1. Online Privacy Policy

2. ISM Finland Register and Privacy Statement

1. Online Privacy Policy

Effective Date: 09-Oct-2024

Last Updated: 09-Oct-2024

Introduction

The purpose of this privacy policy is to provide the information required by the EU General Data Protection Regulation 2016/679 on how the International School of Music Finland (ISM) processes personal data of the visitors on its website at https://www.ismfinland.org, the recipients of its newsletters, and other marketing communications.

This Privacy Policy describes the policies of International School of Music Finland, Hietalahdenkatu 8, 00180, Finland, email: info@ismfinland.org, phone number: +358452657848 on the collection, use and disclosure of your information that we collect when you use our website (https://www.ismfinland.org). (the “Service”). By accessing or using the Service, you are consenting to the collection, use and disclosure of your information in accordance with this Privacy Policy. If you do not consent to the same, please do not access or use the Service.

We may modify this Privacy Policy at any time without any prior notice to you and will post the revised Privacy Policy on the Service. The revised Policy will be effective 180 days from when the revised Policy is posted in the Service and your continued access or use of the Service after such time will constitute your acceptance of the revised Privacy Policy. We therefore recommend that you periodically review this page.

Data controller and contact details

International School of Music Finland

Business ID: 2672611-7

Representative: For further information about your data processing please contact info@ismfinland.org

Email: info@ismfinland.org

Data subjects and processing

The data subjects are the persons who visit ISM’s website, subscribe to our newsletters and to whom marketing is targeted on social media platforms used by ISM.

  • Data collected by cookies and similar technologies and consents and prohibitions
  • Purpose of processing: Using other than strictly necessary cookies and similar technologies; to provide and develop our website, analyse our website traffic, and to personalise content and ads.
  • Legal basis for processing: Legitimate interests of the controller when retrieving the data through the cookie and further processing it. Under the ePrivacy Directive and the Finnish Act on Electronic.
  • Communications Services, consent of the data subject must be acquired prior to placing other than strictly necessary cookies.

Categories and sources of personal data

These are listed on our Cookie Policy page here.

Personal data retention periods

You can always object to processing your data or withdraw your consent in relation to this processing. Regarding the retention periods of the personal data of website visitors, these are listed on our Cookie Policy page here.

Recipients of personal data

Personal data will be disclosed to our authorised users when necessary for providing and developing our website. Access to the personal data described in this privacy policy is restricted and only authorised users have access to such personal data.

We may use the following service providers in processing your personal data:

  • Google Analytics
  • Facebook
  • Instagram
  • LinkedIn
  • MailerLite
  • CookieYes

Security of processing

We have taken and will maintain the necessary and appropriate technical and organisational measures to ensure the security of processing and to monitor the use of personal data, such as access control and rights, event logging, protection of hardware and files, physical access restrictions, encryption of sensitive data, pseudonymization, user guidelines and supervision. In addition, we have internal procedures for controlling non-conforming products and services, such as IT equipment or software components, at ISM.

Your rights as a data subject

Data subjects have the following rights against us with regard to their personal data:

  • Right of access
  • Right to correction or deletion
  • Right to limit processing
  • Right to object to the processing
  • Right to data transferability
  • Right to revoke a given consent at any time
  • Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with the competent supervisory authority, in particular in the EU/EEA member state of your habitual residence, place of work or place of the alleged infringement, if you consider that your personal data has been processed in violation of applicable data protection laws. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman, whose contact information is accessible through the following link: https://tietosuoja.fi/en/contact-information

Cookie Settings

You can change your cookie preferences any time by clicking the floating blue circular button on the lower left side of our website. This will let you revisit the cookie consent banner and change your preferences or withdraw your consent right away. For more information, please visit our Cookie Policy page here.

Student Information

Learn about how we use student information and view our register and privacy statement here.

