding the performance of Uniarts Helsinki’s positions of trust or work duties.
Providing the information listed above is a prerequisite for us to fulfil our responsibilities.
7. Where do we get information?
We collect personal data directly from the data subject.
8. To whom do we disclose or transfer data, and do we transfer data outside the EU or EEA?
There are no regular disclosures of register data to third parties other than financial auditors. We may disclose your data to third parties in the following situations:
Compliance with laws or the requirements of a competent law enforcement authority, government agency, court or third party to enable us to comply with requirements related to the legal process or law enforcement or to exercise or defend our legal rights.
Information requests: Uniarts Helsinki’s activities are guided by the application of the Act on the Openness of Government Activities (621/1999). Due to the application of the Act on the Openness of Government Activities, the university may be obliged to disclose personal data to third parties.
We do not transfer data outside the EU or EEA.
9. How do we protect data and for how long do we store it?
The data is only processed by those Uniarts Helsinki employees who are authorised to process the register data in their line of work. The data is gathered in databases protected with firewalls, passwords and other technical means. The databases and their backup copies are situated in locked spaces, and the data can only be accessed by certain pre-named persons.
As controller, Uniarts Helsinki has taken the necessary technical and organisational measures and also requires them from any service providers it uses.
The obligation to report private interests ends at the time when the member of the rector’s executive group’s employment relationship with Uniarts Helsinki ends or when the membership of the board or the investment committee ends. Uniarts Helsinki processes personal data in the related party register 10 years after the end of the financial period to which they relate. After the end of the intended use, the personal data is deleted or anonymised within a reasonable time.
We assess the need for data storage on a regular basis, taking into account any applicable legislation. In addition, we take reasonable steps to ensure that the data subject’s personal data being stored in the register is not outdated, erroneous or incompatible with the purpose of processing. We immediately correct or erase such data.
10. What are your rights as a data subject?
Data subjects are entitled to check the data concerning them stored in the personal data register and demand that erroneous, outdated, unnecessary or illegal data is rectified or erased. If the data subject has access to their data, they can edit the data personally.
In accordance with the GDPR (as of 25 May 2018), data subjects have the right to object to or request the restriction of the processing of their personal data, and they also have the right to lodge a complaint about the processing of their personal data with the supervisory authority.
For extraordinary personal reasons, the data subject has the right to object to a set of processing operations involving their personal data when the legal basis for processing is our legitimate interest. The data subject must specify the specific reasons for the objection in their request. We have the right to refuse to comply with the request only according to legislative criteria.
If the data subject is not satisfied with the manner in which the university has processed their personal data, the subject can appeal to the national data protection supervisory authorities for an inquest into the matter. In Finland, the national data protection supervisory authority is the data protection ombudsman.
11. Your responsibility
You are responsible for the information that you deliver or make available to Uniarts Helsinki. You must make sure that the information is true and accurate and in no way misleading.
12. Who can you contact?
All questions on the processing of personal data as described in this data protection statement are to be asked by getting in touch with the contact person named in section 2 who will forward the matter to the data protection officer if necessary. In case you feel that your rights as mentioned in section 10 are not respected, you may directly contact the university’s data protection officer named in section 3.