Sami-Palvelut Oy 9.2.2026

RECORD OF PROCESSING ACTIVITIES

1. Data Controller
   Samiedu Municipal Education and Training Consortium and Sami-Palvelut Oy act as joint controllers when they process personal data in relation to the online store's training platform's personal data register.
   
   Samiedu Municipal Education and Training Consortium
   (Business ID 0207390–8)
   Samiedu Vocational College
   Pohjolankatu 4, 57200 Savonlinna
   
   Sami-Palvelut Oy
   (Business ID 2726869–9)
   Pohjolankatu 4, 57200 Savonlinna
   
   
2. Person Responsible for the Register
   CEO, Sami-Palvelut Oy
   Pohjolankatu 4, 57200 Savonlinna
   tel. +358 44 550 6670
   
   
3. Data Protection Officer
   Data Protection Officer of the Itä-Savo Municipal Education and Training Consortium
   tietosuojavastaava@savonlinna.fi
   
   
4. Data Processor
   Mediamaisteri Oy
   PL 82 (Erkkilänkatu 11)
   33101 Tampere
   010 281 8000
   info@mediamaisteri.com
   
   
5. Name of the Register
   Learning management system's user register.
   
   
6. The Purpose of the Processing
   The provisioning of learning management services.
   
   
7. Description of the Categories of Data Subjects and Personal Data
   Registry consists of the user's basic contact information such as name, username, password, country, photo, town and email address. Additionally, user can submit more personal data, such as interests, instant messenger contact info, phone number, home address, website address and language selection.
   
   
8. Regular Sources of Information
   Personal data is collected:
   
   • when user becomes a customer, signs up as a user, uses the services or has an appropriate contact with the data controller
   • from third parties within the limits of law for purposes stated in this privacy policy
     
     
9. Transfers of Personal Data
   Name of the user is accessible by other users. Furthermore, user may allow their email address and other attributes to be accessible by other users. The data will not be transferred outside the EU or the European Economic Area.
   
   
10. Envisaged Time Limits for Erasure
    Personal data will be removed when the data is not needed unless the applicable law states otherwise.
    
    
11. General Description of the Technical and Organizational Security Measures
    Records are secured with usernames, passwords and firewalls. The required network traffic of the service is protected. Records are available only to specifically selected personnel. Data processing personnel are under formal obligation of professional secrecy.
    
    
12. Data Subject's Rights
    Data subject ("user") is provided the following rights:
    
    • The right to be informed
    • The right of access
    • The right to rectification
    • The right to erasure
    • The right to restrict processing
    • The right to data portability
    • The right to object
    • Rights in relation to automated decision making and profiling
    
    Enquiries regarding the subject's rights should be addressed to the data controller.