Google file description

Two laptops.

File description

1. Controller

Laurea University of Applied Sciences 
Ratatie 22
FI-01300 Vantaa, Finland
+358 (0)9 8868 7293
tietohallinto.palaute@laurea.fi

2. Person in charge of register-related matters

Kimmo Pettinen
Director, IT
Laurea University of Applied Sciences
Ratatie 22
FI-01300 Vantaa, Finland
+358 (0)9 8868 7877
Kimmo.Pettinen@laurea.fi

Kimmo Pettinen works as IT Director at Laurea. He provides more detailed information about this register to data subjects. For instance, data subjects may send rectification and access requests to him.

3. Name of the register

​File description of the Google Apps for Education for the students and personnel of Laurea University of Applied Sciences.

4. Purpose of the processing of personal data and use of the register

The purpose is to provide the Google Apps for Education service as a support service for studies. Admitted students with a valid right to study and employees in an employment relationship with Laurea may use the service. In addition, a person who has been granted a Laurea University of Applied Sciences user ID and has activated it may use the service.

Use of the service is voluntary. Laurea processes personal data with care and good data processing practice.

5. Information contained in the data file

By approving the transfer of user information, the user approves the transfer of the information necessary for the use of the service. This information comprises the user’s first name, last name, user ID (student ID for students) and e-mail address.

In addition, users may enter other personal information in the service as they wish. They may also upload and share information and material they want via the service.

Storage and erasure of data content

The right to access the service is tied to the right to use the user ID. When the access right expires, any data stored in the service are also erased. According to Google’s terms and conditions, data erased from the service will disappear from Google’s systems within 180 days of the end of the access right.

6. Regular sources of information

The user database of Laurea University of Applied Sciences, which uses the study register system as the source of information, including the personnel register.

The users themselves with respect to information they enter in the system.

7. Regular disclosure of data

​Google Ireland Limited and Google Inc. (hereinafter referred to as ‘Google’) and subcontractors used by Google, whose servers may also be located outside the EU/EEA. By starting to use the service, the user gives his or her consent to regular disclosure of user data outside the EU/EEA.

8. Principles of the protection of the register

The principles of protection applied by Laurea and the principles of protection pursuant to the Google contract.

9. Right of access and realisation of the right of access (Personal Data Act, sections 26–28)

The Google privacy statement is available to all users in Laurea’s user ID management system.

Right of access

The right of access is provided without delay. The right of access may be denied only in an exceptional case. If the right of access is denied, the data subject is provided with a written denial certificate. The data subject has the right to refer the matter to the Data Protection Ombudsman, address Office of the Data Protection Ombudsman, P.O. Box 315, 00181 Helsinki, Finland. The Data Protection Ombudsman may issue an order to the controller to realise the right of access.

Realisation of the right of access

The request for access to information is made in person or in writing (a document signed by the person in question or otherwise reliably verified). The request for access to information is addressed to the contact person in the user’s unit as mentioned under item 2. The person in charge of register-related matters decides on the granting of the requested access (see item 2). The person designated by the party making the decision provides the requested information.

Right to prohibit processing (section 30 of the Personal Data Act)

Data subjects have the right to prohibit the controller to process their data for purposes such as direct advertising, distance selling and other direct marketing, market surveys, opinion polls, public registers and genealogical research.

10. Rectifications and their implementation

Rectification

The controller must, without undue delay at its own initiative or in response to the data subject’s request, erase or complete personal data in the register that is incorrect, unnecessary, incomplete or outdated with regard to the purpose of the data processing (Personal Data Act, section 29).

The identity of the person making the request is checked. The person in charge of register-related matters decides on the making of rectifications.

11. Other possible rights

The file description is available at Laurea’s website.

"