Privacy Notice - Call recording at Tampere Universities

1. Data controller

The Data Controller responsible for processing personal data collected in the context of call recording at Tampere University is Tampere University:

Tampere University (Tampere University Foundation sr)
Kalevantie 4, 33100 Tampere
Business ID 2844561-8

Switchboard: +358 294 5211

The Data Controller responsible for processing personal data collected in the context of call recording at Tampere University of Applied Sciences is Tampe-re University of Applied Sciences:

Tampere University of Applied Sciences Ltd
Kuntokatu 3 FI-33520 Tampere, Finland
Business ID 1015428-1

Switchboard: +358 294 5222

Tampere University of Applied Sciences Ltd provides switchboard services as a centralised service across the Tampere Universities community based on an agreement signed between the parties.

2. Contact person

Saana Raatikainen
Tel. +358 401901459
Email: tila-helpdesk [at] tuni.fi 

3. Data Protection Officer

Data Protection Officer of Tampere Universities
Email: dpo [at] tuni.fi
Postal address: Data Protection Officer, FI-33014 Tampere University, Finland

4. Purpose of processing personal data and the lawful basis for processing

The Data Controller’s switchboard routes calls that are made or diverted back to the switchboard to staff at Tampere Universities. 

Calls made or diverted back to the switchboard will be recorded to help develop and maintain the quality of switchboard services and to detect, prevent and investigate misuse and technical problems. The recording will begin only after a message informing the caller that the call will be recorded has been played.

The switchboard provides services to the customers of Tampere Universities and therefore influences the experiences of the customers of Tampere University of Applied Sciences and Tampere University. Switchboard services are assessed and developed in response to customer feedback. To process feedback pertaining to a specific call, we will utilise the recording of that call. The recording allows us to connect the feedback to the correct call, address issues with service delivery and develop our switchboard services.

The purpose of call recording is to enable the processing of feedback. We may review a call recording later if feedback is provided on our switchboard services and the processing of this feedback must be carried out in cooperation with the switchboard operator who answered the call. The lawful basis for processing personal data is the legitimate interests of the Data Controller (the EU’s General Data Protection Regulation 2016/679 Article 6.1(f).

5. Contents

Basic information about calls, such as:

• call type (incoming call or a diverted call)
• date and time
• caller’s phone number
• wait time and response time
• duration of call (when the call ends or is routed to the correct destination)

Information about the service, such as: 

• possible name and contact information of the caller
• purpose of call
• name and identifier of the switchboard operator who answered the call
• information about the appropriate recipient of the call (such as phone number)

Other information included in the recording or provided by the caller during the call.

6. Sources of information

The personal data collected in the context of call recording will primarily be provided by the data subjects (callers) themselves.

When a person calls the switchboard number or a call is diverted back to the switchboard, the basic information listed above (such as the date and time of the call, the caller’s phone number, wait time, and the time when the call ends or is routed to the correct destination) will be automatically stored.  

The call recording will include other information provided by the caller during the call. The recording will begin only after a message informing the caller that the call will be recorded has been played.

7. Disclosures and recipients of data

The personal data stored in the context of call recording will not be regularly disclosed to any third parties. However, data may be disclosed if such disclosure is required for the Data Controller to fulfil its legal obligations or comply with an order issued by the public authorities.

The Data Controller has signed a contract to outsource processing activities. Tampere University of Applied Sciences Ltd provides switchboard services as a centralised service across the Tampere Universities community based on an agreement. The parties have signed a data processing agreement as set out in the EU’s General Data Protection Regulation (2016/679).

The provider of switchboard services is Elisa Oyj. Call recordings are managed by Eniro, which has signed an agreement with Elisa Oyj. The service provider has signed a data processing agreement as set out in the EU’s General Data Protection Regulation (2016/679).

8. Transfer of data outside the EU or the EEA

Data stored in the register will not be transferred to a country or an internation-al organisation located outside the EU or the EEA.

9. Data protection principles

A manual data

Manual data, such as paper documents, will not be processed.

B electronic data

The data is protected in accordance with the service provider’s data protection policy. The provider of switchboard services is Elisa Oyj. Call recordings are managed by Eniro, which has signed an agreement with Elisa Oyj. The service provider has signed a data processing agreement as set out in the EU’s General Data Protection Regulation (2016/679).

10. Data retention period or criteria for determining the retention period

Call recordings will be stored for up to 12 months, unless it is necessary to extend the retention period of a specific recording to investigate a specific service event, malfunction or misuse. The recordings will be securely destroyed after the retention period expires.

11. Automated decision-making and profiling

Data stored in the context of call recording will not be used to carry out automated decision-making, including profiling.

12. Rights of data subjects

Unless otherwise stated in data protection legislation, data subjects have the following rights under the EU’s General Data Protection Regulation (GDPR):

• Right of access
  • Data subjects are entitled to find out what information the University holds about them or to receive confirmation that their personal data is not processed by the University.
• Right to rectification
  • Data subjects have the right to have any incorrect, inaccurate or incomplete personal details held by the University revised or supplemented without undue delay. In addition, data subjects are entitled to have any unnecessary personal data deleted from the system.
• Right to erasure
  • In exceptional circumstances, data subjects have the right to have their personal data erased from the Data Controller’s records (‘right to be forgotten’).
• Right to restrict processing
  • In certain circumstances, data subjects have the right to request the University to restrict processing their personal data until the accuracy of their data, or the basis for processing their data, has been appropriately reviewed and potentially revised or supplemented.
• Right to object
  • In certain circumstances, data subjects may at any time object to the processing of their personal data for compelling personal reasons.
• Right to lodge a complaint with a supervisory authority
  • Data subjects have the right to lodge a complaint with a supervisory authority in their permanent place of residence or place of work if they consider the processing of their personal data to violate the provisions of the GDPR (EU 2016/679). In addition, data subjects may follow other administrative procedures to appeal against a decision made by a supervisory authority or seek a judicial remedy.
    • Contact information of the national supervisory authority: Office of the Data Protection Ombudsman, PO Box 800, FI-00521 Helsinki, Finland, tietosuoja [at] om.fi

Please send all subject access requests to the contact person identified in section 2. of this privacy notice.