Privacy notice Processing of personal data, Student register for Finnish-language general upper secondary education

Purposes of processing • Organisation of teaching and taking care of tasks that arise from the education provider’s relationship with the student. • The register is used for compiling statistics for the City of Espoo. When statistics are compiled, the data are processed anonymously. • Providing statutory information on general upper secondary schools’ student numbers for government data collection purposes.

Date of publication: 14 November 2022

1. Data controller

City of Espoo

2. Person responsible for the register

Director of Upper Secondary Education

3. Contact person of the register 

Principals are responsible for tasks related to the register as regards the schools that they manage. The data subject can contact the principal to receive more detailed information about the register or their own rights.

4. Data Protection Officer

5. For what purpose is personal data processed?

Purposes of processing

  • Organisation of teaching and taking care of tasks that arise from the education provider’s relationship with the student.
  • Compiling statistics for the City of Espoo. When statistics are compiled, the data is processed anonymously.
  • Providing statutory information on general upper secondary schools’ student numbers for government data collection purposes.

Processing methods

The Growth and Learning Sector uses the following city-level systems and electronic environments in which students’ and potentially guardians’ personal data is processed:

  • school administration system Primus and Kurre (includes Wilma, which is the browser-based user interface of Primus and Kurre)
  • work environment Google Workspace for Education (including Classroom, Meet, Forms)
  • work environment Microsoft O365 (including Teams, OneDrive, Forms)
  • school library system Axiell Aurora
  • mobile device management Apple School Manager / Lightspeed.

The purposes for which personal data related to the organisation of teaching is processed in the aforementioned systems and environments are specified in greater detail below.

Personal data may also be processed in school-specific applications used in teaching. The data subject can contact the principal to receive more detailed information about the register or their own rights.

For the purpose of organising general upper secondary education, personal data may also need to be processed outside of the aforementioned systems/environments, e.g. to support assessments conducted by teachers, organise school lunch (special diets), organise school trips or camps, produce surveys, and to perform duties laid down in the Act on Compulsory Education.

Personal data stored in the register may also be processed when it is necessary for the purposes of testing the information systems, for example when the education provider introduces a new information system.

PUBLIC ACCESS TO AND CONFIDENTIALITY OF DATA:

The data contained in the general upper secondary education student register is partly confidential.

GROUNDS FOR CONFIDENTIALITY:

The data is confidential in accordance with section 24 of the Act on the Openness of Government Activities and section 58 of the Act on General Upper Secondary Education.

For what purposes is personal data processed in systems and electronic environments?

Primus, Kurre and Wilma

Primus and Kurre

    • Organisation of general upper secondary education (section 3 of the Act on General Upper Secondary Education).
    • Taking care of tasks that arise from the education provider’s relationship with the student.
    • Performance of duties laid down in the Act on Compulsory Education. 
    • Creation of a user identity for the study environment’s electronic services (Microsoft O365, Google Workspace for Education).
    • Provision of a mobile device management service (AppleID/Lightspeed).
    • Administration of user accounts for the Wilma user interface.
    • School-specific statutory student number data is disclosed for government data collection purposes based on data in Primus (Act on the Financing of Educational and Cultural Provision, Act on Central Government Transfers to Local Government for Basic Public Services).
    • Data in Primus is used to compile statistics for the City of Espoo. When statistics are compiled, the personal data is processed anonymously.
    • Students’ subject and course selection data is stored in Kurre’s work plan software for the purpose of preparing work plans.

Wilma (browser-based interface of the Primus and Kurre school administration system)

Wilma can be used to carry out:

  • absence recording
  • student assessment
  • course selection and course registration
  • cooperation between general upper secondary schools and homes
  • communication (communication with guardians and students, notifications to guardians and students and guardians’ messages to schools)
  • surveys and their feedback
  • notices concerning students relating to their school performance (steering/corrective feedback, follow-up feedback, positive feedback).

