Frank's service is based on student identification and confirmation of the student status. That is why we collect the following information of each of our users:
– full name
– social security number
– place of study and any additional information they provide (e.g. line of studies)
– student type (high school, vocational school, graduate or post-graduate)
– validity of student status
– image
– phone number
The EU's General Data Protection Regulation (GDPR) unifies the processing of EU citizens' personal data. It seeks to bring data processing related to personal data to present day and safeguard the rights of individuals in digital environments by making rules uniform and transparent. Finland's current Personal Data Act dates back to 1999, so it was about time it got updated! We have listed the most significant changes that the new privacy regulation introduces, both for the individual and the service provider.
The student decides when and to whom to show their student card. Frank service follows the same principle.
Along with the Data Protection Regulation, we make it even more transparent!
Access to your own data
Users have the right to know what information the service is collecting about them and why. The user must be guaranteed a correction to their data if they request it.
Right to be forgotten
Users have the right to ask the service provider to remove all information collected from them (except for the data that needs to be kept for legal reasons).
Emphasis on consent
The service provider is responsible for showing that user has given consent to collect data. Users also have the right to undo the consent anytime (but it may mean that the service can no longer be provided).
Appropriateness of data collection
All information collected from users must be justified by the functions of the service, meaning that data cannot be collected only for "fun" or "for the sake of it". The data collector is also responsible to protect the data appropriately and prevent access to that data from those who do not need to treat it.
Violators will be penalized
Organization that violates the Data Protection Regulation may at worst be fined 20 million euros or 4% of total turnover.
Data portability
At the request of the user, their data must be transferable from one system to another in "machine readable form". There are no further specifications on the format at this point - time will show whether there be a norm / recommended format for it.
Which rights and obligations come with the new Data Protection Regulation?
Frank has always invested in a secure and pleasant user experience in its services for students. Our users the students have always had the opportunity to decide who to grant or not to grant access to their data - just as a student decides to show or not to show their student card. We will continue to invest more and more in the fact that the users of the service will surely know what they are giving or not giving their consent for.
Frank users can now and in the future be sure that their data is secure and that our service will comply with all the requirements of the Data Protection Regulation.
In addition, we collect analytics of use of the service so that we can provide our users with the best user experience. Such information is the language of the service, which parts of the service and when the user has visited, and with what device, operating system, IP address, and operator they have used the service.
In addition, we keep information about users' orders such as plastic student cards and ISIC licenses. For the student card without payment method we also collect the address information for the delivery of the card.
If a user has subscribed to our newsletters or has been segmented, for example, as someone visiting Helsinki or as high school student based on the information mentioned before, we use this information to target communication and marketing.
If the user has contacted our customer service, those messages are saved too.
All user data we collect is handled securely and properly.
If you have any questions about the Data Protection Regulation, you can contact our customer service at info@frank.fi
Your student organization transfers your information to Jolla student database through a secure connection. The student organization is only able to send information to Jolla, but cannot access the information from there, so they cannot see what data there is in Jolla.
NOTE! If you do not give your student organization permission to send your information to Jolla, you can not use Frank's service either because we can not then certify your student status.
Jolla is a database owned by Finnish student unions (SYL, SAMOK, SAKKI, Lukiolaisten liitto), and Frank is the only entity who can access that data when user requests it. Frank does not own any information transferred to Jolla, but can use them with your consent to validate your student status. Also, Jolla will not pass your information to anyone other than Frank.
To take Frank's service in use, we compare the information you provide to us to the information sent by your student organization to ensure your student status. If we need to look at student information in Jolla, only predetermined employees such as customer service can do it and only from restricted IP addresses, only when that individual whose data is in question asks for it. However, we can not modify the information in Jolla.
You can find more detailed information about GDPR from the website of the Data Protection Ombudsman.
Frank has
- made it possible for our users to exercises their right to be forgotten and get their data transferred by contacting our customer service info@frank.fi
- completed a GDPR impact assessment
- checked the relevance of each and every data point
- checked that consent is asked every time any user data is transferred
- checked the compliance of each Data Processor and signed Data Processing Agreements with them
All you need to know about the new General Data Protection Regulation of EU effective 25.5.2018 and how it affects Frank's service can be found here.
EU's General Data Protection Regulation and Frank
General Data Protection Regulation in a nutshell
Rights and obligations under GDPR
Data Frank is collecting of its users
Frank's Terms of Use and structure
Fredrikinkatu 55
00100 Helsinki
© Frank Students 2026
Fredrikinkatu 55
00100 Helsinki
