Privacy Policy for Student Register

Privacy Policy for Student Register 

1. Data Controller

Koodi / Sisu ry 

Business ID: 3333372-5 

laura.nykanen@koodisisu.fi 

Viestikatu 7 

70600 Kuopio 

  

Contact Person for Data Privacy Matters 

Laura Nykänen 

Viestikatu 7 

70600 Kuopio 

0408222685 

laura.nykanen@koodisisu.fi 

  

2. Register Name

kood/Sisu School Student Register 

  

3. Purpose and Legal Basis for Processing Personal Data

Personal data is processed for the following purposes: 

  

– Managing student information, academic achievements, course selections, and module registrations. 

– Generating certificates related to individual students. 

  

Personal data is not processed for automated decision-making. The data subject’s information is processed to facilitate the management of student data within Koodi / Sisu. 

  

4. Collected Personal Data

The Student Register collects the following information: 

  

– Student information (first and last name, personal identification number, address details, nationality, phone number, and email address) 

– Information related to study rights 

– Assessment data 

– Module registrations 

– Information related to internships and student recruitment 

  

Personal data is obtained both directly from the data subject and from the Koodi / Sisu student data management system. Personal data may also be collected and updated from public and private registers, such as the population register. 

  

5. Regular Disclosures of Data

Data is not regularly disclosed to external parties, except for the funding body of the Koodi/Sisu Code School in North Savo, the Southern Savonia Centre for Economic Development, Transport, and the Environment (ELY-keskus). Personal data is only shared with the Southern Savonia ELY Centre to the extent required for project funding. Register data may also be transferred to Koodi / Sisu service platforms (e.g., recruitment platform). 

  

The data controller may use external subcontractors for tasks defined in this policy, in which case service providers act on behalf of the data controller. Subcontractors may include the platform provider of Koodi / Sisu Code School, marketing and communication agencies, information system suppliers, as well as real estate and facility service providers. The data controller may also provide the contact information of the registered individuals to members and customers of Koodi Sisu ry for the purpose of organizing internships and student recruitment. Personal data may be disclosed to authorities when required and based on applicable legislation. 

  

6. Transfer of Data Outside the EU or the European Economic Area

Data from the Student Register may be transferred outside the European Union or the European Economic Area when it is necessary for providing the service. When transferring personal data outside the EU or EEA, the data protection legislation requirements and the impact on the data subject’s rights and freedoms are considered, and necessary protective measures are taken. 

  

7. Principles of Personal Data Protection

Access to the Student Register is granted only to specific personnel employed by the data controller who require access to the data for their tasks. Each user has a unique username and password for the system. The data controller restricts access rights to systems containing personal data and monitors their use. All personnel handling personal data are bound by confidentiality obligations. 

  

Stored personal data is kept in systems protected with firewalls, passwords, and other technical measures. Personal data is protected by the data controller against unauthorized access and against accidental or unlawful processing through adequate technical and organizational measures. 

  

8. Retention Period of Personal Data

Personal data is retained for as long as it is necessary for the proper management of student data. Information is deleted no later than ten (10) years after the student has completed the required studies at kood/Sisu. 

  

Data may be retained beyond this period if needed for ongoing official investigations, legal proceedings, or similar matters. 

  

9. Data Subject’s Rights

The data subject has the right to access their personal data and request the transfer of data to another system. Additionally, the data subject has the right to request the correction of incorrect personal data concerning them. If the processing of personal data is based on consent, the data subject has the right to withdraw their consent at any time, leading to the removal of the given consent. The data subject also has the right to request the deletion of personal data if it is no longer needed for the purposes for which it was collected. 

  

Furthermore, the data subject has the right to limit processing if the data is believed to be incorrect, processed unlawfully, or if the data subject has objected to the processing based on their specific situation. 

  

The data subject can exercise the rights by sending a written request to laura.nykanen@koodisisu.fi. 

  

The data subject has the right to file a complaint with the Data Protection Ombudsman if they suspect that Koodi / Sisu ry does not comply with the requirements and obligations of data protection regulations.