Rules and information security policy

Rules

The link will open in a new tab. You can download the file by clicking the Download button.

INFORMATION SECURITY POLICY

Data Protection Officer
List of personal data registers
IT Policy / Information Security Policy
Membership register description
Privacy Policy of the Lyyti service
Treanglo Oy’s (Kide.app) Privacy Notice

DATA PROTECTION OFFICER

Our Data Protection Officer is the Executive Director (Tomi Hyppänen)
tietosuojavastaava(at)tamko.fi, +358 44 382 6560

LIST OF PERSONAL DATA REGISTERS

  • JäsRek – Membership register provided by Hakosalo Innovations Oy.
  • Kide.app – Endorsement membership register provided by Treanglo Oy.
  • Lyyti.fi – Event registrations.
  • Mailing lists – Provided by hostingservice.fi.
  • Netvisor – In accordance with the Accounting Act. Everyone who has been paid contributions or salaries/fees are in this system.
  • File folders – That contain, for example, membership registers of clubs and the register of former Tamko operators. Tamko manages the sharing of the data and deletes the data concerning past events.

IT POLICY / INFORMATION SECURITY POLICY

The processing of personal data in Tamko
Contents:

General information:

When personal data is processed, the computer displays have privacy screens that prevent direct third-party visual contact to the display. Personal user IDs are used to log in to computers and systems. In addition, the computers’ antivirus software is kept up to date.

Employees who process personal data have been oriented to the changes brought about by GDPR, and all employees have successfully completed the “Fundamentals of Data Protection” and “The Main Principles of Data Protection” online courses. The courses were developed for TAMK by Granite. Persons who process personal data are subject to a written agreement concerning the processing of data.

Membership register:

The membership register is kept in a system that is maintained by an outside firm. The system’s servers are located in Finland. The membership register is integrated into TAMK’s information systems. A member submits their information, and the information is verified and updated from TAMK’s information systems. All users have personal user IDs to the membership register. Only those persons who need the information in their work have user ID’s. A data protection annex of a contract with the service provider has been updated to the GDPR standards. Resigned members are deleted from the membership register immediately after their resignation. Former members who have not paid their membership fee are deleted from the register when their right to study ends or when they graduate from TAMK. Only the membership fee data, which cannot be linked to any natural person after deletion, will remain in the register after deletion.

A member may review / update their information in Tamko’s membership register from this link.

Data in the membership register is not transferred outside of the EU (European Union) or the EEA (European Economic Area). Personal data from the membership register may be disclosed for marketing purposes inside the EU and the EEA if the member has consented to it. If a member does not fill that section on their membership application form, it will be deemed that consent is not given. Most of the applications are made through an electronic form and an encrypted connection. Paper forms are destroyed together with confidential waste after the information of the member is entered into the register.

Endorsement member register

The information a member gives about themselves while paying their endorsement membership fee in the Kide.app service is stored. The information in the register: The name, name of a possible association, place of domicile, email address, phone number, and Yes/No information on whether the member wants their name published on the website and whether they want to subscribe to the mailing list. The register is protected with a username and password. Only those Tamko operators who need access to the information have usernames and passwords. Data from the endorsement membership register is not transferred anywhere without a separate consent, and the data is never transferred outside of the EU and EEA.

Tamko Topics weekly email newsletter:

The weekly newsletter is sent to the Tamko members who are in the membership register of the Students’ Union of the Tampere University of Applied Sciences. The email address is retrieved from the system of TAMK (if a member has forwarded their emails from TAMK’s email system to another email, Tamko Topics will also be transferred). The purpose of the newsletter is to maintain member relations in the manner referred to in the Associations Act.

Event registrations, borrowers of sports equipment, and club registers

– The registers of clubs under Tamko (membership registers and event registrations) are in the cloud service purchased by Tamko, of which access rights are managed by Tamko.
– Tamko’s own event registrations are collected through the Lyyti.fi service. Only those persons from Tamko who need the information to organize events have user ID’s. A data protection annex of a contract with the service provider has been updated to the GDPR standards.

Mailing lists:

Tamko has several mailing lists. If a person is not reached after a few attempts through the email address they have registered with to the mailing list (the address is not valid or the mailbox is full), the address will automatically be removed from the mailing lists. An address is also removed if a person requests it, unless their being on the mailing list is due to them being, for example, a Council member or in other position that makes it necessary for Tamko to reach the persons on the list.

Survival Kit renters:

The paper forms/contracts on renting Survival Kits are stored in a locked office until the deposit has been refunded. After that, the paper forms are destroyed together with confidential waste, and a scanned paper will remain as an attachment/receipt in the accounts. The information is not disclosed to a third party.

