Menu

Close

Quick links

Privacy notice for applicant marketing

Data controller

Laurea University of Applied Sciences Ltd, Ratatie 22, 01300 Vantaa

Purpose and legal basis of processing personal data

The purpose of processing personal data is to provide up-to-date information and to target marketing to those interested in Laurea’s degree programmes and who have given marketing consent.

The processing of personal data is based on consent given separately.

Categories of personal data processed

  • First and last name
  • Email address
  • Mobile phone number

Personal data are retained for two years.

An individual may prohibit the use of their data for marketing purposes, in which case the individual’s data will be deleted.

Sources of data

Contact details are collected on Laurea’s website on the programme pages via contact forms, in competitions and lotteries organised by Laurea, and at Laurea school visits and events.

Regular disclosures and transfers of data

The data are intended for Laurea’s internal use and are not disclosed to external parties unless prior consent has been obtained from the individuals concerned.

Personal data are collected to a designated email address, from which they are transferred at least once a week to the LianaMailer system, through which marketing communications are sent to register members. After the transfer, the personal data are immediately deleted from the email.

Contact details are not given to parties outside Laurea. Personal data are not transferred outside the EU or the EEA.

Principles of register protection

Personal data are accessible only to those members of Laurea’s staff who need them to perform their duties. The register’s management follows Laurea University of Applied Sciences’ information security and data protection guidelines.

Access is restricted by network measures and user rights. Traffic to the system over public networks is always encrypted. Maintenance of the server environment has been outsourced under written agreements. The server hardware is located in the service provider’s secure data centre appropriate to its purpose.

Rights of the data subject

The data subject’s rights are determined by Articles 15–22 of the EU General Data Protection Regulation:

Right to access the data

  • The data subject may request the data concerning them. The request must be made in writing to the person responsible for the register. The request should specify which data it concerns.

Right to rectification

  • The data subject may request the correction of their data from the person responsible for the register.

Withdrawal of consent and deletion of consent-based data

The data subject may withdraw their consent to the processing of their personal data and prohibit the use of their personal data for Laurea University of Applied Sciences’ marketing and information purposes. The request can be made to the person responsible for the register.

Restriction of processing

  • The data subject has the right to restriction of processing if
    • the data subject contests the accuracy of the personal data, in which case processing is restricted for the time necessary for the controller to verify their accuracy
    • the processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use
    • the controller no longer needs the personal data for the purposes of processing, but the data subject needs them for the establishment, exercise or defence of legal claims

Transfer of data from one system to another

  • The data subject has the right to receive in a machine-readable format the personal data concerning them which they have provided to the controller, where processing is based on consent and is carried out by automated means.

The contact person for matters related to the data subject’s rights is the data protection officer. The data subject has the right to lodge a complaint with the data protection authority.