Notice on the processing of personal data in the Finnish Environment Institute’s training system

This notice contains the information specified in Article 13 of the General Data Protection Regulation (2016/679) of the European Parliament and of the Council that must be provided to the data subject. This notice explains, among other things, how the Finnish Environment Institute Syke collects, uses, discloses and stores the personal data of people who enrol for training and events organised by Syke.

Data controller and data protection officer

If you want to receive additional information or make an inquiry or change request, please contact us:

Finnish Environment Institute Syke
Latokartanonkaari 11, 00790 Helsinki, Finland
kirjaamo@syke.fi
Tel. +358 295 251 450

Coordinator

Minna Wasenius
firstname.lastname@syke.fi
+358 295 251 730

Data protection officer

Juha Ruotsalainen
tietosuojaSYKE@syke.fi

Legal basis for processing

The processing of personal data is based on the data subject’s consent (Article 6 paragraph 1 point (a) of the GDPR), collected at the time of enrolling for a training course or another event. However, the processing of the personal data of Syke personnel is primarily based on employment (Article 6 paragraph 1 point (b) of the GDPR).

Participation in training requires providing the personal data described in this notice.

Personal data collected and the purposes of processing personal data

The personal data collected includes the participant’s name, job description, organisation, telephone number and email address.

We use the personal data for the administration of training courses and events and for developing our service.

Based on a separate consent obtained at the same time, Syke uses the data for providing information on future training offering by email.

The data is primarily collected in Syke’s training information system, but enrolments are also collected through the Webropol service. The system used is indicated at the time of enrolment.

The personnel of the service provider for Syke’s training information system also have access to the personal data. The service provider is a processor of personal data in accordance with the GDPR, and it must follow instructions provided by Syke when processing the personal data.

The personnel of the Webropol service provider also have access to the personal data. The service provider is a processor of personal data in accordance with the GDPR, and it must follow instructions provided by Syke when processing the personal data.

Recipients of personal data

The personal data is primarily used at Syke for the purposes defined in the preceding section. In addition, Syke may disclose personal data to its partners for the purpose of organising training courses and events.

Storage of personal data

The personal data is stored for the required amount of time so that Syke can implement the purposes of processing described in this notice. In accordance with the archive formation plan, the data is erased five years after participation in the training.

A person from outside Syke can request that their data be erased at any time, in which case also the history data in the training information system will be erased. After erasing the data, Syke cannot provide the person with their participation information any more.

Withdrawing consent

Those data subjects for whom data processing is based on their consent (people from outside Syke) have the right to withdraw their consent at any time. In such a case, the withdrawal will not have any impact on the legality of processing performed based on the consent before the withdrawal of the consent.

Protection of personal data

For Syke's training information system, the personal data is stored in the outsourced Visma Aquila Oy's eTaika service. (The user has access to the service through an interface at www.syke.fi/koulutus.) The connection to the service is secured with SSL. The data can only be accessed by Syke’s training services and persons authorised to administer training and events at Syle.

For the Webropol service, the personal data is stored in the outsourced Webropol service (www.webropol.fi). The connection to the service is secured with SSL. The data can only be accessed by dedicated persons at Syke who are associated with the administration of the training in question.

Rights of the data subject

The data subject has the right to ask Syke for information on which personal data Syke is collecting and for which purposes the personal data is processed in connection with the administration of training and events. In addition, the data subject has the right to have their personal data rectified, to have its processing restricted, to object to the processing and to transmit the personal data from one system to another. In addition, the data subject has the right to lodge a complaint to the supervisory authority.

Published 2020-01-03 at 11:43, updated 2024-06-26 at 8:20

Target group: