Log in:


Choose a city

Do you crave an active lifestyle?

Register here!

Data Protection Records


NB: This document is a translation from the original document. This translation is not binding; its purpose is only to explain the contents of the original document in English. In case there are any obscurities in the translation, please check the original document for correct and binding expressions. The original document can be found on the Finnish website of SYKETTÄ.

EU’s General Data Protection Regulation, Articles 12, 13 and 14
Updated: 20.12.2019

1. Controller of the register

The Student Union of the University of Eastern Finland (Itä-Suomen yliopiston ylioppilaskunta, [ISYY])

2. Representative of the controller

Secretary General Sanna Heinonen

3. Contact persons of the controller

Service Planner Niklas Leinonen, tel. +358 44 576 8418, email: vapaa-aika@isyy.fi
Sports Coordinator Heli Aalto, tel. +358 44 576 8445, email: liikuntasuunnittelija@isyy.

4. Contact information of the Data Protection Officer

Data Protection Officer Helena Eronen, tel. +358 50 554 0000, email: tietosuojavastaava@isyy.fi

5. Purpose of processing personal data

Personal data are processed in SYKETTÄ sports services for the following purposes: 

6. Legal basis of processing personal data

Processing of personal data is based on Article 6 or 9 of the General Data Protection Regulation:

        consent of the data subject

        implementation of the controller’s or third party’s legitimate rights. The legitimate right in question is customer relationship.

These can be found from EU’s General Data Protection Regulation, Article 6, paragraph 1, points a-f.

7. Categories of personal data and the data retention period

Personal data on the SYKETTÄ service

When registering in SYKETTÄ service, the following personal data is asked from the user: 

Personal data shall be maintained in SYKETTÄ system as long as the person in question is an active user of the services. Active user means a person to whom at least one of the following conditions applies: 

Personal data shall be deleted from the SYKETTÄ system, when none of the conditions mentioned above apply.

Personal data of Physical Activity Counselling

Customers of Physical Activity Counselling shall fill in by themselves an initial information form, which contains background information about exercising. The following personal data are filled by the customer: 

In addition, the customers shall fill background information form concerning their state of health and the amount and type of exercise. Forms shall be removed as the counselling period has ended.

8. Information systems that are used in processing

Personal data, that is collected in the SYKETTÄ system, are used in the following information systems:

9. Where is the personal data required in processing received from?
Does a data subject have a responsibility to deliver the required personal data?
Consequences if a data subject does not deliver the required personal data

A user shall register in the SYKETTÄ system by themselves with a student email address or staff member email address of the UEF or the Karelia UAS. Personal data are stored in the system in accordance with the registration. Providing the personal data is a prerequisite to use the services. Also, consent to processing personal data is asked along the registration.

The UEF students and staff members’ right to use the SYKETTÄ services can be checked from WebOodi or from a list of staff members that is delivered regularly for Sports Coordinator by UEF.

Customers of Physical Activity Counselling shall deliver the required personal data for the physical activity counsellor by themselves. Providing the personal data and background information is a prerequisite to participate in the Physical Activity Counselling.

10. Use of cookies

Cookies are used in the browser-based information systems of data processing. A cookie is a small text file, which is stored on the user’s device by the browser. Cookies are used for carrying out services, making it easier to log into services and making it possible to compile statistics of the service usage. A user may restrain the use of cookies in the browser system, but this may prevent the system from operating properly.

Cookies are used in the following browser-based data processing systems: SYKETTÄ Joensuu

11. Regular transfers and disclosures

Personal data are disclosed regularly for the following parties:

Appliware Oy
Appliware Oy is an administrator of the SYKETTÄ mobile app and operates as a processor of the SYKETTÄ user register’s personal data. In order to guarantee the operational reliability, Appliware Oy shall have access to all data in the SYKETTÄ system.