Sauna renters

Paper contracts on renting the sauna are stored in a locked office. Old contracts are stored in a safe until the tax assessment is completely finalized for the current tax period. After this, the paper contracts are destroyed together with the confidential waste. The information is not disclosed to a third party.

Student cards and ordering/acquiring student cards:

Plastic student cards with chips are centrally ordered from a Finnish card manufacturer. The order will be placed from the membership register. The essential personal data needed in the manufacturing of a card and a picture of the person (information on the card) will be delivered, with good information security practices, to the card manufacturer. The data is disclosed on the grounds that the student wishes to order a student card for themselves and gives a permission to transfer their data to the card manufacturer.

No data is automatically disclosed for the Pivo mobile student ID card. The personal data of a Tamko member can be disclosed, within the boundaries of law, to Pivo Wallet Oy for the purposes of activating the electronic student card and verifying the student status. The personal data of those members who have activated the mobile student ID card in the Pivo application and thus accepted the Terms of Use of Pivo’s mobile student ID card (that is, they have activated data transfers from the Pivo application and consented to it) is disclosed to Pivo Wallet Oy.

Processing of personal data related to Council elections

All Tamko members have a right to vote in Council elections that are in accordance with the Universities of Applied Sciences Act. Information about upcoming elections, the nomination of candidates, and the method of voting will be delivered to the members through tamko.fi website and Tamko Topics newsletter. Electronic voting will be conducted through the voting application in the membership register. All members will automatically be sent user IDs to the voting system, through the system itself, to their email address provided by the University of Applied Sciences. Persons working at the ballot box are granted the electoral official’s rights to the membership register, which only reveal member information necessary to conduct the elections. Tamko’s rules and Election Standing Order are adhered to in the elections.

The members who stand as a candidate in the Council elections give Tamko a right to publicly publish the lists of candidates, pictures of the candidate, other relevant information in elections, and the results of the election. All information published, excluding the results, is provided by the candidate themselves.

Tutor register

Tamko conducts tutoring on behalf of TAMK. To conduct tutor training and tutoring, the information of tutors is collected with TAMK’s forms. The data is stored in a file folder provided by TAMK to which only Tamko operators have access. The rights to access the file folder are managed by TAMK’s helpdesk, at the request of the Executive Director of Tamko. To conduct tutoring activities, the name and education data of the tutors is transferred to TAMK’s electronic group workspace Wiki-Confluence. Tutoring is a course unit that awards credits granted by TAMK, that is, the granting of credits requires that the data of the tutor is transferred to a contact person at TAMK.

Other processing of personal data

Netvisor is our financial and payroll administration system. Processing of personal data in the system is based on, for example, the Accounting Act. Strong identification is used in the system, and only those persons who need the information in their work have access rights to the system. A data protection annex of a contract with the service provider has been updated to the GDPR standards.

The payroll and accounts are managed by an outside firm. A data protection annex of a contract with the service provider has been updated to the GDPR standards.

Data protection supervision and related procedures

We follow the PCDA cycle (Plan-Do-Check-Act). In all of our activities, we begin by developing a model that is safe concerning data protection and has its contracts in order. When the systems are operational, possible deviations in data protection are controlled and monitored. Noticed deviations are kept in a register, and the persons whom the deviation concerns will be informed when it is required. If the deviation warrants that authorities must also be notified, the notification will be delivered as soon as possible. We also aim to remedy issues as soon as possible and in the manner that does not give rise to possible new issues.

Processing of this file

This file has been publicly available on the tamko.fi website since May 15, 2018 when it was approved in a Council meeting. A decision of a Board meeting is not required to modify this file. If the file is updated, a log entry will be added to the end of the file, and the log entry must state the three latest modifications, the date of the modification, and the justification for the modification. Note: this is an unofficial translation. In case of any discrepancies, the Finnish original prevails.

Data Protection Officer

Our Data Protection Officer is the Executive Director (Tomi Hyppänen)
tietosuojavastaava(at)tamko.fi, +358 44 382 6560

Updates to the file / log:

– Treanglo Oy’s (Kide.app) Privacy Notice updated to the web page (October 29, 2019)
– Pivo mobile student ID card information on the Student cards and ordering/acquiring student cards section updated on June 27, 2019. The modification is made due to the changed login procedure and activation of the mobile student ID card.
– A link was added to the Membership register section through which a member may review / update their data in the register (March 19, 2019).
– Texts relating to the Kide.app endorsement membership register added on February 11, 2018. / A new channel for the endorsement members to join and a register have been introduced.

Membership register description

PRIVACY POLICY OF THE LYYTI SERVICE

TREANGLO OY’S (KIDE.APP) PRIVACY NOTICE