Access management of the Kokkola University Centre – Privacy notice

This privacy notice applies to the access management of the Kokkola University Centre.

Published

23.8.2023

What should you know about the processing of your personal data?

The Ģ��ֱ�� collects personal data about you to carry out its duties. You have rights to this data, such as the right to access the data and the right to be sure that it is stored securely and only for the necessary time. Above all, you have the right to know the following:

what information we collect about youand why,
for how long, and where we keep this information, and
to whom we share this information.

All of these points are explained in this privacy notice.

How to find the information you are looking for?

We have created this privacy notice to be as easy as possible to use and understand. That is why you will find the key points summarised under each section. If you are interested in knowing more, please follow the links in the sections or contact the data protection officer of the Ģ��ֱ��.

Contact the data protection officer

Why we process your personal data?

As part of its access rights management, the Kokkola University Consortium Chydenius keeps an up-to-date list (personal data file) of the access rights granted to Ģ��ֱ�� staff members and students and their duration.

What data we process and how long?

The data subjects are University staff members, students, pupils, guests and individuals using the University’s information system services as members of other stakeholders of the University. The data directly entered in the access management system is used as the information source. The register contains the name, user ID and (in a number of cases) the email address of the data subject.

The data and resources of the data subjects are retained for 12 months from the expiry of the validity.

None of the personal data is archived.

What rights you have and how to exercise them?

You have the following rights:

Right to access your data.
Right to have any incorrect information corrected.
Right to have your data erased (right to be forgotten), in certain situations.
Right to restrict processing.
Right to have the responsible unit inform the party to which your data is disclosed of your data being corrected, erased, or the processing being restricted.
Right to object processing, e.g. direct marketing.
Right to have your data transferred from one system to another, when processing is based on an agreement or your consent.
Right to be notified of any information security breaches resulting in a high risk.
Right to file a complaint with the supervisory authority.
Right to withdraw consent

You can exercise your rights by sending a request to the university's Registry Office. You can use the form on the Registry Office's website or send your request informally. Keep in mind that withdrawing your consent doesn’t change the processing that happened before the withdrawal.

Get to know your rights

Use the form of the Registry Office

Send an informal request to the Registry Office

Who can access your personal data?

The data is processed by the staff members of IT Services technical support of the Kokkola University Consortium Chydenius.

To whom we transfer your data?

No data is transferred to third parties.

No data is transferred outside the EU/EEA.

On what basis we process your personal data?

We process your personal data based on legal grounds, agreements, or your consent. If you want to dive deeper into our legal bases, such as the relevant legal provisions, you can find more information through the menu below.

Processing of the personal data is based on the general and legitimate interests of the University (Articles 6(1)(e) and 6(1)(f) of the General Data Protection Regulation), under which the University has the right to identify, prevent and investigate malfunctions and intentional and non-intentional data protection incidents occurring in its information systems so that the continuation of the University’s operations can be ensured and any damage avoided and repaired. The University also has the right to supervise the use of the information systems containing personal data and other confidential information, access to the data, and the addition, editing and removal of the data. Such supervision and access rights measures are also essential to safeguard the rights and legal protection of the data subjects, and to ensure compliance with good data processing practices. The processing may also be based on the meeting of a legal obligation (Article 6(1)(c) of the General Data Protection Regulation). When processing personal data, the controller must implement sufficient technical measures to protect the personal data (Article 24 of the General Data Protection Regulation). With user access management, the controller is also able to meet its obligation to ensure appropriate accessibility, usability and protection of the information systems and the data contained in them, their integrity, and the other factors impacting the quality of the data (section 18 of the Act on the Openness of Government Activities (621/1999)).

The University has pledged to collect and process your personal data in a fair and transparent manner in accordance with the legislation on the processing of personal data. The manner in which the University administers your personal data in compliance with data protection regulations is described in this privacy notice.

How to contact us?

If you want more information about the processing of your personal data, do not hesitate to contact our data protection officer via email or phone (+358 40 805 3297).

Contact our data protection officer

Below you find the contact information of the responsible unit. If you wish, you can directly contact the responsible unit instead of the data protection officer.

If you want to exercise your rights (withdraw your consent for example) you can contact the Registry Office by email:

Send a request to the Registry Office

Ģ��ֱ��