Skip to main content

Privacy notice - HR management

The former University of Tampere and Tampere University of Technology were merged on 1 January 2019 to create the new Tampere University. Together the new Tampere University (Tampere University Foundation sr) and Tampere University of Applied Sciences Ltd comprise Tampere Universities. Both institutions act as independent data controllers that processes personal data about their own staff.

Why we process your personal data

Tampere University processes your personal data for the purposes of HR management and employee management and in order to process information about applicants and resource agreements, manage the payment of fees and carry out its tasks and meet its obligations as an employer. Tampere University processes data stored in its records in order to carry out tasks relating to data subjects which the University is obligated to perform based on legislation, collective agreements and separate decisions and orders.

These tasks include:

  • HR planning and HR budget planning
  • recruitment, related expert reviews, internal work arrangements
  • internal and external recruitment
  • internal communications
  • new employee orientation, management of work equipment and workspaces
  • employee time tracking, allocation of working hours, the work plans of staff who work annualised hours
  • employee records management
  • salaries, assessment of job requirements and employee performance
  • payment of salaries, fees and grants
  • management of resource agreements
  • professional development and assessment of competencies, promoting on-the-job learning;
  • management of employee relocation data
  • professional development reviews
  • management of occupational health services, promoting occupational well-being
  • labour protection (equality, non-discrimination, occupational accidents)
  • employee rewards (medals of honour etc.)
  • management of business travel and international secondments, travel expense claims
  • management of emplyment lifecycle
  • management-related activities, such as the early support model and formal hearings
  • statistics, reporting and operations management
  • information about individuals who apply for professorships is retained for research purposes

The lawful basis for processing personal data

Tampere University processes personal data primarily based on legislation and data subjects’ consent. The University may process staff members’ personal data for the following purposes:

Staff at Tampere University:

  • implementation of a contract to which a data subject is a party
  • legal obligation of the data controller
  • public interest/exercise of public authority: scientific or historical research purposes or statistical purposes
  • legitimate interests of the data controller or a third party: reports required by funding agencies; competency assessments
  • consent of the data subject

Non-employees such as grant holders, docents, fee recipients

  • legal obligation of the data controller
  • implementation of a contract to which a data subject is a party
  • consent of the data subject

Sensitive data: Information about membership in a trade union may be processed, with the person’s consent, to collect membership fees. Health data may be processed in connection with meeting Tampere University’s obligations and providing staff with special rights (such as occupational health services)

Main regulations:

  • The EU’s General Data Protection Regulation (GDPR, EU 2016/679)
  • Data Protection Act (1050/2018)
  • Universities Act (558/2009)
  • Employment Contracts Act (55/2001)
  • Occupational Safety and Health Act (738/2002)
  • Collective agreements
  • Act on the Protection of Privacy in Working Life (759/2004)
  • Act on the Openness of Government Activities (621/1999)
  • Working Hours Act (605/1996)
  • Annual Holidays Act (162/2005)
  • Public Sector Pensions Act (81/2016)
  • Employees Pensions Act (395/2006)
  • Statistics Act (280/2004)
  • Workers’ Compensation Act (459/2015)
  • Act on Compensation for Training (1140/2013)
  • Infectious Diseases Act (1227/2016)
  • Act on Co-operation within Undertakings (334/2007)
  • Occupational Health Care Act (which mandates employers to provide occupational health services to staff)

Other applicable regulations:

  • Tampere University’s Regulations
  • Tampere University’s Degree Regulations and Legal Protection Regulations
  • Decisions issued by the University or the President regarding teaching and learning
  • Permanent regulations issued by the faculties at Tampere University

The categories of personal data that we process

Data collected from applicants during recruitment:

  • name, email address, phone number, hometown, country;
  • degree and educational qualifications;
  • previous work experience;
  • language skills;
  • data collected for statistical purposes: gender, nationality (Finnish/other, if other: continent), where the applicant heard about the open position, has the applicant worked at Tampere University before;
  • possible other information and attachments provided by candidates applying for specific positions (CV, research portfolio, teaching portfolio, research plan, recorded interview).

Staff at Tampere University:

  • name, personal number, date of birth, personal identify number, gender, nationality, workplace address, work email address, phone number
  • educational qualifications, merits and medals of honour
  • employment records, payroll records, tax records, bank account details
  • job requirement assessments and personal performance assessments
  • employee time tracking and absence records
  • data needed to manage user access and user permissions

Fee recipients, grant holders, researchers, docents, visiting professors, emeritus/emerita professors

  • name, personal number, date of birth, personal identify number, gender, nationality, workplace address, email address
  • educational qualifications
  • employment records, payroll records, tax records, bank account details
  • data needed to manage user access and user permissions

Persons completing non-military national service and temporary agency workers

  • name, personal number, date of birth, personal identity number, gender, unit
  • employee time tracking and absence records
  • data needed to manage user access and user permissions

External persons who take part in training provided by Tampere University

  • name, personal number, date of birth, personal identify number, gender, nationality, workplace address, email address, phone number
  • educational qualifications
  • data needed to manage user access and user permissions

Sensitive personal data: Information about absences is processed in the HR systems (leave codes). Health-related data is not processed in the HR systems.

