1. Controller
Seinäjoen Ammattikorkeakoulu Oy (Business identity code: 2539767-3)
Kampusranta 11, Frami F, 60320 Seinäjoki
020 124 3000
seamk(at)seamk.fi
2. Contact person in matters relating to the data file
Chief Accountant Kirsi Ollilla, Seinäjoen Ammattikorkeakoulu Oy
Tel. 040 680 7588, kirsi.ollila(at)seamk.fi
3. Name of the data file
Ceepos Online Payment
4. Purpose of processing personal data
Personal data is collected for purposes such as the proper allocation of payments, identification of the customer and/or a person specified by the customer and reporting.
Data is collected about the users of the software in order to determine access rights and monitor the use. The software creates log data including personal data in order to determine software usage history and solve any problems.
5. Data content of the file
The personal data that can be stored in the registers includes:
General customer register: customer number, first name, last name and e-mail address.
Order register: payment number, products ordered and their details.
Personal data will be kept in the registers until manually removed. Order information will be kept until manually or automatically removed. The electronic receipt history will be kept until manually removed, but for a minimum of six years.
6. Regular sources of data
External systems, integrated into the online payment interface, which transmit payment transactions through interfaces.
7. Regular disclosure of data
Personal data will not be disclosed to third parties. Personal data may be transferred to the controller’s other systems, such as the point-of-sale system, accounting and invoicing. Depending on the payment service provider, some of the customer’s contact information is conveyed to the payment system upon payment of the order to facilitate solving problems and returning payments.
8. Transfer of data outside the EU or EEA
Personal data will not be transferred outside the EU or EEA.
9. Protection of the data file
Maintenance of the software is protected by usernames and passwords as well as user-group-specific access rights. The data in the database is protected by usernames and passwords, and processing the data has been limited to the web shop system only. The data stored on the drives has been protected by operating-system-level access rights. All data communications between the system provider’s systems and the web shop and payment service provider are SSL-protected.
Maintenance access to the server is only allowed for server and system providers. The software supplier has full access to viewing and removing all the data collected.
10. Approval for processing personal data
When the personal data comes from an external system, approval for its processing is provided outside the web shop system.
11. Right of access by the data subject
The data subject has the right to access their personal data stored in the data file and receive copies of it. The access request must be made electronically or in writing and addressed to the contact person for the data file.
12. Right to demand the correction of data
The data subject has the right to demand the correction of inaccurate data concerning them in the personal data file. Requests must be made electronically or in writing to the contact person for the data file.
13. Other rights relating to the processing of personal data
The data subject has the right to forbid the controller to process data concerning them for direct advertising, remote sales and other direct marketing as well as market and opinion research.