Log in:


Choose a city

Do you crave an active lifestyle?

Register here!

Data Protection Records


NB: This document is a translation from the original document. This translation is not binding; its purpose is only to explain the contents of the original document in English. In case there are any obscurities in the translation, please check the original document for correct and binding expressions. The original document can be found on the Finnish website of SYKETTÄ.

EU’s General Data Protection Regulation, Articles 12, 13 and 14
Updated: 21.9.2018

1. Controller of the register

The Student Union of the University of Eastern Finland (Itä-Suomen yliopiston ylioppilaskunta, ISYY)

2. Representative of the controller

Secretary General Anna-Kristiina Mikkonen

3. Contact persons of the controller

Juho Mutanen, tel. +358 50 346 9620, email: vapaa-aika@isyy.fi
Heli Aalto, tel. +358 44 576 8445, email: liikuntasuunnittelija@isyy.

4. Contact information of the Data Protection Officer

Data Protection Officer Helena Eronen, tel. +358 400 581 776, email: tietosuojavastaava@isyy.fi

5. Purpose of processing personal data

Personal data are processed in SYKETTÄ sports services for the following purposes: 

6. Legal basis of processing personal data

Processing is based on Article 6 or 9 of the General Data Protection Regulation (at least one basis).

 EU’s General Data Protection Regulation, Article 6, paragraph 1, points a-f:

        consent of the data subject

        implementation of the controller’s or third party’s legitimate rights. What legitimate right is in question: customer relationship

7. Categories of personal data and the period for which the personal data will be stored

Personal data on the SYKETTÄ service

When registering in SYKETTÄ service, the following personal data is asked from the user: 

Personal data shall be maintained in SYKETTÄ system as long as the person in question is an active user of the services. Active user means a person, for part of which at least one of the following conditions realises: 

 Personal data shall be deleted from the SYKETTÄ system, when none of the conditions mentioned above realises.

 Personal data in sports instructing

 Customers of sports instructing shall fill in by themselves a paper initial information form, which includes background information concerning exercising. The following personal data are filled by customers in the form: 

In addition, the customers shall fill background information concerning state of health and exercising in the form by themselves. Forms shall be removed as the instructing period has ended.

8. Information systems that are used in processing

Personal data that is collected in the SYKETTÄ system are used in the following information systems:

9. Where is the personal data required in processing received from? Does a data subject have a responsibility to deliver the required personal data? Consequences if a data subject does not deliver the required personal data

A data subject shall log in the SYKETTÄ system by themselves with a student email address or staff member email address of University or University of Applied Sciences. Personal data are stored in the system in accordance with the login. Providing the personal data is a prerequisite to use the services. Consent to processing personal data is asked along the registration.

Right of the staff members and students of the University of Eastern Finland to use the services can be checked from WebOodi and from the list of staff members that is delivered regularly for a Sports Coordinator by the University.

Customers of sports instructing shall deliver the required personal data for the sports instructors by themselves. Providing the personal data and background information is a prerequisite to implement the sports instructing.

10. Use of cookies

In the browser-based information systems of data processing are used cookies. Cookie is a small text file, which is stored on the user’s device by the browser. Cookies are used for carrying out services, making it easier to log in to services and making it possible to compile statistics on using the services. User may restrain the use of cookies in the browser system, but it may prevent the system from operating properly.

 Cookies are used in processing of personal data:

 ☒ Yes, browser-based systems: SYKETTÄ

11. Regular transfers and disclosures

Personal data are disclosed regularly for the following parties:

Appliware Oy
Appliware Oy is an administrator of the SYKETTÄ mobile app and operates as a processor of the SYKETTÄ user register’s personal data. To guarantee the operational reliability, Appliware Oy shall have access to all data in the SYKETTÄ system.

Co-operation companies that hold classes for SYKETTÄ customers
Co-operation companies that hold SYKETTÄ classes operate also as processors of the SYKETTÄ user register’s personal data. Disclosure of the personal data concerns those users, who have enrolled for a class that is held by a co-operation company. Disclosure is made so that the keeper of the class can confirm the participants of the class in the SYKETTÄ system. Participating in the classes is monitored to prevent malpractices of the services.

