Privacy Policy for the Open Badge Service

Privacy Policy for the Open Badge Service (Open Badge Factory)

General Data Protection Regulation 2016/679

Updated 12.12.2023

  1. Data Controller
    • Jamk University of Applied Sciences Ltd
    • PL 207, 40101 Jyväskylä
    • +358 20 743 8100
  2. Contact Persons of the Data Controller
    • Process Owner: Educational Development Manager
    • Content Administrator: Online Pedagogy Designer
    • Technical Administrator: – firstname.lastname@jamk.fi
  3. Registry Information
    • Jamk collects personal data related to the issuance of competence badges. Badges are awarded as part of teaching, staff training, events, and applications.
    • Provider: Open Badge Factory Ltd (service provider) 1
    • Collected data: name, email address
    • Data is stored to enable access to the system and to identify users for proper service usage. The main administrator at Jamk is the eLearning Advisor.
  4. Purpose and Basis of Personal Data Processing
    • The basis for processing is the participant’s consent. The recipient of the badge decides whether to accept the badge. The recipient can add, modify, and delete all data from the service and delete the account entirely at any time.
    • Personal data is processed according to Jamk’s personal data processing guidelines and general privacy policy.
  5. Data Processors and Groups of Data Subjects
    • Personal data is processed by the content administrator and the service provider.
    • Groups of data subjects: customers, students, employees
  6. Sources of Information
    • Data is obtained from the recipient/applicant if the badge is applied for. Jamk is the badge issuer and data transmitter based on training or event information. The recipient provides the information to Jamk.
    • The service provider has outsourced IT management to an external service provider, whose server stores the data. The server is protected and managed by the external service provider.
    • The service provider and Jamk may disclose data to authorities according to mandatory legislation. Otherwise, registry data is not disclosed to external parties.
  7. Retention Period of Personal Data
    • The recipient can add, modify, and delete all data from the service and delete the account entirely at any time. Data is retained as long as necessary for data processing.
  8. Rights of the Data Subject and Their Implementation
    • The data subject has the right under the General Data Protection Regulation to:
      • Withdraw consent
      • Access their personal data
      • Correct errors
      • Prohibit direct marketing
      • Object to processing
      • Restrict processing
      • Transfer data
    • To exercise these rights, please make a request to Jamk’s data protection officer at tietosuoja@jamk.fi. More information about Jamk’s data protection officer and the rights of the data subject can be found in Jamk’s personal data processing guidelines and general privacy policy.
  9. Data Security
    • Personal data is stored on the service provider’s servers, protected according to industry standards. Collected and processed personal data is kept confidential and disclosed only to those who need it for their work.
    • Access to personal data is protected by user-specific credentials, passwords, and access rights. The service provider is responsible for technical and data security protection. The service provider’s staff is committed to handling personal data securely, confidentially, and only to provide the service.
  10. Data Transfer
    • Personal data is stored and processed only within the EU and EEA.
  11. Automated Decision-Making and Profiling
    • Personal data in the registry is not subject to automated decision-making or profiling.