This notice contains the information specified in Article 13 of the General Data Protection Regulation (2016/679) of the European Parliament and of the Council that must be provided to the data subject. This notice explains, among other things, how the Finnish Environment Institute SYKE collects, uses, discloses and stores the personal data of people who enrol for training and events organised by SYKE.
Data controller and data protection officer
If you want to receive additional information or make an inquiry or change request, please contact us:
Finnish Environment Institute SYKE
Latokartanonkaari 11, 00790 Helsinki, Finland
kirjaamo@syke.fi
Tel. +358 295 251 450
Coordinator
Minna Wasenius
firstname.lastname@syke.fi
+358 295 251 730
Data protection officer
Juha Ruotsalainen
tietosuojaSYKE@syke.fi
Legal basis for processing
The processing of personal data is based on the data subject’s consent (Article 6 paragraph 1 point (a) of the GDPR), collected at the time of enrolling for a training course or another event. However, the processing of the personal data of SYKE personnel is primarily based on employment (Article 6 paragraph 1 point (b) of the GDPR).
Participation in training requires providing the personal data described in this notice.
Personal data collected and the purposes of processing personal data
The personal data collected includes the participant’s name, job description, organisation, telephone number and email address.
We use the personal data for the administration of training courses and events and for developing our service.
Based on a separate consent obtained at the same time, SYKE uses the data for providing information on future training offering by email.
The data is primarily collected in SYKE’s training information system, but enrolments are also collected through the Webropol service. The system used is indicated at the time of enrolment.
The personnel of the service provider for SYKE’s training information system also have access to the personal data. The service provider is a processor of personal data in accordance with the GDPR, and it must follow instructions provided by SYKE when processing the personal data.
The personnel of the Webropol service provider also have access to the personal data. The service provider is a processor of personal data in accordance with the GDPR, and it must follow instructions provided by SYKE when processing the personal data.
Recipients of personal data
The personal data is primarily used at SYKE for the purposes defined in the preceding section. In addition, SYKE may disclose personal data to its partners for the purpose of organising training courses and events.
Storage of personal data
The personal data is stored for the required amount of time so that SYKE can implement the purposes of processing described in this notice. In accordance with the archive formation plan, the data is erased five years after participation in the training.
A person from outside SYKE can request that their data be erased at any time, in which case also the history data in the training information system will be erased. After erasing the data, SYKE cannot provide the person with their participation information any more.
Withdrawing consent
Those data subjects for whom data processing is based on their consent (people from outside SYKE) have the right to withdraw their consent at any time. In such a case, the withdrawal will not have any impact on the legality of processing performed based on the consent before the withdrawal of the consent.
Protection of persona data
For SYKE’s training information system, the personal data is stored in the outsourced eTaika service. (The user has access to the service through an interface at www.syke.fi/koulutus.) The connection to the service is secured with SSL. The data can only be accessed by SYKE’s training services and persons authorised to administer training and events at SYKE.
For the Webropol service, the personal data is stored in the outsourced Webropol service (www.webropol.fi). The connection to the service is secured with SSL. The data can only be accessed by dedicated persons at SYKE who are associated with the administration of the training in question.
Rights of the data subject
The data subject has the right to ask SYKE for information on which personal data SYKE is collecting and for which purposes the personal data is processed in connection with the administration of training and events. In addition, the data subject has the right to have their personal data rectified, to have its processing restricted, to object to the processing and to transmit the personal data from one system to another. In addition, the data subject has the right to lodge a complaint to the supervisory authority.