fbpx

ISM Finland Register and Privacy Statement

This is a register and data protection statement in accordance with Personal Data Act ( sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Prepared 1.10.20241

1. The register

International School of Music Finland Kannatusyhdistys ry (ISM)- 2672611-7

International School of Music Espoon Kannatusyhdistys ry (ISM)- 2916757- 6

Hietalahdenkatu 8, 00180 Helsinki

Phone: 045 265 7848

Email: info@ismfinland.org

2. Contact person

In charge of data protection: Principal Giedre Tabocchini

International School of Music, Hietalahdenkatu 8, 00180 Helsinki

Email: giedre@ismfinland.org

Phone:  045 265 7848

3. Names of registers (based on legal obligation, contract, agreement)

  1. Student registration and teacher diary system Eepos
  2. Salary calculation register Aallon Oy
  3. Accounting and sales invoice register Netvisor Oy
  4. Invoicing, payment in instalments, late payments Visma Amili Oy
  5. Occupational healthcare service provider Terveystalo Oy
  6. Manual registers ( keys, work agreements, surveys, newsletters)

4. Information collected through registers

A. Student registration system Eepos

  • student/ guardian identification and contact information
  • information regarding the studies (subject, progress chart, concert information)
  • applicant identification and contact information
  • teacher identification and contact details
  • instrument rental agreements and user contact details

B. Salary accountant Aallon Oy

  • staff identification information
  • staff contact information
  • tax card and bank account information

C. Accounting and sales invoice register Netvisor Oy

  • information of billable individuals
  • staff identification and contact information
  • staff tax card information

D. Visma Amili Oy

  • payee contact information and address

E. Terveystalo Oy

  • identification and contact information of the staff that are covered by occupational healthcare

F. Manual registers

  • key user lists
  • staff work contracts with all the necessary information
  • staff survey information
  • customer satisfaction surveys
  • share of actual information regarding the studies, continuation, etc

5. Sources of the collected information

A. Eepos student registration system

  • student him/herself, guardians, staff

B. Aallon Oy

  • employee passes identification and contact information to Aallon Oy

C. Netvisor Oy

  • student registration system  Eepos
  • invoiced and invoicing companies themself

D. Visma Amili Oy

  • accounting and sales register Netvisor Oy

E. Terveystalo Oy

  • staff themselves
  • provided by the Principal

F. Manual registers

  • staff themselves
  • students themselves
  • emails collected from applications, after the given permission

6. Personal information data storage period

International School of Music will hold personal data for as long as the student is enrolled and after for a standard period as specified in ISM record management plan.

Employee information will be kept for as long as employee is in a work relation with the school and after that for a standard period as specified.

Occupational healthcare information will be deleted as soon as employee’s contract is ended. Key register information will be deleted a week after the key has been returned to the administration.

Controller will evaluate the necessity of data storage regularly. Legal basis of the data handling in the register will be evaluated every 5 years.

7. Disclosure of personal data and transfer of data outside the EU and EEA

ISM discloses information to pension fund administration, national pension fund administration, Board of Education, tax administration, occupational healthcare provider, labor authorities and other possible authorities.

Information from student registration system Eepos is passed onto the invoicing system for tuition billing, debt collection agency so that late tuition fees can be collected.

Information in action report, board reports and website can be published without a separate consent. However, the registered person or in case of minor student- guardians, can forbid disclosure of information, and it needs to be delivered in written to a person in charge of data protection in the school.

Pictures, performances and other works of the students are published according to the consent marked in student registration system Eepos.

Information is not disclosed to other parties regularly. Some of information can be disclosed as separately agreed. Data can also be transferred by the controller outside EU and EEA.

8. Safe storage and disposal of the data

Digital Records: all electronic data is stored in secure servers. Access to digital records is restricted based on role and necessity. Only authorised staff can view or manage sensitive information. Data is regularly backed to prevent loss due to hardware failure or other incidents.

Physical data and paper based records are stored in locked cabinets in restricted access area. Only authorised staff have access to the records. 

After the expiration of data storage period physical records are shredded to securely dispose of paper documents, and digital data is deleted using secure deletion methods to prevent recovery.

9. Awareness

All employees at the school  will be introduced to the document regularly, emphasising the importance of record and secure information handling. Employees will be instructed of the importance of maintaining confidentiality in all communications and transactions involving personal data. Staff will be encouraged to change passwords regularly for both- their work email and teacher diary access to promote secure data measures.

Kotisivut yrityksille: Mainostoimisto Kompassi