PERSONAL DATA PROCESSING POLICY
Written on 17 June 2021
Latest version 17 June 2021
The Finnish Olympic Committee
Valimotie 10, FI-00380 HELSINKI
2.Person in charge of register matters
Valimotie 10, FI-00380 Helsinki
P.O. Box 82 (Uimalankatu 1)
+358 (0)10 281 8000
4.Name and description of the register
Oppimisareena user register.
Oppimisareena is the Finnish Olympic Committee’s digital training environment which offers various courses and training to its registered users. This policy applies to Oppimisareena and the user data created and saved on the platform. The policy describes how the Finnish Olympic Committee processes the personal data in Oppimisareena as the register’s controller.
5.Purpose of use of the personal data and the register
The personal data’s purpose of use is to provide the users with Oppimisareena’s online training and course services. The data will be used for enrolling in training units, monitoring studies and performance, guiding studies and managing and serving the users. Registered users can be informed of matters and services related to Oppimisareena.
Register data can be compiled into reports based on which it is impossible to identify individual users. The reports are used for analysing and developing the services as well as for compiling statistics.
Personal data are processed according to law and confidentially in order to provide the services.
6.Register’s data content
The Oppimisareena user register includes the following necessary personal data:
•name (first and last names)
Additionally, the user can save other complementary data in Oppimisareena, such as their home town, address, phone number, photo and interests.
Additionally, information about the user’s studies and courses and login data will also be saved in Oppimisareena’s user data.
7.Regular data sources
Information pertaining to the data subject is regularly received from the following sources:
•Suomisport service when the user enrols in an Oppimisareena course using their Sport account data. When enrolling in a course, the system automatically saves the user’s necessary personal data from their Sport account to Oppimisareena. Read the personal data processing policy of Suomisport.
•From the user themselves as they use Oppimisareena study courses and complement and manage their personal data in Oppimisareena.
•If necessary, the system administrator can add and modify user data in problem situations and duties related to register maintenance.
•The trainer/teacher can add registered users onto courses.
8.Regular data disclosure and data transfer
The user can only see their own data and the data of persons whose information they need to manage their studies, teaching or work assignments.
When a person takes part in Oppimisareena’s training and courses, their user data – such as name, e-mail address and other user-added information – will be visible to the course trainers/teachers. Users can also choose to make their personal data (such as their e-mail address) visible to other people on the same course or other Oppimisareena users.
Trainers and teachers can monitor registered course participants’ progress and view and manage study-related assignments, assessments and feedback.
The course merits will be automatically transferred from Oppimisareena to the person’s Sport account.
The personal data processing duties can be outsourced to service providers, such as the service provider of Oppimisareena, in accordance with and within the limits set forth in data protection legislation. We apply contracts to ensure that any service providers acting on our behalf will process personal data in accordance with this policy and the instructions we have issued.
Personal data will not be disclosed outside the EU or EEA.
9.Scheduled deadlines for data erasure
Personal data will remain in Oppimisareena’s user register. Personal data from accounts without any activity within five years and data no longer needed for fulfilling the purpose of use will be erased from the user register, unless valid legislation otherwise stipulates.
The user can request to view their personal data or them to be erased by sending a data request directly from Oppimisareena, via their own user information page.
10. Register protection principles
The register is protected with user credentials, passwords and a firewall. Only administrators appointed to the duty can process the user register. Data processors are under the obligation of secrecy.
11.Data subject’s rights
A registered data subject has the right to
•ask the controller to provide them with their own personal data for viewing and request the rectification or erasure of personal data, placing restrictions on processing data or the right to transfer the data from one system to another. They also have the right to oppose to processing their data.
•to the extent the personal data processing is based on the data subject’s consent, the data subject has the right to withdraw their consent at any time without this impacting the legality of processing performed based on this consent prior to its withdrawal
•lodge a complaint of personal data processing to the supervisory authority.
These requests should be addressed to the controller in writing.