Log in:

Choose a city

Register here!

Rekisteröidy tästä!

Data Protection Records in Physical Activity Tests

NB: This document is a translation from the original document. This translation is not binding; its purpose is only to explain the contents of the original document in English. In case there are any obscurities in the translation, please check the original document for correct and binding expressions. The original document can be found on the Finnish website of SYKETTÄ.

EU’s General Data Protection Regulation, Articles 12, 13 and 14
Updated: 27.9.2023

1. Controller of the register
The Student Union of the University of Eastern Finland (Itä-Suomen yliopiston ylioppilaskunta, [ISYY])
Yliopistokatu 7, 80100 JOENSUU, tel. +358 44 576 8449
PL 1627 (Yliopistonranta 3), 70211 KUOPIO, tel. +358 44 576 8419

2. Representative of the controller
Sports Coordinator Heli Aalto, tel. +358 44 576 8445, email: liikuntasuunnittelija@isyy.fi

3. Contact persons of the controller
Service Planner Niklas Leinonen, tel. +358 44 576 8418, email: vapaa-aika@isyy.fi

4. Contact information of the Data Protection Officer
Data Protection Officer Helena Eronen, tel. +358 50 554 0000, email: tietosuojavastaava@isyy.fi

5. Purpose of processing personal data
Personal data are processed in SYKETTÄ physical activity test for the following purposes:

6. Legal basis of processing personal data
Processing of personal data is based on Article 6 or 9 of the General Data Protection Regulation:

☒ consent of the data subject

These can be found from EU’s General Data Protection Regulation, Article 6, paragraph 1, points a-f.

7. Categories of personal data and the data retention period
Personal data on the SYKETTÄ physical activity test

When registering to SYKETTÄ physical activity test, the following personal data is asked from the user:

During the physical activity test at “active exerciser tests”, the following personal data is asked from the user:

During the physical activity test at “low intensity tests”, the following personal data is asked from the user:

In addition body composition, condition and hand compression force are measured. From these measures app compiles body condition grading.

Personal data shall be deleted  after two (2) years. Test statistics are used afterwards in anonymous form.

8. Information systems that are used in processing
Webropol or Google Forms

9. Where is the personal data required in processing received from
Personal data is acquired from the data subject themselves.

10. Use of cookies
Cookies are used in the browser-based information systems of data processing. A cookie is a small text file, which is stored on the user’s device by the browser. Cookies are used for carrying out services, making it easier to log into services and making it possible to compile statistics of the service usage. A user may restrain the use of cookies in the browser system, but this may prevent the system from operating properly.

Cookies are used in the following browser-based data processing systems: Webropol, Google Forms

11. Regular transfers and disclosures
Itä-Suomen liikuntaopisto (ISLO) and Pohjois-Karjalan Liikunta ry (POKALI) which are processors of personal data during the physical activity tests. Itä-Suomen liikuntaopisto and Pohjois-Karjalan Liikunta ry has signed Data Processing Agreement with the controller.

12. Data transfer or disclosure to outside EU or EEA and the legitimate grounds for such actions

Personal data located in Google Drive maybe transferred to outside EU. Google obeys the standard contractual clauses of the European Commission in guaranteeing the required level of data protection, when personal data are transferred to outside EU. ISYY has agreed to EU’s standard contractual clause in the legal clauses of its contract’s data protection with Google.

13. Principles of protecting personal data

Access to personal data has been restricted to only selected staff members of the controller and processors. Personal data is deleted withing 2 years after the physical activity test.  During the personal data processing ISYY data protection records and regulations are followed. Technical data bases and their user interfaces are defended for example by firewall. System data is backupped regularly.

Access to personal data have been given for the staff members in accordance with their tasks and responsibilities.

14. Automated decision-making

Automated decisions shall not be made.

15. Rights of a data subject

As a data subject you have the right to:

As a data subject you may use the above-mentioned rights by contacting the Data Protection Officer of the Student Union.
A data subject has the right to make a complaint to the Office of the Data Protection Ombudsman, in case the data subject deems that the valid data protection legislation has been violated in processing the personal data concerning the data subject.

Advice and instructions in matters related to the rights of data subject are given by the Data Protection Officer, contact information in section 4.