Privacy notice Processing of personal data, Student register for Finnish-language general upper secondary education

Purposes of processing • Organisation of teaching and taking care of tasks that arise from the education provider’s relationship with the student. • The register is used for compiling statistics for the City of Espoo. When statistics are compiled, the data are processed anonymously. • Disclosure of statutory student numbers of upper secondary schools for Government data collection purposes.

Date of publication: 22 June 2021

  1. Data controller

City of Espoo

  1. Person responsible for the register

Juha Nurmi Development manager PB 31 02070 City of Espoo tel. 050 372 5852 

  1. Contact person of the register

Principals are responsible for tasks related to the register as regards the

schools that they manage. The data subject can contact a principal to

receive more detailed information about the register or their own rights.

  1. Data Protection Officer

tietosuoja@espoo.fi

  1. For what purpose will personal data be processed?

Purposes of processing 

  • Organisation of teaching and taking care of tasks that arise from the education provider’s relationship with the student.
  • The register is used for compiling statistics for the City of Espoo. When statistics are compiled, the data are processed anonymously.
  • Disclosure of statutory student numbers of upper secondary schools for Government data collection purposes. 

Processing methods 

The Finnish Education Unit uses the following City-level systems and electronic environments in which students’ and potentially guardians’ personal data are processed:  

  • school administration system Primus and Kurre (includes Wilma, which is the browser-based user interface of Primus and Kurre)  
  • work environment Google Workspace for Education  
  • work environment Microsoft O365 (includes OneDrive, Teams, amongst others) 
  • mobile device management Apple School Manager/Lightspeed. 

The purposes for which personal data related to the organisation of teaching is processed in the aforementioned systems and environments are specified in greater detail below.  

Personal data may also be processed in school-specific applications used in teaching. The data subject can contact a principal to receive more detailed information about the register or their own rights.  

For the purpose of organising general upper secondary education, personal data may also need to be processed outside of the aforementioned systems/environments, e.g. to support assessments conducted by teachers, organise school lunch (special diets) or organise school trips or camps. 

For what purposes are personal data processed in systems and electronic environments? 

Primus, Kurre and Wilma  

Primus and Kurre 

  • Organisation of general upper secondary education (Section 3 of the Act on General Upper Secondary Education). 
  • Taking care of tasks that arise from the education provider’s relationship with the student. 
  • Creation of a user identity for the study environment’s electronic services (Microsoft O365, Google Workspace for Education). 
  • Provision of a mobile device management service (AppleID/Lightspeed). 
  • Administration of user accounts for the Wilma user interface. 
  • School-specific statutory student number data are disclosed for Government data collection purposes based on data in Primus. (Act on the Financing of Educational and Cultural Provision, Act on Central Government Transfers to Local Government for Basic Public Services). 
  • Data in Primus is used to compile statistics for the City of Espoo. When statistics are compiled, the personal data are processed anonymously. 
  • Students’ subject and course selection data are stored in Kurre’s work plan software for the purpose of preparing work plans. 

Wilma (browser-based interface of the Primus and Kurre school administration system)  

Wilma can be used to carry out:  

  • absence recording  
  • student assessment  
  • course selection and course registration  
  • cooperation between upper secondary schools and homes  
  • communications (communication with and notifications to guardians and guardians’ messages to schools)  
  • surveys and their feedback  
  • notices concerning students relating to their school performance (steering/corrective feedback, follow-up feedback, positive feedback).  

Microsoft O365 

  • organisation of general upper secondary education (O365 includes electronic tools and user-produced content) 
  • management of O365 access rights 
  • enabling of interaction between users within their own groups 
  • use of e-mail services. 

Google Workspace for Education

  • organisation of general upper secondary education (Google Workspace includes electronic tools and user-produced content) 
  • management of Workspace access rights 
  • enabling of interaction between users within their own groups 
  • management of devices connected to the service and the software and applications used on them (e.g. Chrome, Classroom and Drive). 

School library system Axiell Aurora

  • Implementation of library activities supporting basic education (section 47 of the Basic Education Act)
  • The system has three components: the library system, the self-service user interface and the online library. The pupil data is in the library system, and the self-service user interface and the online library Axiell Arena make use of the pupil data entered into the system.

Digital learning materials Edustore

  • the procurement channel Edustore for the procurement of digital and printed learning materials and related supporting materials and supplies.