How we collect personal data

We collect personal data from:

  • data subjects
  • the public authorities and insurance companies
  • HR decisions
  • Tampere University’s recruitment and HR systems
  • student information systems
  • medical certificates presented by staff on sick leave.

Tampere University’s identity and access management system

How we process your personal data

Your personal data stored in our information systems will only be processed for the purposes for which the data were initially collected. Personal data may also be used for statistical and research purposes. As a rule, personal data that is used for statistical or research purposes is anonymised so that individuals cannot be identified. All personal data will be stored in compliance with data protection requirements.

Who we may share your data with

Data may be disclosed to the other University units when necessary. Only those members of staff at Tampere University who need to be able to collect and process personal data to perform their duties and functions are authorised to process personal data (such as supervisors, HR staff and information management staff). 

Data will be regularly disclosed to the following parties:

  • public authorities, trade unions, insurance companies, banks, Kela, providers of occupational health services and travel agency services, Ministry of Education and Culture, Statistics Finland, the Confederation of Finnish Industries (EK), Finnish Education Employers (FEE), providers of printing services and electronic payslip services, providers of staff benefits.

Transfer of personal data outside of the EU/EEA

As set out in Tampere University’s data protection policy, the University is committed to taking special data protection measures in the event that personal data is transferred outside of the EU or the European Economic Area (EEA) to countries that are not covered by the GDPR. Any transfers of personal data outside of the EU/EEA will be managed in compliance with the GDPR.

How long we retain your personal data

The retention periods of personal data and materials that are manually stored in our information systems are based on applicable legislation and our archive management policy/data management plan.

The retention periods are defined in Tampere University’s archive management policy.

The retention periods are based on the Finnish Archives Act and other applicable legislation as well as Tampere University’s guidelines and archive management policy. Personal data will only be retained for as long as is necessary for the purpose of processing.

Common retention periods: Information about employees’ employment contracts and salaries will be stored for a period of 50 years but, for example, employee time records will only be retained for 3 years. The applications submitted by candidates who apply for a position as an assistant professor (tenure track) or a professor and who undergo an external review will be stored on a permanent basis if the term of appointment exceeds two years.

Rights of data subjects

Right of access (GDPR, Article 15)

You have the right to know what personal data we process and hold about you. Many of the University-provided information systems allow you to view the data that we have stored about you when you are logged in.

Right to rectification (Article 16)

You have the right to have any incorrect, inaccurate or incomplete personal details that we hold about you revised or supplemented without undue delay. You are also entitled to have any unnecessary personal data erased from our records.

Right to be forgotten (Article 17)

In certain circumstances, you have the right to have your personal data erased from our records. The right to erasure does not apply, if the processing is necessary for us to comply with our legal obligations or perform tasks carried out in the exercise of official authority.

Right to restrict processing (Article 18)

In certain circumstances, you have the right to request us to restrict processing your personal data until the accuracy of your data, or the lawful basis for processing your data, has been appropriately reviewed and potentially revised or supplemented.

Right to data portability (Article 20)

You have the right to obtain a copy of the personal data that you have submitted to the University in a commonly used, machine-readable format and transfer the data to another data controller. This right applies to situations where data is processed automatically on the basis of consent or contract.
This means that the right to data portability does not apply to data processing that is necessary for the performance of a task carried out in the public interest or to fulfil legal obligations imposed on the data controller. Consequently, this right does not generally apply to the higher education institution’s personal data registers.

Right to object (Article 21)

You may at any time object to the processing of your personal data for special personal reasons, if the basis for processing is a task carried out in the public interest, the exercise of official authority, or the higher education institution’s legitimate interests. After receiving such a request, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing your data.

Right to lodge a complaint with a supervisory authority (Article 77)

You have the right to lodge a complaint with a supervisory authority, if you consider that the processing of your personal data violates the provisions of the GDPR (2016/679). In addition, you may follow other administrative procedures to appeal against a decision made by a supervisory authority or seek a judicial remedy.

Office of the Data Protection Ombudsman

Street address: Lintulahdenkuja 4
Postal address: PO Box 800, FI-00531 Helsinki, Finland
Email: tietosuoja [at] om.fi
Switchboard: +358 2956 66700

Questions about data protection

Please deliver all subject access requests to the data protection officer of Tampere Universities (by email at dpo [at] tuni.fi or by post to the following address: Data Protection Officer, Tampere University, FI-33014, Tampere, Finland).

This privacy notice was updated on 14 December 2021.