Co-operation companies that hold classes for SYKETTÄ customers
Co-operation companies that hold SYKETTÄ classes operate also as processors of the SYKETTÄ user register’s personal data. Disclosure of the personal data concerns those users, who have enrolled for a class that is held by a co-operation company. Disclosure is made so that the instructor of the class can verify the participants to the SYKETTÄ system. Participating in the classes is monitored to prevent malpractices of the services.

Hurja Solutions Oy
Hurja Solutions Oy is an administrator of the SYKETTÄ website and operates as a processor of the SYKETTÄ user register’s personal data. In order to guarantee the operational reliability, Hurja Solutions Oy shall have access to all data in the SYKETTÄ system.

Student Union of the Karelia University of Applied Sciences, POKA
Student Union of the Karelia University of Applied Sciences, POKA, operates as a processor of the SYKETTÄ user register’s personal data. SYKETTÄ stickers are sold and key fobs are granted at POKA’s offices, and in addition there is a SYKETTÄ staff member on the payroll of POKA.

Student Union of the Savonia University of Applied Sciences, SAVOTTA
Student Union of the Savonia University of Applied Sciences, SAVOTTA, operates as a processor of the SYKETTÄ user register’s personal data. When a person, who has registered in the SYKETTÄ Joensuu website and purchased a valid SYKETTÄ sticker, wants to cross-use the services in Kuopio, the person has to first activate the cross-usage to Kuopio campus on their own user profile. After this, the person’s data transfers from their user profile into the user register of SYKETTÄ Kuopio. Thus the person can be given access to SYKETTÄ services in Kuopio.

Terveystalo, Finnish Student Health Service (FSHS), student health service of the Karelia University of Applied Sciences
Customers coming to the Physical Activity Counselling are sent to the physical activity counsellor through Terveystalo, FSHS and the student health service of the Karelia University of Applied Sciences. After the Physical Activity Counselling, information concerning the success and implementation of the Physical Activity Counselling is disclosed to the above-mentioned parties. Customer’s consent for sending the information is asked.

University of Eastern Finland (UEF)
When a staff member of the University of Eastern Finland buys a SYKETTÄ sticker, their right to use the Aurora’s gym is activated in their key fob. In case a staff member buys a SYKETTÄ sticker online, they can ask the Facilities Management to activate the their right to use the Aurora’s gym without having to inform ISYY about buying the sticker.

12. Data transfer or disclosure to outside EU or EEA and the legitimate grounds for such actions

Personal data on the SYKETTÄ website and mobile app shall not be transferred to outside EU or EEA. Personal data located in Google Drive are transferred to outside EU. Google obeys the standard contractual clauses of the European Commission in guaranteeing the required level of data protection, when personal data are transferred to outside EU. ISYY has agreed to EU’s standard contractual clause in the legal clauses of its contract’s data protection with Google.

13. Principles of protecting personal data

Protecting personal data on the SYKETTÄ website

Access to personal data on the SYKETTÄ website has been restricted to only include following people: 

Access to personal data have been given for the staff members in accordance with their tasks and responsibilities. Instructor can inspect personal data only for the part of those classes, in which the person in question has been marked as the instructor of the class.

SYKETTÄ website is protected with an SSL Certificate. It is not possible to register in the website without a valid email address of UEF or Karelia UAS.

Protecting personal data in Physical Activity Counselling

Customers’ personal data and background information concerning Physical Activity Counselling are stored as paper versions in a locked room for the period of counselling. Only the physical activity counsellors and SYKETTÄ staff members have access to this locked room.

14. Automated decision-making

Automated decisions shall not be made.

15. Rights of a data subject

As a data subject you have the right to:

As a data subject you may use the above-mentioned rights by contacting the Data Protection Officer of the Student Union.
A data subject has the right to make a complaint to the Office of the Data Protection Ombudsman, in case the data subject deems that the valid data protection legislation has been violated in processing the personal data concerning the data subject.

Advice and instructions in matters related to the rights of data subject are given by the Data Protection Officer, contact information in section 4.