Mobile device management (Apple School Manager/Lightspeed) 

The mobile device management service is used for the data-secure management of the mobile devices used in schools, to improve the privacy of users of shared tablets in particular with the help of Apple ID. Administered Apple ID accounts are created and shared by the educational institution. Since the educational institution retains administration rights, Apple ID provides pupils with controlled access to iCloud, iTunes U. This makes it possible to ensure that pupils use the devices they obtain from the school only for learning purposes, for example. Since the administered Apple IDs are created and shared by the educational institution, passwords can be easily reset, accounts can be reviewed and the roles of everyone associated with the school can be defined by an administrator, if necessary. Administrators’ actions are logged. 

The mobile device management service consists of two components:  

1) a management solution (Apple School Manager), and  

2) a remote management environment (Lightspeed).  

The remote management environment creates the correct school and group structure for the management solution. The management solutions can be used not only to create accounts, but also to purchase content, define the automatic registration of devices in the remote management environment and to prepare iTunes U courses, for example. 

  1. On what grounds will personal data be processed?

  • Article 6, paragraph 1, point c of the EU’s General Data Protection Regulation: processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Act on General Upper Secondary Education 714/2018.

Special categories of personal data: According to section 6 of the Data Protection Act, Article 9(1) of the Data Protection Regulation does not apply to any processing of data that is provided by law or that derives directly from a statutory duty set out for the controller by law. Processing of special categories of personal data is derived from duties set out for an education provider by the Basic Education Act. 

PUBLICITY AND CONFIDENTIALITY OF DATA:

The data contained in the basic education pupil register is partly confidential.

GROUNDS FOR CONFIDENTIALITY:

The data is confidential in accordance with section 24 of the Act on the Openness of Government Activities and section 40 of the Basic Education Act.

  1. What data will be processed?

Data content of the systems and electronic environments 

Azure AD management and logs

Primus, Kurre and Wilma

  • the student’s name, personal identity code, contact information and photograph
  • the student’s AD account for the Wilma user interface and student network
  • the student’s guardians’ name and contact information and Wilma user account
  • information on selections concerning subjects and syllabuses
  • the student’s assessment information
  • decisions concerning the student
  • the student’s school history
  • the student’s immigration-related information
  • information concerning the student’s absences
  • other information related to teaching the organisation of teaching
  • information concerning the matriculation examination.

Special categories of personal data processed include information on religious or philosophical conviction and possibly information related to health

Microsoft O365

  • the user’s name
  • information related to schooling (grade, group, etc.)
  • encrypted unique identifier
  • e-mail address
  • account name
  • password
  • information produced or added by the student themselves.

Content produced by the student and guardian themselves means pictures, texts, links, videos and audio files uploaded to the system.

The user can, for example, add their own description of themselves and their area of responsibility, their mobile phone number, location information, competence information, date of birth and other areas of interest to the service, to be viewed by everyone/limited users. The user can allow the utilisation of the information content that they produce and obtain information about their networking and closest friends.

Google Workspace for Education

  • the student’s name
  • user account
  • school
  • grade and groups
  • encrypted unique identifier
  • information produced or added by the user themselves.

An administrator can save information such organisations’ names, websites, phone numbers, addresses and account suspension in the service. In addition to this, Google collects information from end users, the entering of which is based on information entered by the user him- or herself, e.g.: phone number, a photograph of the user, date of birth, the user’s device-specific information, such as hardware model, operating system version, individual device identified and mobile network used, including mobile phone number. Google can connect the device identifier or phone number to a Google account.

School library system Axiell (Aurora)

  • Identifiable data: Name, school, class, email address, user name, library card number, loan details, group's teacher, PIN code/password
  • Pseudonymised data: Object ID that acts as a customer’s technical identifier but does not include, for example, a personal identity code or other identifying information.

Digital learning materials Edustore

  • User name
  • Name of school
  • Class
  • Encrypted unique identifier
  • Email address

Mobile device management

AppleID/Lightspeed

  • Student

person_id,"person_number","first_name","middle_name", "last_name",

"grade_level","email_address","sis_username","password_policy",

"location_id"

The following variables are not currently used: middle_name, grade level

  • Classes

course_id,"course_number","course_name","location_id"

  • Groups

class_id,"class_number","course_id","instructor_id","instructor_id_2",

"instructor_id_3","location_id"

In practice, all ID information is running alphanumeric series.

Personal data processed outside of the systems and electronic environments

These personal data may include, for example, the student’s identifying and contact information, information related to assessment and information related to health (relating to school lunches, for example)

  1. What are the sources of data?

  • The personal data of students selected in the joint application process are obtained from the Finnish National Agency for Education’s Studyinfo.
  • Guardians supplement and update personal data using a student registration form or in Wilma. 
  • The majority of the information saved in the register consists of information related to the student’s education, created in the organisation of education.

