Privacy Policy for Student Admissions Register

Privacy Policy for Student Admissions Register 

  

1. Data Controller

Koodi / Sisu ry 

Business ID: 3333372-5 

laura.nykanen@koodisisu.fi 

Viestikatu 7 

70600 Kuopio 

  

Contact Person for Data Privacy Matters 

Laura Nykänen 

Viestikatu 7 

70600 Kuopio 

0408222685 

laura.nykanen@koodisisu.fi 

  

2. Register Name

kood/Sisu School Student Admissions Register 

  

3. Purpose and Legal Basis for Processing Personal Data

Personal data is processed for the following purposes: 

  

– Implementation of the kood/Sisu School student application and selection process. 

– Contact information is used for reaching the individual. 

  

Personal data is not processed for automated decision-making. The data subject’s information is processed to facilitate the management of student data within kood/Sisu. 

  

4. Collected Personal Data

The Student Application Register collects the following information from applicants: 

  

– First and last name 

– Personal identification number 

– Date of birth 

– Gender, if disclosed by the applicant 

– Nationality 

– Address details and place of residence 

– Phone number 

– Email address 

– Language proficiency 

  

Personal data is obtained directly from the data subject. Personal data may also be collected and updated from public and private registers, such as the population register. 

  

5. Regular Disclosures of Data

Data is not regularly disclosed to external parties, except for the funding body of the Koodi/Sisu Code School in North Savo, the Southern Savonia Centre for Economic Development, Transport, and the Environment (ELY-keskus). Personal data is only shared with the Southern Savonia ELY Centre to the extent required for project funding. 

  

The data controller may use external subcontractors for tasks defined in this policy, in which case service providers act on behalf of the data controller. Subcontractors may include the platform provider of Koodi/Sisu Code School, marketing and communication agencies, information system suppliers, as well as real estate and facility service providers. Personal data may also be disclosed to authorities when required and based on applicable legislation. 

  

6. Transfer of Data Outside the EU or the European Economic Area

Data from the Student Register may be transferred outside the European Union or the European Economic Area when it is necessary for providing the service. When transferring personal data outside the EU or EEA, the data protection legislation requirements and the impact on the data subject’s rights and freedoms are considered, and necessary protective measures are taken. 

  

7. Principles of Personal Data Protection

Access to the Student Application Register is granted only to specific personnel employed by the data controller who require access to the data for their tasks. Each user has a unique username and password for the system. The data controller restricts access rights to systems containing personal data and monitors their use. All personnel handling personal data are bound by confidentiality obligations. 

  

Stored personal data is kept in systems protected with firewalls, passwords, and other technical measures. Personal data is protected by the data controller against unauthorized access and against accidental or unlawful processing through adequate technical and organizational measures. 

  

8. Retention Period of Personal Data

Personal data is retained for as long as it is necessary for the proper management of the student application and selection process. Information is deleted no later than five (5) years after the applicant’s most recent application to kood/Sisu. 

  

Data may be retained beyond this period if needed for ongoing official investigations, legal proceedings, or similar matters. 

  

9. Data Subject’s Rights

The data subject has the right to access their personal data and request the transfer of data to another system. Additionally, the data subject has the right to request the correction of incorrect personal data concerning them. If the processing of personal data is based on consent, the data subject has the right to withdraw their consent at any time, leading to the removal of the given consent. The data subject also has the right to request the deletion of personal data if it is no longer needed for the purposes for which it was collected. 

  

Furthermore, the data subject has the right to limit processing if the data is believed to be incorrect, processed unlawfully, or if the data subject has objected to the processing based on their specific situation. 

  

The data subject can exercise the rights by sending a written request to laura.nykanen@koodisisu.fi. 

  

The data subject has the right to file a complaint with the Data Protection Ombudsman if they suspect that Koodi / Sisu ry does not comply with the requirements and obligations of data protection regulations.