2. ISM Finland Register and Privacy Statement

This is a register and data protection statement in accordance with Personal Data Act ( sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Prepared 1.10.20241

1. The register

International School of Music Finland Kannatusyhdistys ry (ISM)- 2672611-7

International School of Music Espoon Kannatusyhdistys ry (ISM)- 2916757- 6

Hietalahdenkatu 8, 00180 Helsinki

Phone: 045 265 7848

Email: info@ismfinland.org

2. Contact person

In charge of data protection: Principal Giedre Tabocchini

International School of Music, Hietalahdenkatu 8, 00180 Helsinki

Email: giedre@ismfinland.org

Phone:  045 265 7848

3. Names of registers (based on legal obligation, contract, agreement)

  1. Student registration and teacher diary system Eepos
  2. Salary calculation register Aallon Oy
  3. Accounting and sales invoice register Netvisor Oy
  4. Invoicing, payment in instalments, late payments Visma Amili Oy
  5. Occupational healthcare service provider Terveystalo Oy
  6. Manual registers ( keys, work agreements, surveys, newsletters)

4. Information collected through registers

A. Student registration system Eepos

  • student/ guardian identification and contact information
  • information regarding the studies (subject, progress chart, concert information)
  • applicant identification and contact information
  • teacher identification and contact details
  • instrument rental agreements and user contact details

B. Salary accountant Aallon Oy

  • staff identification information
  • staff contact information
  • tax card and bank account information

C. Accounting and sales invoice register Netvisor Oy

  • information of billable individuals
  • staff identification and contact information
  • staff tax card information

D. Visma Amili Oy

  • payee contact information and address

E. Terveystalo Oy

  • identification and contact information of the staff that are covered by occupational healthcare

F. Manual registers

  • key user lists
  • staff work contracts with all the necessary information
  • staff survey information
  • customer satisfaction surveys
  • share of actual information regarding the studies, continuation, etc

5. Sources of the collected information

A. Eepos student registration system

  • student him/herself, guardians, staff

B. Aallon Oy

  • employee passes identification and contact information to Aallon Oy

C. Netvisor Oy

  • student registration system  Eepos
  • invoiced and invoicing companies themself

D. Visma Amili Oy

  • accounting and sales register Netvisor Oy

E. Terveystalo Oy

  • staff themselves
  • provided by the Principal

F. Manual registers

  • staff themselves
  • students themselves
  • emails collected from applications, after the given permission

6. Personal information data storage period

International School of Music will hold personal data for as long as the student is enrolled and after for a standard period as specified in ISM record management plan.

Employee information will be kept for as long as employee is in a work relation with the school and after that for a standard period as specified.

Occupational healthcare information will be deleted as soon as employee’s contract is ended. Key register information will be deleted a week after the key has been returned to the administration.

Controller will evaluate the necessity of data storage regularly. Legal basis of the data handling in the register will be evaluated every 5 years.

7. Disclosure of personal data and transfer of data outside the EU and EEA

ISM discloses information to pension fund administration, national pension fund administration, Board of Education, tax administration, occupational healthcare provider, labor authorities and other possible authorities.

Information from student registration system Eepos is passed onto the invoicing system for tuition billing, debt collection agency so that late tuition fees can be collected.

Information in action report, board reports and website can be published without a separate consent. However, the registered person or in case of minor student- guardians, can forbid disclosure of information, and it needs to be delivered in written to a person in charge of data protection in the school.

Pictures, performances and other works of the students are published according to the consent marked in student registration system Eepos.

Information is not disclosed to other parties regularly. Some of information can be disclosed as separately agreed. Data can also be transferred by the controller outside EU and EEA.

8. Safe storage and disposal of the data

Digital Records: all electronic data is stored in secure servers. Access to digital records is restricted based on role and necessity. Only authorised staff can view or manage sensitive information. Data is regularly backed to prevent loss due to hardware failure or other incidents.

Physical data and paper based records are stored in locked cabinets in restricted access area. Only authorised staff have access to the records.

After the expiration of data storage period physical records are shredded to securely dispose of paper documents, and digital data is deleted using secure deletion methods to prevent recovery.

9. Awareness

All employees at the school  will be introduced to the document regularly, emphasising the importance of record and secure information handling. Employees will be instructed of the importance of maintaining confidentiality in all communications and transactions involving personal data. Staff will be encouraged to change passwords regularly for both- their work email and teacher diary access to promote secure data measures.

For more information about our Privacy Policy, you can contact us at: info@ismfinland.org.

Kotisivut yrityksille: Mainostoimisto Kompassi