JYUSign electronic signature system – Privacy notice

This privacy notice applies to the JYUSign electronic signature system of the Ģ��ֱ��.

Published

23.8.2023

What should you know about the processing of your personal data?

The Ģ��ֱ�� collects personal data about you to carry out its duties. You have rights to this data, such as the right to access the data and the right to be sure that it is stored securely and only for the necessary time. Above all, you have the right to know the following:

what information we collect about youand why,
for how long, and where we keep this information, and
to whom we share this information.

All of these points are explained in this privacy notice.

Uusi digimarkkinoinnin opintokokonaisuus on tarjolla JYU avoimessa 1.2.2023 alkaen

How to find the information you are looking for?

We have created this privacy notice to be as easy as possible to use and understand. That is why you will find the key points summarised under each section. If you are interested in knowing more, please follow the links in the sections or contact the data protection officer of the Ģ��ֱ��.

Contact the data protection officer

Why we process your personal data?

JYUSign is the University’s electronic signature system used for signing various documents related to the University’s operation. Depending on the situation, the signers can be JYU representatives on behalf of the University, representatives of other organisations on behalf of their own organization, or private persons on their own behalf. To make electronic signing possible, the personal data of the signers and those submitting signature requests are processed within the system

What data we process and how long?

The personal data we process and the time we store it varies between JYU internal and external users. To get more information, check the sections below.

Data needed for the use of the system include the person’s name, phone number, and email address. In addition , processing may involve data on the organisation that the person is representing, the person’s job title or some other title, or other such information to be recorded in the signature field.

The personal data of signature requesters and staff members regularly signing documents in the name of the University come from the existing registers of the Ģ��ֱ��. In addition, those logging in through the University’s centralised user control also use the Microsoft Authenticator application for logging. The privacy notice of Microsoft Authenticator is available in the application.

The personal data of persons from outside the University are collected from the persons themselves or from their employers.

Students’ data are received either from the University’s registers or from the students themselves.

The documents signed through the system may include personal data. The grounds for processing these personal data are determined case by case according to the type of the document (for example, in employment contracts in compliance with the privacy notice concerning JYU staff).

The data received through the University’s centralised user management are used within the system for as long as the person is in an employment relationship to the University and the use of the system belongs to the person’s work tasks.

The signers’ data that the signature requesters have added manually will be erased if the data is not used for three years. The data saved by a user will also be erased when the user’s user rights to the system expire (upon the termination of the employment contract or with changed work tasks).

Personal data related to the implementation of signatures will not be archived.

The documents signed using this system and possibly including personal data will be removed from the system after 30 days from signing. The further use and archiving of signed documents are determined by the document type. At JYU, the retention periods, places, and archiving of documents are regulated by the University’s data management plan. In most cases, the University’s documents are kept in the Registry Office.

What rights you have and how to exercise them?

You have the following rights:

Right to access your data.
Right to have any incorrect information corrected.
Right to have your data erased (right to be forgotten), in certain situations.
Right to restrict processing.
Right to have the responsible unit inform the party to which your data is disclosed of your data being corrected, erased, or the processing being restricted.
Right to object processing.
Right to have your data transferred from one system to another, when processing is based on an agreement or your consent.
Right to be notified of any information security breaches resulting in a high risk.
Right to file a complaint with the supervisory authority.

You can exercise your rights by sending a request to the university's Registry Office. You can use the form on the Registry Office's website or send your request informally.

Get to know your rights

Use the form of the Registry Office

Send an informal request to the Registry Office

Who can access your personal data?

Your personal data is handled by the persons using the JYUSign system for their work tasks.

Also, the service providers we use can access your personal data in their role as data processors. However, these providers do not actively process your personal data, but they have access to it for maintenance reasons.

Learn more about data processors

To whom we transfer your data?

The processor of personal data is the supplier of the signature system, Sarake Oy, with whom the University has signed a data processing agreement as the GDPR requires. The processor may not unnecessarily process the data controller’s personal data. In connection with the maintenance and support services included in the service contract, the processor has access to the data controller’s personal data, for example, in the context of troubleshooting.

Your data will not be transferred outside the EU/EEA area.

On what basis we process your personal data?

We process your personal data based on legal grounds, agreements, or your consent. If you want to dive deeper into our legal bases, such as the relevant legal provisions, you can find more information through the menu below.

For persons from outside the Ģ��ֱ�� as well as for students, the legal basis of processing is founded on the GDPR, Article 6, Section 1b: “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.”

For JYU staff, the legal basis of processing is founded on the GDPR, Article 6, Section 1e: “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.”

How to contact us?

If you want more information about the processing of your personal data, do not hesitate to contact our data protection officer via email or phone (+358 40 805 3297).

Contact our data protection officer

Below you find the contact information of the responsible unit. If you wish, you can directly contact the responsible unit instead of the data protection officer.

If you want to exercise your rights, you can contact the Registry Office by email:

Send a request to the Registry Office

Ģ��ֱ��