Changing general upper secondary schools or transfer to a general upper secondary school

  • A student’s previous general upper secondary school may disclose to their new general upper secondary school public information necessary for the new general upper secondary school for arranging instruction for the student (Section 16(3) of the Act on the Openness of Government Activities).
  • Notwithstanding provisions on confidentiality, a party in possession of information related to a student’s health or ability to function that is essential for the recipient to carry out its tasks has the right to disclose said information to the principal of an educational institution or a corresponding person responsible for the safety of education for the purpose of ensuring the safety of education and, with the student’s consent, to a person responsible for guidance counselling for the purpose of counselling related to other studies and support services (Section 58(1)(1–2) of the Act on General Upper Secondary Education).
  • Notwithstanding provisions on confidentiality, if a student under the age of 18 transfers from basic education to education, activities or training organised by another education provider in accordance with the Act on General Upper Secondary Education, the former education provider must without delay forward information necessary for arranging instruction or training for the student to the new education provider. The information may also be provided at the request of the new education provider (Section 40(4) of the Basic Education Act).

Electronic study environment services

Electronic study environment services are produced with the user identity of Visma’s Primus school administration system (name, encrypted unique identifier, school, class, grade, teaching groups, e-mail address, user name).

In Microsoft’s O365 service, user identity is administered by Microsoft’s Azure Ad, which is the City’s centralised user authorisation management and log register, Microsoft AD and Azure AD.

In mobile device management, a user identity is imported into the management solution (Apple School Manager), e.g. for the creation of an AppleID. The remote management environment Lightspeed synchronises user identities (user information, class information and teachers) from the management solution to create the correct school and group structure for it.

  1. Will data be disclosed or transferred outside the city?

Koski

  • The national centralised integration service for study rights and study records (KOSKI) collects students’ study records and study rights in a single service. The information is collected directly from the student register. (Act on the National Registers of Education Records, Qualifications and Degrees 884/2017)

Changing general upper secondary schools or transfer to vocational education and training

  • A student’s previous general upper secondary school may disclose to their new general upper secondary school or educational institution public information necessary for the new general upper secondary school /educational institution for arranging instruction for the student (Section 16(3) of the Act on the Openness of Government Activities).
  • Notwithstanding provisions on confidentiality, a party in possession of information related to a student’s health or ability to function that is essential for the recipient to carry out its tasks has the right to disclose said information to the principal of an educational institution or a corresponding person responsible for the safety of education for the purpose of ensuring the safety of education and, with the student’s consent, to a person responsible for guidance counselling for the purpose of counselling related to other studies and support services (Section 58(1)(1–2) of the Act on General Upper Secondary Education).
  • Notwithstanding provisions on confidentiality, if a student under the age of 18 transfers to education, activities or training organised by another education provider in accordance with the Act on General Upper Secondary Education, the Act on Vocational Education and Training or the Act on Vocational Adult Education and Training, the former education provider must without delay forward information necessary for arranging instruction or training for the student to the new education provider.

 The information may also be provided at the request of the new education provider (Section 40(4) of the Basic Education Act).

Outreach youth work

An education provider must disclose the identifying information and contact details of a young person who ceases to participate in vocational education or general upper secondary education (Section 11(2)(2) of the Youth Act).

Transfer of data to service providers

The service providers used in the organisation of education (such as the providers of electronic environments) process students’ personal data to the extent necessary for the provision of the service. The City of Espoo is always the controller of the data.

Microsoft’s subcontractors

Google’s subcontractors

Transfer of data to other systems

  • matriculation examination registration information to the matriculation examination board
  • matriculation examination billing information to the City of Espoo’s Community system
  • data specified in the Statistics Act to Statistics Finland (Section 15 of the Statistics Act).

Based on the specific written consent of the data subject/underage student’s guardian, data may also be transferred to other parties. Data may be disclosed if there is a specific provision on such access or on the right of such access in an Act. (Section 26 of the Act on the Openness of Government Activities).

The disclosure of public information from a personal data filing system controlled by an authority is based on Section 16(3) of the Act on the Openness of Government Activities. According to this provision, the party requesting access must have the right to record and use such data. Personal data may only be disclosed on the basis of a sufficiently detailed request for access. (Section 13(2) of the Act on the Openness of Government Activities).

Confidential information may only be disclosed to another education provider based on the student’s/underage student’s guardian’s consent or if there is a provision on the disclosure of/access to the information in an act.

