Partners without an employment relationship – Privacy notice

This privacy notice applies to all partners without an employment relationship

Published

23.8.2023

What should you know about the processing of your personal data?

The Ģ��ֱ�� collects personal data about you to carry out its duties. You have rights to this data, such as the right to access the data and the right to be sure that it is stored securely and only for the necessary time. Above all, you have the right to know the following:

what information we collect about youand why,
for how long, and where we keep this information, and
to whom we share this information.

All of these points are explained in this privacy notice.

How to find the information you are looking for?

We have created this privacy notice to be as easy as possible to use and understand. That is why you will find the key points summarised under each section. If you are interested in knowing more, please follow the links in the sections or contact the data protection officer of the Ģ��ֱ��.

Contact the data protection officer

Why we process your personal data?

There is a large group of people working in co-operation with and/or using the facilities of the Ģ��ֱ�� but not being in an employment relationship with the University. These people (hereinafter: non-employees ) include, for instance, commissioned personnel, those working on a grant, unpaid interns, those doing their non-military service, external instructors and visitors, external commuters, docents, emeritus/emerita professors, and individual customers and service providers.

The purpose of processing the personal data of non-employees at the Ģ��ֱ�� is to handle the various legal and contractual affairs related to them.

Survey data for the agent cooperation of the Ģ��ֱ��, personal data of references is also collected (contact details)

What data we process and how long?

The personal data we collect includes, for example, payments of commissions, grants and invoiced travel costs and other expenses, invoicing and related monitoring and statistics. Personal data are processed for as long as the handling of the affairs of non-employees of the University so requires. Archiving takes place according to the University’s data management plan and guidelines for archive times. Some data are archived in the Registry Office of the Ģ��ֱ�� and some data is entered into the electronic archiving system with identification information. To get more information about what personal data we collect and how long we keep certain information, check the sections below.

The collected and saved personal data consist of e.g. the following pieces of information:

Basic personal data, such as name, date of birth, contact information, organisation, personal identification code (only when necessary for dealing with the issue)
Information related to payment procedures
Travel management information
Information related to access control
Information on facility management
survey of fellowship researchers and interview replies
A survey and interviews to develop the wellbeing services for JYUs grant researches (2021). General and background information on grant researchers and their everyday life, as well as factors affecting their wellbeing, are collected as a one-off basis (2021) for a service design project.
The data subject may be asked for a separate permission to make recordings for teaching, research or other uses. The storage period for these recordings is agreed separately.
Sanctions screening (legal obligation) which are based on identity, nationality, domicile, or address
Where do we get the personal data from? Sanction lists (held by international organisations such as the EU and UN as well as national organisations such as Office of Foreign Assets Control (OFAC), registers held by credit-rating agencies and other commercial information providers providing information on e.g. beneficial owners and politically exposed persons. From the person him-/herself or from organization to which a person is connected in a manner relevant to sanctions.
Surveys on the use of university provided facilities (e.g. facilities allocated by the faculty for use by scholarship researchers), the retention period of responses is determined on a case-by-case basis (mentioned in the request for response).
Data processed in the workstation reservation system (Asio): Basic personal data such as name, contact details, organisational data, retention period 1 year

Storage times according to the Archive Formation Plan (forthcoming data management plan) e.g. for the data items listed below are as follows:

Commission invoices 10 years
Grant notifications, applications and payments 10 years
Grant decisions, kept permanently
Emerita, emeritus and grant researcher contracts 10 years
Internship data 5 years
Tax card, kept for the term of validity
Medical certificates 1 year (for those doing their non-military service, 6 months)
Working time control and access control reports 10 years
Salary calculations 50 years
Purchase, sales and travel cost claims 20 years
A survey to develop the wellbeing services for JYU's grant researchers. The collected data will be deleted no later than 12/2022.

Survey data about agent cooperation for the Ģ��ֱ��, personal data of references (contact details) are kept for a maximum of one year but are destroyed earlier if there is no need for the data.

What rights you have and how to exercise them?

You have the following rights:

Right to access your data.
Right to have any incorrect information corrected.
Right to have your data erased (right to be forgotten), in certain situations.
Right to restrict processing.
Right to have the responsible unit inform the party to which your data is disclosed of your data being corrected, erased, or the processing being restricted.
Right to object processing, e.g. direct marketing.
Right to have your data transferred from one system to another, when processing is based on an agreement or your consent.
Right to be notified of any information security breaches resulting in a high risk.
Right to file a complaint with the supervisory authority.

