Data protection refers to the protection of a person’s privacy, for example, when processing personal data. The activities of the University require the collection and storage of personal data concerning members of staff and students. Data protection is a concern that must be taken into account in all of the University’s work.
Processing of personal data at the University of Lapland
The University of Lapland processes personal data in carrying out its mission under the Universities Act. It processes personal data of students, staff and members of stakeholder groups as well as research data, which may contain personal data. Data relating to alumni, marketing, clients and partners are processed in keeping with what is required or allowed by agreements, the consent of data subjects, legitimate interest or statutory duties. Personal data are processed to carry out work-related responsibilities, to enable students to pursue their studies, to keep user access up to date and to maintain information security. Providing appropriate tools for the university community is an essential aspect of the tasks and responsibilities of the University.
The University of Lapland processes all personal data in accordance with the relevant legislation, regulations and agreements.
The University acts in the capacity of controller in the processing of personal data and is responsible for the processing of such data when a service that processes personal data has been purchased from a service provider or the data processing has been outsourced.
Notification of data subjects
These web pages will be updated with records containing details of the different stores of personal data (filing systems): content of the personal data, purpose of processing, principles of storage and processing, duration of storage, responsible persons and contact persons, sources of data, any disclosures or transfers of data, the principles governing protection of the data, and the rights of the data subject with respect to the processing of data concerning him/her.
The University may use service providers in the storage and processing of personal data. It will conclude the necessary contracts with them in order to ensure data protection. If the service provider processes data outside of the EU or EEA, the record posted will make note of this fact.
Rights of data subjects
Data subjects always have the right to request access to data concerning them from the controller. They also have the right to request rectification or erasure of such data or to restrict or object to its processing. The right to erase data does not extend to personal data which the University processes as part of a statutory duty, in the public interest or which it has an obligation to store for some other reason.
Requests submitted to the controller asking to review, rectify and erase data are made using the adjacent forms.
If you wish to review the data concerning you or request the rectification or erasure of data, please fill out the appropriate form and return it to the University registry, to the service desks in the Library or to the ICT service desk. When you return the form, you will be asked to produce identification. The service desks will forward the request to the Registry.
In principle data subjects have the right not to be subject to a decision which is based solely on automated processing. The processing of personal data at the University does not make use of automated decisions based on personal data.
If data subjects wish to restrict or object to the processing of data concerning them, they are requested to contact the Data Protection Officer, whose contact details are given above.
Data subjects might have the right to transmit the data concerning them from one controller to another (data portability) where the conditions for doing so are met.
Data subjects have the right to lodge complaints with a supervisory authority. The contact information for the supervisory authority within the meaning of the Regulation, as well as instructions for drawing up a complaint, will be posted on this page when they become available.
Technical and organizational security measures
Personal data are protected as part of the ordinary information security procedures at the University. All of the data processing in the organization is based on user rights, which depend on a person’s role and position at the University. The validity of user rights is checked daily.
The ICT systems and services at the University are protected from unauthorised access in keeping with the best practices in the field. Their functionality has been ensured to the necessary degree and lifespan management is in order.
A cookie is a small text file which your browser saves on your device (e.g. computer, tablet or smartphone). The file contains an anonymous, unique identifier that makes it possible for us to identify and count the different browsers that visit our website and to tell whether you visit our site a number of times using the same device and browser. More information >