Based on Section 56 of the Act on General Upper Secondary Education, personal data may be disclosed for the purpose of organising an external education evaluation (such as a PISA survey or an evaluation by the Finnish Education Evaluation Centre (KARVI)). The personal data disclosed for this purpose include only the data necessary for organising the evaluation. Individual students are not evaluated.

  1. Will data be transferred outside the EU/EEA?

Primus, Kurre and Wilma

  • Data are not transferred outside the EU or the EEA.

Electronic study environment services

  • Microsoft O365

Personal data are transferred outside the European Union or the European Economic Area (Microsoft Online).

Basis for transfer:

The terms of Microsoft Online services, including standard contractual clauses approved by the European Commission (Attachment 3), are available on Microsoft’s website: https://www.microsoftvolumelicensing.com/Downloader.aspx?Documenttype=OST&lang=English(extrernal link).

https://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=17880(extrernal link)

  • Google Workspace for Education

Personal data are transferred outside the EU or the EEA.

Basis for transfer:

Standard contractual clauses approved by the European Commission: https://gsuite.google.com/terms/mcc_terms.html(extrernal link) and Google’s amendment:

https://gsuite.google.com/terms/dpa_terms.html(extrernal link).

  • Library system Axiell Aurora

Data is not transferred outside the EU or the EEA.

  • Digital learning materials Edustore

Data is not transferred outside the EU or the EEA.

  • Mobile device management

Apple School Manager

Personal data are transferred outside the EU or the EEA.

Basis for transfer:

The terms of Apple’s services, including standard contractual clauses approved by the European Commission (starting from page 18), are available on Apple’s website:

http://images.apple.com/legal/education/apple-school-manager/ASM-FI-EN.pdf(extrernal link)

Lightspeed

Personal data are transferred outside the EU or the EEA.

Basis for transfer:

Lightspeed’s privacy policy: section 6) European Union Data Protection: https://www.lightspeedsystems.com/privacy(extrernal link)

  1. How long will data be stored?

Data are stored and destroyed in line with the records management plan of the Finnish Education Unit. Personal data are stored in the student register for one (1) year from the end of the use of the service. Statutory obligations regarding the storage of data are taken into account in the deletion of the data. The information and documents in electronic environments are stored in archived in the online services in accordance with the Finnish Education Unit’s records management plan for one year after the end of compulsory education.

  1. How will data be protected?

Personal data are processed in a manner that ensures appropriate security of the personal data (Article 5, paragraph 1, point f of the GDPR). The processing of personal data is regulated by the principles of purpose limitation, necessity and accuracy, amongst others.

Each employee can only process the data they need to conduct their work.

The protection of confidential and sensitive data are given particular consideration in the likes of the descriptions of work processes and the granting of access rights. Provisions on the confidentiality of data are laid down in Section 58 of the Act on General Upper Secondary Education and Section 24 of the Act on the Openness of Government Activities.

Electronic maintenance systems:

The Primus and Kurre school administration system can only be accessed through the administration network. The administration network is a protected internal domain that is only accessible to employees of the City of Espoo. All users of the network accept an access rights commitment, which includes a non-disclosure commitment, amongst other provisions. The server hardware is located in a protected, supervised space in the service provider’s data centre. Electronically processed data are transmitted encrypted on the open Internet. The data in the register are backed up automatically at regular intervals.

Personal data are protected with access rights determined based on the duties of upper secondary school and unit employees. Access rights are restricted in accordance with duties and are based on user roles, which have access to duty-specific screens and functions. Read, write, save and delete rights are defined separately for each access rights group.

Manual materials:

Manual materials are stored in locked work premises and locked cabinets.

  1. Rights of the data subject

Further instructions on submitting information requests referred to in the General Data Protection Regulation: Data_protection/Client_rights

13.1 How can I access my data?

You have the right to obtain from the controller a copy of the personal data that is subject to processing. The controller shall provide the data without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay, and at the latest within one month of receipt of the request, of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Requests from the data subject and any resulting actions are free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.

13.2 When can I request rectification of my data?

You have the right to have inaccurate, incomplete, outdated or unnecessary personal data that we store either rectified or completed by us.

13.3 When can I request erasure of my data?

You have the right to have the controller erase your personal data without undue delay under certain conditions. The data subject does not have the right to erasure if the processing of data is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. In these cases, the data will only be erased after the statutory time limit.

13.4 When can I request restriction of processing of my data?

If the data concerning you is inaccurate, you have the right to request that its processing be restricted until its accuracy has been verified.

13.5 Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority if you feel that the processing of your personal data is in infringement of data protection legislation. You can lodge a complaint with the Office of the Data Protection Ombudsman: www.tietosuoja.fi(extrernal link).