Privacy notice - Customer and stakeholder relations, communications and marketing
The University of Tampere and Tampere University of Technology were merged on 1 January 2019 to create the new Tampere University. Together the new Tampere University (Tampere University Foundation sr) and Tampere University of Applied Sciences Ltd comprise Tampere Universities.
Why we process personal data
Tampere Universities process individuals’ personal data not only in the contexts of communications, sales, marketing and targeted advertising but also to manage customer relationships and paid training activities, build donor and alumni relations, deliver impact for society, provide paid services and develop and enhance quality. We may also process personal data about people who participate in our events, paid training activities, fundraising activities or needs assessment surveys.
Our external stakeholders include individuals that we may want to engage as specialists, partners, guest lecturers, research subjects or for other similar purposes (such as alumni relations). In addition, our external stakeholders include persons who have subscribed to our publications, newsletters or other communications as well as people who receive sales or marketing materials or are asked to fill out surveys that explore the need for different services provided by Tampere Universities.
Lawful basis for processing personal data
We process personal data in compliance with the EU’s General Data Protection Regulation (GDPR). The lawful bases for processing are:
- Data subjects have provided their consent for processing their personal data as set out in the EU’s General Data Protection Regulation (GDPR; article 6, paragraph 1a).
- Processing is necessary to comply with the data controller’s legal obligation (GDPR; article 6, paragraph 1c).
- Processing is necessary for the purpose of performing a public task or exercising official authority (GDPR, article 6, paragraph 1e).
- Processing is necessary for the purposes of the data controller’s legitimate interests (GDPR, article 6, paragraph 1f).
We always ask individuals for their consent for the use of photographs in which they appear for marketing purposes and for receiving marketing materials. Contracts and resulting customer relationships are the lawful basis for processing personal data in the context of research and education services. The lawful basis for processing is the data controller’s legitimate interests in situations where marketing materials or other information about the University’s activities or events is provided to existing customers. We process personal data about donors to comply with our legal obligations. e process personal data about partners based on the data controller’s legitimate interests and to fulfil our legal obligations. We process employees’ photographs to fulfil our legal obligations.
We may also process sensitive data when managing event participation records (information about dietary restrictions may be sensitive data). The lawful basis for processing this type of data is consent.
- The EU’s General Data Protection Regulation (GDPR 2016/679)
- Data Protection Act (1050/2018)
- Act on the Protection of Privacy in Working Life (759/2004)
- Universities Act (558/2009)
- Universities of Applied Sciences Act (932/2014)
- Act on Electronic Communications Services (917/2014)
- Act on Information Management Governance in Public Administration (906/2019)
- Archives Act (831/1994)
- Copyright Act (404/1961)
The types of personal data we process
- Media: name, contact information.
- Alumni: name, contact information, degree, date of birth, job title, interests.
- Persons who hold or apply for the title of docent: name, contact information, educational qualifications, CV, personal identity number, documents and statements relating to work history
- Paid training programmes: name, contact information, personal identity number, payment details, feedback collection, special needs.
- Donors: name, personal identity number/business ID, address, phone number, email address, amount of the donation and earmarking. We collect personal identity numbers from private donors who have donated €850 or more a year.
- Information about donations (bank details, payment method, information included in the message field).
- Communications with alumni, donors and partners.
- Newsletters and marketing communications: contact information.
- First language and preferred language.
- Events: name, contact information, event details, payment details, feedback collection, marketing of similar events, special needs.
- Photographs and video footage, consent forms.
Photographs for communications and marketing purposes
Tampere Universities use photographs for marketing and communications purposes. We ask for consent from people who appear in the photos.
Photographs may be taken and/or video footage recorded in the premises and events of Tampere Universities. Photos and videos may be published on our website, social media channels and other publications.
How we collect personal data
We collect some of the personal data we hold from data subjects themselves. To ensure that data are accurate and complete, we may retrieve additional data from the University’s information systems and paid address services. All personal data relating to a docentship is provided by the data subject in question. Statements pertaining to candidates’ expertise and qualifications are requested directly from relevant specialists.
To build an understanding of our customers, we may also collect data from other publicly accessible sources. Examples of this type of data include:
- your contact information
- your educational background and career.
We retrieve data, for example, from the following sources: Digital and Population Data Services Agency and the academic records, event management system and contact information directory of Tampere Universities.
Retention period of personal data
Personal data about persons who make a donation to Tampere University will be stored on a permanent basis to comply with the University’s legal obligations.
The retention periods for other types of personal data are:
- Alumni: the data will be deleted when an alumnus/a asks for them to be deleted from the alumni records.
