Skip to main content
Suomeksi

Privacy notice – Administrative personal data of research infrastructures

1. Data controller

Tampere University

FI-33014 Tampere University

Tel. 0294 5211

Business ID 2844561-8

2. Contact person in matters related to the register

Head of unit, Laboratory Coordination

Petteri Malkavaara

Tel. +358 294 5211 (Tampere University’s switchboard)

E-mail: petteri.malkavaara [at] tuni.fi

3. Data Protection Officer

Tampere University: dpo [at] tuni.fi

4.​​​​​​ Name of the register

Administrative personal data of research infrastructures

5. The purpose of processing personal data and legal basis

The data is used for reserving research infrastructures, managing access rights, and invoicing their use as well as for compiling statistics on persons using the research infrastructures, management, and reporting. This data also includes documenting the induction and training of users. Personal data is processed to enable the operation of research infrastructures. More specific uses have been defined separately for each research infrastructure.

Tampere University also provides research infrastructures as a service based on a contract, in which case personal data is used to implement the service specified in the contract.

The data is used for reserving research infrastructures, managing access rights, and invoicing their use as well as for compiling statistics on persons using the research infrastructures, management, and reporting. This data also includes documenting the induction and training of users. Personal data is processed to enable the operation of research infrastructures. More specific uses have been defined separately for each research infrastructure.

Legal basis

In accordance with Section 2 of the Universities Act (558/2009), the mission of the University is to promote independent academic research and academic education. Tampere University processes, compiles statistics, analyses and publishes personal data related to the University's research activities and societal interaction to carry out its statutory duties. According to Section 51 of the Universities Act, all universities must submit to the Ministry of Education and Culture information required for the evaluation, development, compilation of statistics and other information required for monitoring and steering. Processing is necessary for compliance with a legal obligation to which the controller is subject and for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (EU’s General Data Protection Regulation 2016/679 article 6(1)(c) and (e)).

When research infrastructures are used based on an individual contract, the basis for processing personal data is the contract concluded with the user (Article 6 (1)(b)) or, when the organisation is a contractual partner, the legitimate interests of the controller or contractual partner (Article 6(1)(e)). The legitimate interest of the controller is to monitor the use of its research infrastructures. It is in the interests of both parties to monitor the matters that have been agreed in the contract. The legitimate interests of the University override the rights and interests of data subjects, given that the University has the right to administer and protect its research infrastructures.

According to Chapter 2, Section 3 of the Employment Contracts Act (55/2001), the University ensures occupational safety to protect employees from accidents and health hazards as laid down in the Occupational Safety and Health Act (738/2002). The data is used for carrying out inductions and training. Processing is necessary for compliance with a legal obligation to which the controller is subject (Article 6(1)(c)).

6. Contents of the register

Administrative personal data:

  •  Name
  •  Contact details (such as address, telephone number, email address, job title, organisation, and the user’s unit)
  •  Identifiers (tuni user account)
  •  Granted user rights, such as facilities and their location.

7. Regular sources of information

  • Information provided by the user.
  • Different IT systems (such as the booking system)
  • Data saved or reported by another person or organisation (joint actions)
  • Data saved by an authorised user (user saves data on behalf of a person or organisation).

 

8.Categories of recipients and disclosures of personal data

Within the University, administrative personal data of research infrastructures can be accessed by persons working in their administration and by those who use the data for invoicing, statistics, and reporting.

In some research infrastructures, the University uses outsourced service providers with whom the processing of personal data has been agreed.

The University must submit to the Ministry of Education and Culture the information required for the evaluation, development, compilation of statistics and other monitoring and steering of education and research in a manner decided by the Ministry (Universities Act (558/2009), Section 51). Universities must evaluate their education, research and artistic activities and their impact (Universities Act 558/2019, Section 87).

9. Transferring data outside EU/EEA

Personal data is not transferred outside the EU/EEA area. However, if providing the service entails transferring personal data outside the EU/EEA area, the consent of the data subjects is requested separately.

10. Personal data retention period or criteria for determining the retention period

At Tampere University, the storage periods of personal data are defined in the Information Management Plan. Personal data is stored only for as long as it is justified by the purpose of use. At the end of the retention period, the data will either be destroyed or changed to a form from which an individual cannot be identified. A sufficient level of data security has been ensured in the processing of customer data.

For invoicing purposes, data is stored in the accounting system for six years from the end of the calendar year in which the accounting period ends.

11. Rights of data subjects

Data subjects have the following rights under the EU’s General Data Protection Regulation (GDPR):

  •  Right of access to personal data
    • Data subjects are entitled to find out whether their personal data is held by the University and to ascertain which personal data has been saved.
  • Right to the rectification of data
    • Data subjects have the right to have any incorrect, inaccurate, or incomplete personal details held by the University revised or supplemented without undue delay. In addition, data subjects are entitled to demand that any unnecessary personal data is deleted.
  •  Right to erasure
    •   In exceptional circumstances, data subjects have the right to have their personal data erased from the data controller’s records (right to be forgotten).
  • Right to restrict processing
    • Data subjects have the right to request the University to restrict processing their personal data until the accuracy of their data has been appropriately reviewed and revised or supplemented.
  • Right to object
    • Data subjects may at any time object to the processing of their personal data for compelling personal reasons.
  •  Right to data portability
    • Data subjects have the right to obtain a copy of the personal data they have submitted to the data controller in a structured, commonly used, machine-readable format and the right to transfer the data to another data controller.
  •  Right to lodge a complaint with a supervisory authority
    • Data subjects have the right to lodge a complaint with a supervisory authority in their permanent place of residence or place of work if they consider the processing of their personal data to violate the provisions of the EU’s General Data Protection Regulation (EU 2016/679). Data subjects may also follow other administrative procedures to appeal against a decision made by a supervisory authority or seek a judicial remedy.
    •  Contact details: Office of the Data Protection Ombudsman, P.O. Box 800, 00521 Helsinki, tietosuoja(at)om.fi

Requests related to the rights of data subjects should be e-mailed to the University’s address tau [at] tuni.fi or mailed to

Tampere University
FI-33014 Tampere University

12. Privacy notice for a research infrastructure

If this privacy notice does not apply to the processing of administrative personal data within Tampere University’s research infrastructure, a separate privacy notice must be written for the research infrastructure. Privacy notices are published on the website of Tampere Universities at https://www.tuni.fi/en/about-us/data-protection.

13. Changes to the privacy notice

Tampere University is continuously developing its operations and reserves the right to update this privacy notice. Changes may also be based on amended or new legislation. We recommend that you review this notice from time to time.

This privacy notice is valid from 9 February 2024. This privacy notice has been updated on March 6, 2024.

Tampere University and Tampere University of Applied Sciences (TAMK) constitute the Tampere Universities community. Our areas of priority in research and education are technology, health and society.

Tampere University: +358 (0)294 5211
Tampere University of Applied Sciences : +358 (0)294 5222