Rikujokinen.com
Riku Jokinen is an administrator of the SYKETTÄ website and operates as a processor of the SYKETTÄ user register’s personal data. To guarantee the operational reliability, Jokinen shall have access to all data in the SYKETTÄ system.

Student Union of the Karelia University of Applied Sciences, POKA
Student Union of the Karelia University of Applied Sciences, POKA, operates as a processor of the SYKETTÄ user register’s personal data. SYKETTÄ stickers are sold and key fobs are granted at POKA’s offices, and in addition there is a SYKETTÄ staff member on the payroll of POKA.

Student Union of the Savonia University of Applied Sciences, SAVOTTA
Student Union of the Savonia University of Applied Sciences, SAVOTTA, operates as a processor of the SYKETTÄ user register’s personal data. When a person, that has registered in the SYKETTÄ Joensuu website and redeemed a SYKETTÄ sticker, wants to cross-use the services in Kuopio, the person has to first activate the cross-usage to Kuopio campus on their own user profile. After this, the person’s data transfers from their user profile into the user register of SYKETTÄ Kuopio. Thus the person can be given a SYKETTÄ sticker to the services of Kuopio.

Terveystalo, FSHS (YTHS), student health service of the Karelia University of Applied Sciences
Customers coming to the sports instructing are sent to the sports instructors through Terveystalo, FSHS and the student health service of the Karelia University of Applied Sciences. After the sports instructing, information concerning the success and implementation of the sports instructing is disclosed to the above-mentioned parties. Customer’s consent for sending the information is asked.

University of Eastern Finland
When a staff member of the University of Eastern Finland buys a SYKETTÄ sticker, right to use the Aurora’s gym is activated in their key fob. In case a staff member buys a SYKETTÄ sticker online, they can ask the Facilities Management for the right to use the Aurora’s gym without having to inform ISYY about buying the sticker.

12. Data transfer or disclosure to outside EU or EEA and the legitimate grounds for such actions

Personal data on the SYKETTÄ website and mobile app shall not be transferred to outside EU or EEA. Personal data located in Google Drive are transferred to outside EU. Google obeys the standard contractual clauses of the European Commission in guaranteeing the required level of data protection, when personal data are transferred to outside EU. ISYY has agreed EU’s standard contractual clause in the legal clauses of its contract’s data protection with Google.

13. Principles of protecting personal data

Protecting personal data on the SYKETTÄ website

Access to personal data on the SYKETTÄ website has been restricted to only for those persons, who have one of the following rights to use: 

Rights to use have been given for the staff members in accordance with their tasks and responsibilities. Persons with the instructor status can inspect personal data only for the part of those classes, in which the person in question has been marked as the instructor of the class.

SYKETTÄ website has been protected with an SSL Certificate. It is not possible to register in the website without a valid email address of University or University of Applied Sciences.

Protecting personal data in sports instructing

Customers’ personal data and background information concerning sports instructing are stored as paper versions in a locked room for the period of sports instructing. Only the sports instructors and SYKETTÄ staff members have access to the locked room.

14. Automated decision-making

Automated decisions shall not be made.

15. Rights of a data subject

A data subject shall have the right to inspect the data that concern them. A data subject shall have the right to claim for rectification of their data. A data subject shall have the right to claim for erasure of their data. A data subject shall have the right to claim for restriction of processing. A data subject shall have the right to object processing. A data subject shall have the right to request for transferring their personal data from the controller for another. A data subject shall have the right to withdraw the consent they have given, in case processing the personal data is based on the consent the data subject has given. A data subject may use the above-mentioned rights by contacting the Data Protection Officer of the Student Union, tietosuojavastaava@isyy.fi.

A data subject has the right to make a complaint to the Office of the Data Protection Ombudsman, in case the data subject deems that the valid data protection legislation has been violated in processing the personal data concerning the data subject.

Advice and instructions in matters related for the rights of data subject are given by the Data Protection Officer, contact information in section 4.