Microsoft O365

  • organisation of general upper secondary education (O365 includes electronic tools and user-produced content)
  • management of O365 access rights
  • enabling of interaction between users within their own groups
  • use of the email services.

Google Workspace for Education

  • organisation of general upper secondary education (Google Workspace includes electronic tools and user-produced content)
  • management of Google Workspace access rights
  • enabling of interaction between users within their own groups
  • management of devices connected to the service and the software and applications used on them (e.g. Chrome, Classroom and Drive).

School library system Axiell Aurora

  • Supports general upper secondary studies in the mother tongue and literature (section 11 of the Act on General Upper Secondary Education).
  • The system has three components: the library system, the self-service user interface and the online library. The student data is in the library system, and the self-service user interface and the online library Axiell Arena make use of the student data entered into the system.

Mobile device management (Apple School Manager / Lightspeed)

The mobile device management service is used for the data-secure management of the mobile devices used in general upper secondary schools to improve, in particular, the privacy of users of shared tablets with the help of Apple ID. Administered Apple ID accounts are created and shared by the educational institution. Since the educational institution retains administration rights, Apple ID provides students with controlled access to iCloud, iTunes U. This makes it possible to ensure that students use the devices they obtain from the school only for learning purposes, for example. Since the administered Apple IDs are created and shared by the educational institution, passwords can be easily reset, accounts can be reviewed and the roles of everyone associated with the school can be defined by an administrator, if necessary. Administrators’ actions are logged.

The mobile device management service consists of two components:

1) a management solution (Apple School Manager), and

2) a remote management environment (Lightspeed).

The remote management environment creates the correct school and group structure for the management solution. The management solutions can be used not only to create accounts, but also to purchase content, define the automatic registration of devices in the remote management environment and to prepare iTunes U courses, for example.

6. On what grounds is personal data processed?

Article 6, paragraph 1, point c of the EU’s General Data Protection Regulation: processing is necessary for compliance with a legal obligation to which the data controller is subject, i.e. for the purpose of organising general upper secondary education in accordance with the Act on General Upper Secondary Education and the performance of duties laid down in the Act on Compulsory Education. 

For some personal data, the grounds for processing may also include the student’s consent (Article 6(1)(a) of the EU’s General Data Protection Regulation), for example when the student’s phone number is processed for password self-reset purposes.

Special categories of personal data: According to section 6 of the Data Protection Act, Article 9(1) of the Data Protection Regulation does not apply to any processing of data that is provided by law or that derives directly from a statutory duty set out for the data controller by law. Processing of special categories of personal data is derived from duties set out for an education provider by the Act on General Upper Secondary Education or the Act on Compulsory Education.

7. What data is processed?

Data content of the systems and electronic environments

Azure AD management and logs

Primus, Kurre and Wilma

  • the student’s name, personal identity code, contact information and photograph
  • the student’s AD account for the Wilma user interface and student network
  • the guardians’ name and contact information and Wilma user account
  • information on selections concerning subjects and syllabuses
  • the students’ assessment information
  • decisions concerning the student
  • the student’s school history
  • the student’s immigration-related information
  • information concerning the student’s absences
  • other information related to teaching and the organisation of teaching
  • information concerning the matriculation examination
  • student’s right to free education. 

Special categories of personal data processed include information on religious or philosophical conviction and possibly information related to health. 

Microsoft O365

  • the user’s name
  • information related to schooling (grade, group, etc.)
  • encrypted unique identifier
  • email address
  • account name
  • password
  • information produced or added by the student.

Content produced by the student and guardian means pictures, texts, links, videos and audio files uploaded to the system.

The user can, for example, add their own description of themselves and their area of responsibility, their mobile phone number, location information, competence information, date of birth and other areas of interest to the service, to be viewed by everyone / limited users. The user can allow the utilisation of the information content that they produce and obtain information about their networking and closest friends.

