The agreement on membership in the MPASSid trust network in a nutshell
Below you will find a summary of the content of the MPASSid agreement. Please note that the summary is not kept up to date with every version of the agreement. See the attachments below for the latest full versions of the agreements in Finnish and Swedish.
Parties
The operator’s representative and the representative of the service provider or education provider joining the network sign a membership agreement.
Object of agreement
By signing the agreement, the service provider or the education provider becomes a member of the MPASSid trust network and obtains access to the MPASSid identification service. The operator has been commissioned to provide the identification service to the member by the Finnish National Agency for Education, the owner of MPASSid. The agreement does not affect the content of the member’s other contractual relationships. The member is fully responsible for the lawfulness of its own activities.
Members' position and tasks
The MPASSid trust network has two types of members: home organisations (in practice, education providers) and service providers.
Home organisation:
- maintains the register serving as the data source from which the end users’ personal data is retrieved.
- the MPASSid identification service cannot be used to transmit other personal data than that necessary for the provision of education.
- acts as the controller of the transmitted personal data.
Service provider:
- the service provider provides the service to which the data is transmitted.
- acts as the handler of the transmitted personal data
- It the member is an education provider, it may act both as a home organisation and as a service provider. Other members may act only as service providers. The member is itself responsible for complying with the legislation on data security.
Operator’s position and tasks.
- The operator provides the MPASSid identification service to the members according to what has been commissioned by the Finnish National Agency for Education.
- Except for the periods required for necessary maintenance, the service is available to the members and its level of accessibility and usability are kept as high as possible.
- The operator is responsible for the security of the identification service. To ensure security, the operator maintains a log system.
- The operator acts as the controller of the personal data in the identification service and undertakes to fully comply with the obligations and responsibilities based on data security legislation.
The validity of the agreement, amendments to it, and its termination
A member may terminate the agreement by giving one month’s notice. If the member is a service provider, the period of notice for the operator is three months. If the member is a home organisation, the period of notice for the operator is six months or until the beginning of the following school term, whichever is longer. In the case of a material breach of agreement, both parties can terminate the agreement immediately if the other party does not rectify its actions within a reasonable time period (however, always at least 30 days).
The agreement can only be amended by a decision made by the trust network’s steering group and a qualified majority is required. Members will be informed about all amendments. If a member does not accept the amendment, it may terminate the agreement within 30 days of being informed about it. The termination will then take effect at the same time as the amendment.
Liability for compensation and limitations of liability
The parties are not responsible to each other for damages related to the identification service or its use. The operator is not responsible for the lawfulness of the processing of personal data by the members or any damages resulting from it.
