Skip to content

Privacy statement for International mobility

Controller

Laurea University of Applied Sciences Ltd, Ratatie 22, 01300 Vantaa, Finland

  • Controller’s contact person: President, Managing Director Jouni Koski, jouni.koski@laurea.fi
  • Person in charge of the register: Planning Officer, International Services Saara Vestu, saara.vestu@laurea.fi
  • Contact details of the data protection officer: Marjo Valjakka, marjo.valjakka@laurea.fi

The person responsible for the data is the administrator of the student and study database, provides information and receives requests for correction or checking of data.

What are the purpose and legal basis for the processing of personal data?

The data is processed for the following purposes:

  • Administration of student exchange and placement agreements and organisations,
    mobility information (outgoing/incoming students/staff),electronic exchange applications and reporting (AMKOTA, OKM/OPH, EU commision for Erasmus+ programme)
  • The activities related to the international partner higher education institutions are based on concluded exchange and cooperation agreements.

The lawful basis for processing of personal data of is performance of exchange and cooperation agreements and, in certain respects, also on a legal obligation. The applicable laws include the Universities of Applied Sciences Act (932/2014), and some of the data are collected in accordance with the Act on the National Registers of Education Records (884/2017).

The following legislation also applies to universities of applied sciences:

  • Administrative Procedure Act (434/2003)
  • Administrative Judicial Procedure Act (586/1996)
  • Act on the Openness of Government Activities (621/1999)
  • Decree on the Openness of Government Activities and on Good Practice in Information Management (1030/1999)
  • Statistics Act (280/2004)
  • Act on Financial Aid for Students (65/1994)
  • Unemployment Security Act (1290/2002)
  • Government Decree on financial aid for students (869/2017)
  • The EU’s General Data Protection Regulation (2016/679)
  • Data Protection Act (1050/2018)

What categories of personal data Laurea processes?

Laurea University of Applied Sciences only processes data that are necessary with respect to performing administration and reporting tasks. These data include:

  • surname, first names
  • personal ID, date of birth
  • gender
  • contact details: home address, phone number, email
  • nationality
  • mother tongue
  • field of study, degree programme, specialisation
  • degree title
  • organisation, unit
  • type of education (Bachelor, Master)
  • number of study years and credits completed before exchange
  • bank and account number
  • contact person in case of emergency (automatically erased in the system within a month after the exchange has ended)
  • tutor teacher

EXCHANGE INFORMATION 

  • type and level of exchange
  • timing and duration
  • exchange destination and country
  • exchange programme
  • amount of grant
  • exchange report
  • amount of credits completed in exchange 

AGREEMENT INFORMATION 

  • duration
  • contracting parties
  • name and country of institution
  • exchange programme
  • agreement’s field of study
  • types and number of persons

What are the grounds for the retention time?

The retention periods are determined in accordance with the requirements of law, Erasmus+ programme, the decisions of the National Archives of Finland and the filing plan of Laurea University of Applied Sciences.

The following data are permanently retained:

  • study entitlement, registration, degree, study and graduation data
  • attendance and absence data
  • data related to the evaluation amendment process

The following data are retained for a specified period

  • students’ exam results, exam answers, exercises and other similar data accumulated in digital learning environments
  • student mobility and student exchange data and certificates excluding performance data
  • student welfare documents in connection to the exchange grant

What are the sources of information?

Basic information for outgoing students is extracted from the Peppi system, other information is gathered from users as they fill in the information in the system.


Statutory disclosure and transfer of data

Provision of information is done with the help of data transmission connections, as paper printouts, or as email lists.

  • Own data collection and compilation of statistics
  • Activities financed with Erasmus grant are reported to the Centre of International Mobility Finnish National Education Agency for Education twice a year according to EU’s Lifelong Learning Programme’s sub programme Erasmus’ financialagreement.
  • Activities financed with TFK Student and Teacher Exchange Programme grants are reported to the Finnish National Agency for Education twice a year.
  • To Social Insurance Institution: information about outgoing exchange students is conveyed in order to institute overseas study grant and so cial security.
  • To Ministry of Education and Culture: AMKOTA data is reported annually for ministry’s national data collection.
  • To student union Laureamko for dividing tutor students for all exchange students (incoming exchange students’ information only)
  • To specific housing companies (only to HOAS and housing companies coordinated by Laurea campuses at Lohja, Hyvinkää and Porvoo) for the housing provision (incoming exchange students only) to guarantee the students get their housing offer.

How do we protect the information?

SoleMOVE system is used online. A restricted number of people have access to the electronically handled data with personal usernames and passwords. The rights of usage are allocated task specifically. Right to handle application information of other people than the user personally are cancelled upon information of change in responsibilities. 

Documents for students, related to international mobility, are produced from the system. The users are responsible for archiving the documents. Documents containing personal information are disposed of by shredding or as ’data protection waste’.

What are your data subject rights?

New students are informed in writing at the beginning of the term when they register that their name and contact information details and details connected to their studies are stored in the student and study database. They can then authorise the provision of the data for direct marketing, educational market ing and internet use through the student user interface.


You have the right to access your personal data

You have the right to check the personal data registered at Laurea via the student interface if you have enrolled as an attending student. You have the right to receive an official study certificate and a transcript of records from the Student Affair Office.  If you are studying at Laurea currently or have studied before, you can check the registered information. You can do it once a year and free of charge.  

If you intend to make a request to access your personal data, you should do it either in person or in writing. If you do it in writing, the document must be signed or otherwise reliably verified. You should direct your request to the Student Affairs Office of your own Laurea unit.  
The person who is in charge of register-related matters will decide whether to grant you the requested access. 
Your identity will be checked before granting access to your personal data. Official identification card with a photograph can verify your identity. A request sent from Laurea’s email system can be considered adequate proof of identification. Your right of access should be provided without delay.  

You have the right to rectification of your personal data

If you are an attending student, you may correct your contact details via the student user interface or contact the Student Affairs Office and ask to make the change.  
Laurea (the data controller) must erase or complete personal data in the register that is incorrect, unnecessary, incomplete or outdated regarding the purpose of the data processing. The data controller must do so without undue delay. Once the request was received, the data controller has a month to address it and not later than that.  
The student affairs officers must immediately correct the error in personal data once they found it or report it to a person with access rights to rectify it instead.  

You have the right to demand rectification of data. 

If the controller happens to refuse your demand to rectify personal data, you will receive a certificate of refusal. You have the right to contact the Data Protection Ombudsman regarding your matter. The Data Protection Ombudsman may issue an order to Laurea to rectify the data. 
You have the right to erasure of personal data
Your right to the erasure of your personal data, as stated in Article 17 of the General Data Protection Regulation does not apply to personal data processed in compliance with a legal obligation.  
You have the right to erase personal data based on consent. 

You have the right to restriction of processing

There are certain cases when you have the right to restrict the active processing of your personal data. For instance, this right applies to situations where you argue against the accuracy of your personal data.  
Your personal data may still be stored but not in any way processed if you didn’t give the consent. 

You have the right to object to automated individual decision-making

You have the right to object to the processing of personal data for purposes such as direct marketing, scientific, historical, or statistical research.  
If you use your right to object, Laurea as the controller may no longer process your personal data for the purpose in question. 
Your right to object does not apply to statutory data processing. 

You have the right not to be subject to a decision based only on automated processing, including profiling. Profiling produces legal effects concerning you or significantly affects you. However, it does not apply if the decision is based on your explicit consent. Or it is necessary for entering into a contract between you and a data controller.  


If you have questions about your rights as a data subject, you may contact the data protection officer. 
You have the right to file a complaint with the data protection authority.