Google Workspace for Education

  • the student’s name
  • user account
  • school
  • grade and groups
  • encrypted unique identifier
  • information produced or added by the user.

An administrator can save information such as organisations’ names, websites, phone numbers, addresses and account suspension in the service. In addition to this, Google collects information from end users, the entering of which is based on information entered by the user themselves, e.g.: phone number, a photograph of the user, date of birth, the user’s device-specific information, such as hardware model, operating system version, individual device identifier and mobile network used, including mobile phone number. Google can connect the device identifier or phone number to a Google account.

School library system Axiell (Aurora)

  • Identifiable data: Name, school, class, email address, user name, library card number, loan details, group instructor, PIN code/password
  • Pseudonymised data: Object ID that acts as a customer’s technical identifier but does not include, for example, a personal identity code or other identifying information.

Mobile device management

AppleID/Lightspeed

  • Student

person_id,"person_number","first_name","middle_name", "last_name",

"grade_level","email_address","sis_username","password_policy",

"location_id"

The following variables are not currently used: middle_name, grade level

  • Classes

course_id,"course_number","course_name","location_id"

  • Groups

class_id,"class_number","course_id","instructor_id","instructor_id_2",

"instructor_id_3","location_id"

In practice, all ID information is running alphanumeric series.

Personal data processed outside of the systems and electronic environments

This personal data may include, for example, the student’s identifying and contact information, information related to assessment and information related to health (relating to school lunches, support measures, absences or suspension of compulsory education).

8. What are the sources of data?

  • The personal data of students selected in the joint application process is obtained from the Finnish National Agency for Education’s Studyinfo.
  • Guardians supplement and update personal data using a student registration form or in Wilma. 
  • The majority of the information saved in the register consists of information related to the student’s education, created in the organisation of education.

Changing general upper secondary schools or transferring to a general upper secondary school

  • A student’s previous general upper secondary school may disclose to their new general upper secondary school public information necessary to the new general upper secondary school for arranging instruction for the student (section 16, subsection 3 of the Act on the Openness of Government Activities).
  • Notwithstanding provisions on confidentiality, a party in possession of information related to a student’s health or ability to function that is essential for the recipient to carry out its tasks has the right to disclose said information to the principal of an educational institution or a corresponding person responsible for the safety of education for the purpose of ensuring the safety of education and, with the student’s consent, to a person responsible for guidance counselling for the purpose of counselling related to other studies and support services (section 58, subsection 1, paragraphs 1 and 2 of the Act on General Upper Secondary Education).
  • In order to perform the duties laid down in the Act on Compulsory Education, a school has the right to obtain from another education provider or municipality the necessary information related to the student’s school application, being granted and accepting a place at school and starting and suspending their studies (section 23, subsection 1 of the Act on Compulsory Education). 
  • Notwithstanding provisions on confidentiality, a school has the right to obtain, from another education provider or the municipality in charge of steering and monitoring, information necessary for the performance of its educational duties laid down in the Act on Compulsory Education. Such information includes information on the student’s compulsory education, previous studies and suspension of studies. (section 23, subsection 2 of the Act on Compulsory Education) 

Electronic study environment services

Electronic study environment services are produced with the user identity of Visma’s Primus school administration system (name, encrypted unique identifier, school, class, grade, teaching groups, email address, username).

In Microsoft’s O365 service, user identity is administered by Microsoft’s Azure Ad, which is the city’s centralised user authorisation management and log register, Microsoft AD and Azure AD.

In mobile device management, a user identity is imported into the management solution (Apple School Manager), e.g. for the creation of an AppleID. The remote management environment Lightspeed synchronises user identities (user information, class information and teachers) from the management solution to create the correct school and group structure for it.

9. Will data be disclosed or transferred outside the city?

Koski

The national centralised integration service for study rights and study records (KOSKI) collects students’ study records and study rights in a single service. The information is collected directly from the student register. (Act on the National Registers of Education Records, Qualifications and Degrees, 884/2017) 
KOSKI is part of the Studyinfo.fi service maintained by the Finnish National Agency for Education.

