Skip to main content
Suomeksi

Privacy notice - HR Services of Tampere University

Tampere University and Tampere University of Applied Sciences

The University of Tampere and Tampere University of Technology were merged on 1 January 2019 to create the new Tampere University. Together the new Tampere University (Tampere University Foundation sr) and Tampere University of Applied Sciences Ltd comprise Tampere Universities. Each institution acts as an independent data controller that processes personal data about its own staff.

Why we process personal data

Tampere University processes your personal data for the purposes of HR management and employee management and to process information about applicants and resource agreements, manage the payment of fees and carry out its tasks and meet its obligations as an employer. Tampere University processes data stored in its records in order to carry out tasks relating to data subjects that the University is obligated to perform based on legislation, collective agreements and separate decisions and regulations. These tasks include:

  • HR planning and HR budget planning;
  • recruitment, related expert reviews, internal work arrangements;
  • internal communications;
  • new employee orientation, management of work equipment and workspaces;
  • employee time tracking, allocation of working hours, the work plans of staff who work annualised hours;
  • employee records management;
  • salaries, assessment of job requirements and employee performance;
  • payment of salaries, fees and grants;
  • management of resource agreements;
  • professional development and assessment of competencies, promoting on-the-job learning;
  • management of employee relocation data;
  • professional development reviews;
  • management of occupational health services and promoting occupational well-being;
  • labour protection (equality, non-discrimination, occupational accidents);
  • employee rewards (medals of honour etc.);
  • management of business travel and international secondments, travel expense claims;
  • management of the employment lifecycle;
  • management-related activities, such as the early support model and formal hearings;
  • statistics, reporting and operations management;
  • processing data about staff.

What is the lawful basis for processing personal data?

Tampere University processes personal data primarily based on legislation and data subjects’ consent. The University is authorised to process staff members’ personal data for the following purposes: 

Staff at Tampere University: 

  • implementation of a contract to which a data subject is a party;
  • legal obligation of the Data Controller;
  • public interest or the exercise of official authority: scientific and historical research and statistical purposes;
  • exercise of the legitimate interests of the data controller or a third party: reports required by funding agencies, competency mapping;
  • consent of the data subject.

Non-employees such as grant holders, docents, fee recipients:

  • legal obligation of the Data Controller;
  • implementation of a contract to which a data subject is a party;
  • consent of the data subject.

Sensitive data: Information about membership in a trade union will be used, with the person’s consent, to collect membership fees. Health data will be processed in connection with meeting Tampere University’s obligations and providing staff with special rights (such as occupational health services)

Main regulations:

The General Data Protection Regulation of The European Union 2016/679 (GDPR)
Data Protection Act (1050/2018)
Universities Act (558/2009)
Employment Contracts Act (55/2001)
Occupational Safety and Health Act (738/2002)
Collective agreements
Act on the Protection of Privacy in Working Life (759/2004)
Act on the Openness of Government Activities (621/1999)
Working Hours Act (605/1996)
Annual Holidays Act (162/2005)
Public Sector Pensions Act (81/2016)
Employees Pensions Act (395/2006)
Statistics Act (280/2004)
Workers’ Compensation Act (459/2015)
Act on Compensation for Training (1140/2013)
Infectious Diseases Act (1227/2016)
Act on Co-operation within Undertakings (334/2007)
Occupational Health Care Act (which mandates employers to provide occupational health services to staff)

Other applicable regulations:

Tampere University’s Regulations
Tampere University’s Degree Regulations and Legal Protection Regulations
Decisions issued by the University or the President regarding teaching and learning
Permanent regulations issued by the faculties at Tampere University

The types of personal data we process

Data collected from applicants during recruitment

  • name, email address, phone number, hometown, country;
  • degree and educational qualifications;
  • previous work experience;
  • language skills;
  • data collected for statistical purposes: gender, nationality (Finnish/other, if other: continent), where the applicant heard about the open position, has the applicant worked at Tampere University before;
  • possible other information and attachments provided by candidates applying for specific positions (CV, research portfolio, teaching portfolio, research plan, recorded interview).

Staff at Tampere University

  • name, personal number, date of birth, personal identify number, gender, nationality, workplace address, work email address, phone number;
  • educational qualifications, merits and medals of honour;
  • employment records, payroll records, tax records, bank account details;
  • job requirement assessments and personal performance assessments;
  • employee time tracking and absence records;
  • data needed to manage user access and user permissions.

Fee recipients, grant holders, researchers, docents, visiting professors, emeritus/emerita professors

  • name, personal number, date of birth, personal identify number, gender, nationality, workplace address, email address;
  • educational qualifications;
  • employment records, payroll records, tax records, bank account details;
  • data needed to manage user access and user permissions.

Persons completing non-military national service and temporary agency workers

  • name, personal number, date of birth, personal identity number, gender, nationality, unit;
  • data needed to manage user access and user permissions.

External persons who take part in training provided by Tampere University

  • name, personal number, date of birth, personal identify number, gender, nationality, workplace address, email address, phone number;
  • educational qualifications;
  • data needed to manage user access and user permissions.

