Privacy notice – Juniversity
The University of Tampere and Tampere University of Technology were merged on 1 January 2019 to create the new Tampere University. Together the new Tampere University (Tampere University Foundation sr) and Tampere University of Applied Sciences Ltd comprise Tampere Universities.
Why we process personal data
Tampere University’s Juniversity is a university for children and young people. We process personal data to develop, coordinate and provide scientific activities to children and youth and to offer related support to teachers and educators.
Events, clubs, camps and courses
We process personal data provided by data subjects during event registration to manage the practical event arrangements. Here the lawful basis for processing is consent.
Juniversity coordinates the awards granted by Tampere Technical Society. Awards are granted to children and youth based on recommendations provided by schools. Juniversity collects the contact details of recipients and their parents/guardians as well as the recipients’ bank account numbers from the schools. This data is forwarded to Tampere Technical Society which pays the monetary awards directly to the recipients or their parents/guardians. Here the lawful basis for processing is the legitimate interests of the data controller or a third party.
By providing their contact information and bank account number, the recipients or their parents/guardians enable Tampere Technical Society to pay the monetary awards. By collecting and disclosing the required information to Tampere Technical Society, Juniversity contributes to encouraging and motivating pupils.
Building, maintaining and developing collaborative networks
Collecting information about persons who belong to collaborative networks and the organisations they represent is necessary for maintaining collaborative networks, delivering contest prizes and for communication purposes. The lawful basis for processing is the data controller’s legitimate interests.
Communicating about Juniversity’s activities
Juniversity provides information about its activities and upcoming events on a regular basis. Personal data relating to Juniversity’s communications is primarily processed based on the data controller’s legitimate interests. By providing their contact information, data subjects agree to receive up to date information about Juniversity’s activities.
If contact information is to be used for direct marketing purposes (such as to market paid services or events) data subjects’ prior consent will always be required. Data subjects can withdraw this consent at any time by sending an email to juniversity [at] tuni.fi. Subscribers can cancel their newsletter subscription by clicking on a link included in each newsletter.
Processing for statistical purposes
Juniversity collects statistical data to monitor the achievement of its goals and the impact of its activities. Personal data is therefore processed for statistical purposes in the public interest. Personal data pertaining to Juniversity’s activities will be anonymised, if possible, to prevent the identification of individual data subjects.
Lawful basis for processing personal data
- Data subjects have provided their consent for processing their personal data as set out in the EU’s General Data Protection Regulation (GDPR; article 1, paragraph 1a).
- Processing is necessary for the performance of a contract to which a data subject is a party or to take measures on behalf of a data subject prior to signing such contract as set out in the EU’s General Data Protection Regulation (GDPR; article 1, paragraph 1b).
- Processing is necessary to comply with a legal obligation to which the data controller is subject as set out in the EU’s General Data Protection Regulation (GDPR; article 1, paragraph 1c).
- Processing is necessary to perform a task carried out in the public interest or in the exercise of official authority as set out in the EU’s General Data Protection Regulation (GDPR; article 1, paragraph 1e).
- Processing is necessary for the purposes of the data controller’s legitimate interests as set out in the EU’s General Data Protection Regulation (GDPR; article 1, paragraph 1f).
- The EU’s General Data Protection Regulation (GDPR, EU 2016/679)
- Data Protection Act (1050/2018)
- Universities Act (558/2009)
The types of personal data we process
Registration for events, clubs, camps and courses:
- name and contact information (address, email address, phone number)
- date of birth and age
- school and grade
- dietary restrictions and allergies
- information about possible photography consent
- information about the participant (minor)
- name and contact information of parent/guardian (address, email address, phone number)
- consent to a minor’s participation
- information about possible photography consent.
- recipient’s name, school and grade
- grades relating to the award
- payment information (such as bank account number).
- organisers of group visits (teachers): teacher’s name, email address and phone number, school, group size, grade
- contact persons of collaboration networks and educational institutions: name, address, email address, phone number, organisation and job title
- club, camp and course instructors: employees: name, phone number, email address, certificates of good conduct (date when the certificate was presented), staff number, courses, bank details, information about fees and taxes, bank account number. Non-employees: name, address, personal identity number, nationality, phone number, email address, bank details, information about fees and taxes, bank account number.
- newsletter subscribers: name and email address.
- name, email address, phone number
- loan period and equipment on loan.