Changing general upper secondary schools or transferring to vocational education and training

  • A student’s previous general upper secondary school may disclose to their new general upper secondary school or educational institution public information necessary to the new general upper secondary school / educational institution for arranging instruction for the student (section 16, subsection 3 of the Act on the Openness of Government Activities).
  • Notwithstanding provisions on confidentiality, a party in possession of information related to a student’s health or ability to function that is essential for the recipient to carry out its tasks has the right to disclose said information to the principal of an educational institution or a corresponding person responsible for the safety of education for the purpose of ensuring the safety of education and, with the student’s consent, to a person responsible for guidance counselling for the purpose of counselling related to other studies and support services (section 58, subsection 1, paragraphs 1 and 2 of the Act on General Upper Secondary Education).
  • Notwithstanding provisions on confidentiality, if a student under the age of 18 transfers to education, activities or training organised by another education provider in accordance with the Act on General Upper Secondary Education, the Act on Vocational Education and Training or the Act on Vocational Adult Education and Training, the former education provider must without delay forward information necessary for arranging instruction or training for the student to the new education provider. 

 The information may also be provided at the request of the new education provider (section 40, subsection 4 of the Basic Education Act).

Outreach youth work

An education provider must disclose the identifying information and contact details of a young person over compulsory education age who ceases to participate in vocational education or general upper secondary education (section 11, subsection 2, paragraph 1 of the Youth Act).

The education provider may decide not to disclose the above-mentioned information if they – considering the information available and the young person’s situation and overall need for support – determine that the young person is not in need of services and other support (section 11, subsection 3 of the Youth Act). 

An education provider may disclose the identifying information and contact details of a young person of compulsory education age who ceases to participate in vocational education or general upper secondary education. 

Transfer of data to service providers

The service providers used in the organisation of education (such as the providers of electronic environments) process students’ personal data to the extent necessary for the provision of the service. The City of Espoo is always the controller of the data.

Microsoft’s subcontractors

Google’s subcontractors

Transfer of data to other systems

  • matriculation examination registration information to the matriculation examination board
  • matriculation examination billing information to the City of Espoo’s Community system
  • data specified in the Statistics Act to Statistics Finland (section 15 of the Statistics Act)
  • use of the survey tool (Webropol).

Based on the specific written consent of the data subject’s / underage student’s guardian or other legal representative, data may also be transferred to other parties. Data may be disclosed if there is a specific provision on such access or on the right of such access in an Act. (section 26 of the Act on the Openness of Government Activities)

The disclosure of public information from a personal data register controlled by an authority is based on section 16, subsection 3 of the Act on the Openness of Government Activities. According to this provision, the party requesting access must have the right to record and use such data. Personal data can only be disclosed following a detailed request for data (section 13, subsection 2 of the Act on the Openness of Government Activities).

Confidential information may only be disclosed to another education provider based on the student’s / underage student’s guardian’s consent or if the disclosure of / access to the information is provided by law.

Based on section 56 of the Act on General Upper Secondary Education, personal data may be disclosed for the purpose of organising an external education evaluation (such as a PISA survey or an evaluation by the Finnish Education Evaluation Centre (FINEEC)). The personal data disclosed for this purpose include only the data necessary for organising the evaluation. Individual students are not evaluated.

10. Will data be transferred outside the EU/EEA?

Primus, Kurre and Wilma

Data is not transferred outside the EU or the EEA.

Library system Axiell Aurora

Data is not transferred outside the EU or the EEA.

Electronic study environment services

  • Microsoft O365

Personal data is transferred outside the European Union or the European Economic Area (Microsoft Online).