Sensitive personal data: Information about absences is processed in the HR systems (leave codes). Health-related data is not processed in the HR systems.

How we collect personal data

We collect data from:

  • data subjects
  • public authorities and insurance companies
  • HR decisions
  • Tampere University’s recruitment and HR systems
  • student information systems 
  • Tampere University’s identity and access management system
  • medical certificates presented by staff on sick leave.

How we process your personal data

Your personal data stored in our information systems will only be processed for the purposes for which the data were initially collected. Personal data may also be used for statistical and research purposes. As a rule, personal data that is used for statistical or research purposes is anonymised so that individuals cannot be identified. All personal data will be stored in compliance with data protection requirements.

Who we may share your data with

Data may be disclosed to the other University units when necessary. Only those members of staff at Tampere University who need to be able to collect and process personal data to perform their duties and functions are able to do so, such as supervisors, HR staff and information management staff. 

Data will be regularly disclosed to the following parties:

  • public authorities, trade unions, insurance companies, banks, Kela, providers of occupational health services and travel agency services, Ministry of Education and Culture, Statistics Finland, the Confederation of Finnish Industries (EK), Finnish Education Employers (FEE), providers of printing services and electronic payslip services, providers of staff benefits.

Transfer of personal data outside of the EU/EEA

As set out in Tampere University’s data protection policy, the University is committed to taking special data protection measures in the event that personal data is transferred outside of the EU or the European Economic Area (EEA) to countries that are not covered by the GDPR. Any transfers of personal data outside of the EU/EEA will be managed in strict compliance with the GDPR.

Automated decision-making and profiling

We do not use automated decision-making or profiling.

How long we retain your personal data

The retention periods of personal data and materials that are manually stored in our information systems are based on applicable legislation and our archive management policy/data management plan.

The retention periods are defined in Tampere University’s archive management policy.

The retention periods are based on the Archives Act and other legislation as well as Tampere University’s own guidelines. Personal data will only be stored for as long as is necessary for the purpose of processing.

Common retention periods: Information about employees’ employment contracts and salaries will be stored for a period of 50 years but, for example, employee time records will only be retained for 3 years. The applications submitted by candidates who apply for a position as an assistant professor (tenure track) or a professor and who undergo an external review will be stored on a permanent basis if the term of appointment exceeds two years.

Rights of data subjects

Right of access (GDPR, Article 15)

You have the right to know what personal data we process and hold about you. Many of the University-provided information systems allow you to view the data that we have stored about you when you are logged in.

Right to rectification (Article 16)

You have the right to have any incorrect, inaccurate or incomplete personal details that we hold about you revised or supplemented without undue delay. You are also entitled to have any unnecessary personal data erased from our records.

Right to be forgotten (Article 17)

In certain circumstances, you have the right to have your personal data erased from our records. The right to erasure does not apply, if the processing is necessary for us to comply with our legal obligations or perform tasks carried out in the exercise of official authority.

Right to restrict processing (Article 18)

In certain circumstances, you have the right to request us to restrict processing your personal data until the accuracy of your data, or the lawful basis for processing your data, has been appropriately reviewed and potentially revised or supplemented.

Right to data portability (Article 20)

You have the right to obtain a copy of the personal data that you have submitted to the higher education institution in a commonly used, machine-readable format and transfer the data to another data controller. This right applies to situations where data is processed automatically on the basis of consent or contract.

This means that the right to data portability does not apply to data processing that is necessary for the performance of a task carried out in the public interest or to fulfil legal obligations imposed on the data controller. Consequently, this right does not generally apply to the University’s personal data registers.

Right to object (Article 21)

You may at any time object to the processing of your personal data for special personal reasons, if the basis for processing is a task carried out in the public interest, the exercise of official authority, or the University’s legitimate interests. After receiving such a request, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing your data.

Right to lodge a complaint with a supervisory authority (Article 77)

You have the right to lodge a complaint with a supervisory authority, if you consider that the processing of your personal data violates the provisions of the GDPR (2016/679). In addition, you may follow other administrative procedures to appeal against a decision made by a supervisory authority or seek a judicial remedy.

Office of the Data Protection Ombudsman
Street address: Lintulahdenkuja 4
Postal address: PO Box 800, FI-00531 Helsinki, Finland
Email: tietosuoja [at] om.fi (tietosuoja[at]om[dot]fi)
Switchboard: +358 2956 66700

Questions about data protection

Please deliver all subject access requests to the data protection officer of Tampere University by email at dpo [at] tuni.fi or by post to the following address: Data Protection Officer, Tampere University, FI-33014, Tampere, Finland.

This privacy notice was updated on 5 August 2022.

Tampere University and Tampere University of Applied Sciences (TAMK) constitute the Tampere Universities community. Our areas of priority in research and education are technology, health and society.

Tampere University: +358 (0)294 5211
Tampere University of Applied Sciences : +358 (0)294 5222