- Tampere University’s Communications unit maintains an image bank where photography consent forms are stored.
How we collect personal data
We collect personal data from data subjects and their parents/guardians. Personal data about staff working in educational establishments is collected from publicly accessible sources. Data about individuals who participate in the LUMA2020 project https://2020.luma.fi/ and the StarT programme is collected from joint records maintained by the University of Helsinki.
How we process your personal data
Your personal data stored in our information systems will only be processed for the purposes for which the data were initially collected.
Personal data may also be used for statistical and research purposes. As a rule, personal data that is used for statistical or research purposes is anonymised so that individuals cannot be identified. All personal data will be stored in compliance with data protection requirements.
How long we retain your personal data
Personal data relating to Juniversity’s activities and events will only be stored for as long as is necessary but in no event longer than two years.
Personal data relating to Juniversity’s communications will be stored for as long as necessary to maintain the related customer relationships. The personal data stored in Juniversity’s records is actively reviewed and unnecessary data is deleted. Personal data will also be deleted upon data subjects’ request.
Who we may share your data with
We do not share personal data.
The LUMA Centre Finland is a consortium that comprises 11 Finnish universities and is coordinated by the University Helsinki. Visit the LUMA Centre Finland’s website at: https://www.luma.fi/en/
Tampere University may engage external data processors, such as companies that provide system services and process personal data on behalf of Tampere University under a data processing agreement. This does not constitute the transfer of personal data as the data controller remains legally responsible for the processing of personal data.
Transfer of personal data outside of the EU/EEA
As set out in the data protection policy of Tampere Universities, we are committed to taking special data protection measures in the event that personal data is transferred outside of the EU or the European Economic Area (EEA) to countries that are not covered by the GDPR.
Any transfers of personal data outside of the EU/EEA will be managed in strict compliance with the GDPR and legal requirements.
Rights of data subjects
Right of access (GDPR, Article 15)
You have the right to know what personal data we process and hold about you. Many of the University-provided information systems allow you to view the data that we have stored about you when you are logged in.
Right to rectification (Article 16)
You have the right to have any incorrect, inaccurate or incomplete personal details that we hold about you revised or supplemented without undue delay. You are also entitled to have any unnecessary personal data erased from our records.
Right to be forgotten (Article 17)
In certain circumstances, you have the right to have your personal data erased from our records. The right to erasure does not apply, if the processing is necessary for us to comply with our legal obligations or perform tasks carried out in the exercise of official authority.
Right to restrict processing (Article 18)
In certain circumstances, you have the right to request us to restrict processing your personal data until the accuracy of your data, or the lawful basis for processing your data, has been appropriately reviewed and potentially revised or supplemented.
Right to data portability (Article 20)
You have the right to obtain a copy of the personal data that you have submitted to the higher education institution in a commonly used, machine-readable format and transfer the data to another data controller. This right applies to situations where data is processed automatically on the basis of consent or contract.
This means that the right to data portability does not apply to data processing that is necessary for the performance of a task carried out in the public interest or to fulfil legal obligations imposed on the data controller. Consequently, this right does not generally apply to the University’s personal data registers.
Right to object (Article 21)
You may at any time object to the processing of your personal data for special personal reasons, if the basis for processing is a task carried out in the public interest, the exercise of official authority, or the University’s legitimate interests. After receiving such a request, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing your data.
Right to lodge a complaint with a supervisory authority (Article 77)
You have the right to lodge a complaint with a supervisory authority, if you consider that the processing of your personal data violates the provisions of the GDPR (2016/679). In addition, you may follow other administrative procedures to appeal against a decision made by a supervisory authority or seek a judicial remedy.
Office of the Data Protection Ombudsman
Street address: Lintulahdenkuja 4
Postal address: PO Box 800, FI-00531 Helsinki, Finland
Email: tietosuoja [at] om.fi
Switchboard: +358 2956 66700
Questions about data protection
You can view the personal data we hold about you by logging into many of the information systems owned or maintained by Tampere Universities. If the personal data we hold about you is incorrect, please request a correction by contacting Juniversity at juniversity [at] tuni.fi.
Please deliver all subject access requests to the data protection officer of Tampere Universities (by email at dpo [at] tuni.fi or by post to the following address: Data Protection Officer, Tampere University, FI-33014, Tampere, Finland).
This privacy notice was updated on 8 December 2021.