Basis for transfer:

The terms of Microsoft Online services, including standard contractual clauses approved by the European Commission (Attachment 1), are available on Microsoft’s website: 

Microsoft Services and Data Protection Addendum DPA Sept.2021(external link)(external link, opens in a new window)

https://www.microsoft.com/licensing/docs/view/Professional-Services-Data-Protection-Addendum-DPA(external link)(external link, opens in a new window)

    • Google Workspace for Education

    Personal data is transferred outside the EU or the EEA.

    Basis for transfer:

    Standard contractual clauses approved by the European Commission:

    https://gsuite.google.com/terms/mcc_terms.html(external link, opens in a new window), and Google’s amendment:

    https://gsuite.google.com/terms/dpa_terms.html(external link, opens in a new window)

    Mobile device management

    • Apple School Manager

    Personal data is transferred outside the EU or the EEA.

    Basis for transfer: The terms of Apple’s services, including standard contractual clauses approved by the European Commission, are available on Apple’s website.

    https://www.apple.com/legal/education/data-transfer-agreements/datatransfer-eu-en.pdf(external link, opens in a new window)

    • Lightspeed

    Personal data is transferred outside the EU or the EEA.

    Basis for transfer:

    Lightspeed’s privacy policy: section 6) European Union Data Protection: https://www.lightspeedsystems.com/privacy(external link, opens in a new window)

    11. How long will data be stored?

    Data is stored and destroyed in line with the records management plan of the Finnish Education Unit. Personal data is stored in the student register for one (1) year from the end of the use of the service. Statutory obligations regarding the storage of data are taken into account in the deletion of the data.

    12. How is data protected?

    Personal data is processed in a manner that ensures appropriate security of the personal data, including protection (General Data Protection Regulation, Article 5(1)(f)). Data processing is regulated, for example, based on the principles of purpose limitation, necessity and accuracy.

    Each employee can only process the data they need to conduct their work.

    The protection of confidential and sensitive data is given particular consideration in tasks such as descriptions of work processes and the granting of access rights. Provisions on the confidentiality of data are laid down in section 58 of the Act on General Upper Secondary Education and section 24 of the Act on the Openness of Government Activities.

    Electronic maintenance systems:

    The Primus and Kurre school administration system can only be accessed through the administration network. The administration network is a protected internal domain that is only accessible to employees of the City of Espoo. All users of the network accept an end user license agreement that includes a confidentiality commitment. The server hardware is located in a protected, supervised space in the service provider’s data centre. Electronically processed data is transmitted encrypted on the open Internet. The data in the register is backed up automatically at regular intervals.

    Personal data is protected through access rights determined on the basis of the general upper secondary school and unit employees’ duties. Access rights are restricted in accordance with duties and are based on user roles, which have access to duty-specific screens and functions. Read, write, save and delete rights are defined separately for each access rights group.

    Manual materials:

    Manual materials are stored in locked work premises and locked cabinets.

    13. Rights of the data subject

    Further instructions on submitting information requests referred to in the General Data Protection Regulation: Data_protection/Client_rights

     

    13.1 How can I access my data?

    You have the right to obtain from the controller a copy of the personal data that is subject to processing. The controller shall provide the data without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

    If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay, and at the latest within one month of receipt of the request, of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

    Requests from the data subject and any resulting actions are free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.

    13.2 When can I request rectification of my data?

    You have the right to have inaccurate, incomplete, outdated or unnecessary personal data that we store either rectified or completed by us.

    13.3 When can I request erasure of my data?

    You have the right to have the controller erase your personal data without undue delay under certain conditions. The data subject does not have the right to erasure if the processing of data is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. In these cases, the data will only be erased after the statutory time limit.

    13.4 When can I request restriction of processing of my data?

    If the data concerning you is inaccurate, you have the right to request that its processing be restricted until its accuracy has been verified.

    13.5 Right to lodge a complaint

    You have the right to lodge a complaint with a supervisory authority if you feel that the processing of your personal data is in infringement of data protection legislation. You can lodge a complaint with the Office of the Data Protection Ombudsman: www.tietosuoja.fi(external link, opens in a new window)