- Customers: data will be retained for as long as is necessary to maintain collaboration with the partner. The data stored in customer records will be actively reviewed, and unnecessary data will be deleted from the records. Data will also be deleted upon a data subject's request as long as the erasure does not prevent the data controller to fulfill its legal obligations.
- Training event participants: data about alumni, donors and partners will be stored. They can ask the University to delete this data. Event-specific data will be deleted after the data is no longer needed to organise and manage the event. After an event has ended, participants’ contact information may be used to send notifications of similar events. Afterwards the data may be anonymised, if necessary, and stored to be used for statistical purposes.
- Photos and videos used for communications and marketing purposes will be retained as follows:
- retention periods defined in the Archives Act
- the period of time agreed with the photographer
- 20 years in the image bank, after which they will be transferred to the archives (the image bank serves as the archives).
- Personal data relating to a docentship will be retained for the lifetime of the docent. The retention period for data about candidates is specified in the University’s records management plan.
The retention periods for other types of personal data are listed in the records management plan of Tampere Universities.
Who we may share your data with
We may, for journalistic purposes, provide the media with portraits of the members of the university community who have been interviewed by the media. Personal data may be used for the purposes of scientific research.
Transfer of personal data outside of the EU/EEA
As a rule, personal data will not be transferred outside of the EU/EEA. As set out in Tampere University’s data protection policy, the University is committed to taking special data protection measures in the event that personal data is transferred outside of the EU or the European Economic Area (EEA) to countries that are not covered by the GDPR. Any transfers of personal data outside of the EU/EEA will be managed in strict compliance with the GDPR.
Rights of data subjects
Right of access (GDPR, Article 15)
You have the right to know what personal data we process and hold about you. Many of the University-provided information systems allow you to view the data that we have stored about you when you are logged in.
Right to rectification (Article 16)
You have the right to have any incorrect, inaccurate or incomplete personal details that we hold about you revised or supplemented without undue delay. You are also entitled to have any unnecessary personal data erased from our records.
Right to be forgotten (Article 17)
In certain circumstances, you have the right to have your personal data erased from our records. The right to erasure does not apply, if the processing is necessary for us to comply with our legal obligations or perform tasks carried out in the exercise of official authority.
Right to restrict processing (Article 18)
In certain circumstances, you have the right to request us to restrict processing your personal data until the accuracy of your data, or the lawful basis for processing your data, has been appropriately reviewed and potentially revised or supplemented.
Right to data portability (Article 20)
You have the right to obtain a copy of the personal data that you have submitted to the University in a commonly used, machine-readable format and transfer the data to another data controller. This right applies to situations where data is processed automatically on the basis of consent or contract.
This means that the right to data portability does not apply to data processing that is necessary for the performance of a task carried out in the public interest or to fulfil legal obligations imposed on the data controller. Consequently, this right does not generally apply to the higher education institution’s personal data registers.
Right to object (Article 21)
You may at any time object to the processing of your personal data for special personal reasons, if the basis for processing is a task carried out in the public interest, the exercise of official authority, or the higher education institution’s legitimate interests. After receiving such a request, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing your data.
Right to lodge a complaint with a supervisory authority (Article 77)
You have the right to lodge a complaint with a supervisory authority, if you consider that the processing of your personal data violates the provisions of the GDPR (2016/679). In addition, you may follow other administrative procedures to appeal against a decision made by a supervisory authority or seek a judicial remedy.
Office of the Data Protection Ombudsman
Street address: Lintulahdenkuja 4
Postal address: PO Box 800, FI-00531 Helsinki, Finland
Email: tietosuoja [at] om.fi
Switchboard: +358 2956 66700
Subject access requests
You can request to have any inaccurate personal data rectified in connection with the process where the data is generated. You can view the personal data we hold about you by logging into many of the information systems owned or maintained by Tampere Universities.
With questions about alumni relations, please send an email to alumni [at] tuni.fi
With questions about fundraising, please send an email to donations.tau [at] tuni.fi
With questions about continuous learning, please send an email to kehityosaajana [at] tuni.fi
You can contact the Communications unit at Tampere University by email at viestinta.tau [at] tuni.fi and the Communications unit at Tampere University of Applied Sciences by email at viestinta.tamk [at] tuni.fi.
Please deliver all subject access requests to the data protection officer of Tampere Universities (by email at dpo [at] tuni.fi or by post to the following address: Data Protection Officer, Tampere University, FI-33014, Tampere, Finland).
This privacy notice was updated on 25 October 2021.