You can exercise your rights by sending a request to the university's Registry Office. You can use the form on the Registry Office's website or send your request informally. Keep in mind that withdrawing your consent doesn’t change the processing that happened before the withdrawal.

Get to know your rights

Use the form of the Registry Office

Send an informal request to the Registry Office

Who can access your personal data?

Your personal data may be processed only by persons whose work tasks require it. Access to your personal data is protected by the means of user IDs and passwords as well by appropriate user profiles within secured data transfers and online systems. Paper records and printouts are stored in locked facilities and cabinets.

Also, the service providers we use can access your personal data in their role as data processors. However, these providers do not actively process your personal data, but they have access to it for maintenance reasons.

The data controller is responsible for the processing of personal data also when such processing has been outsourced to a data processor as referred to in the GDPR. The Ģ��ֱ�� has outsourced salary accounting, including the payment of commissions and grants, as well as invoice reception and payments to be handled by the University Service Centre Certia Oy. In addition, the respective providers of the access control, facility management and facility service request systems - Prevent 360 Turvallisuuspalvelut Oy, Rapal Oy, and Buildercom Oy – have access to the data in order to organise relevant technical maintenance. Necessary data processing agreements have been signed with the system providers. The form and scope of these agreements vary depending on the particular personal data and the extent of processing concerned

Learn more about data processors

To whom we transfer your data?

Personal data are transferred within the University

to the travel management system and the service provider register,
to the access control system,
to the user and identity management system,
to the facility management system
to the system for facility service requests.

The staff has received instructions for the processing of personal data and is trained to recognise and prevent risks that threaten register data.

The personal data described in this privacy notice are transferred to the University’s database. The database is used for statistics and for responding to requests for the delivery of personal data.

Survey and interviews to develop the wellbeing services for JYU's grant researchers (2021). Data from the survey and complementary interviews come purely for the use of the Welfare Services Development Project for grant researchers and is not published. Data is used as a so-called raw material for the development of welfare service/services. Staff services are responsible for the project and the collection of data.

Data warehouse of the Ģ��ֱ��

The Ģ��ֱ�� will deliver your personal data only to such bodies that have a legal right to get these data for a purpose stipulated in legislation, or to whom it is necessary to deliver the data, or to whom the data can be delivered at the data subject’s consent.

Find more information about the transfer of your personal data outside the university below.

Personal data are delivered to outside the University

to the indemnity insurance company,
to tax administration,
to banks,
to the occupational health services,
to KELA (the Social insurance institution of Finland),
to MELA (social security institution for farmers),
to the Economic Development Centre,
to the travel agency,
to the Finnish Immigration Service,
to the Centre for Non-military Service,
to project financers,
to accountants,
to authorities, and
to the debt collection agency.

Survey data about agent cooperation for the Ģ��ֱ�� and personal data of references (contact details). We may disclose agent data to the named reference to check the information received from the agent.

The personal data are not transferred outside the EU/EEA area.

On what basis we process your personal data?

We process your personal data based on legal grounds, agreements, or your consent. If you want to dive deeper into our legal bases, such as the relevant legal provisions, you can find more information through the menu below.

The lawful basis for processing:

In accordance with the EU General Data Protection Regulation (GDPR), Article 6 Section 1c, processing is necessary to fulfil a legal obligation of the data controller.

Further, according to Section 1b, processing is necessary to implement an agreement involving the data subject, or to carry out relevant measures preceding the agreement as requested by the data subject.

In line with Section 1f, processing is necessary to implement justified interests of the data controller or a third party, except for cases where the data subject’s interests or basic rights and freedoms calling for protection of the personal data replace such interests. A justified interest is concerned when there is a significant and appropriate relationship between the data subject and the data controller, like when the data subject is at the data controller’s service (a survey to develop the wellbeing services for JYU's grant researchers).

GDPR, Article 6, Section 1a: The data subject has given consent to processing.

GDPR, Article 6, Section 1d: Processing is necessary to protect the data subject’s vital interests. A vital interest can occur exceptionally as a justification of processing, for example, in a case where a person gets injured in the University’s facilities and his/her personal data are disclosed to health care staff.

How to contact us?

If you want more information about the processing of your personal data, do not hesitate to contact our data protection officer via email or phone (+358 40 805 3297).

Contact our data protection officer

Below you find the contact information of each unit. If you wish, you can directly contact the appropriate unit instead of the data protection officer.

If you want to exercise your rights (withdraw your consent for example) you can contact the Registry Office by email:

Send a request to the Registry Office

Ģ��ֱ��