This is a privacy and data protection statement in accordance with the EU General Data Protection Regulation (GDPR).
Name of the register
University of Helsinki Customer Data Register
University of Helsinki
Person responsible for the register
Mirjami Tran, Researcher
Purpose of the register
The purpose of the register is to serve as a customer information register for the University of Helsinki.
The data may be used for the following purposes
- Customer relationship management
- Regular data sources
The main source of data is the customer himself. Data may also be obtained from official and company registers and from joint partners.
Data content of the register
The register mainly contains data provided by the customers themselves to the University of Helsinki.
The register may contain, for example, the following customer data
- Name of the person
- E-mail address
- And other information provided by the user
- Regular disclosures of data
With the customer’s consent, data may be disclosed to joint partners of the customer and the University of Helsinki for the purpose of supplying products and services ordered by the customer.
Data related to billing may be disclosed to payment intermediaries.
The data will not be disclosed to other third parties inside or outside the EU.
Data may be disclosed to public authorities if they make a request based on Finnish law.
Principles of register protection
No physical copies of the data are kept, except for the records, which are accessible only to designated University of Helsinki employees and the accountant, who are bound by confidentiality obligations.
Data stored in information management systems
Data is transferred over an SSL-secured connection.
Electronic data is protected by a firewall. Only designated University of Helsinki employees have access to the register data. Employees are identified by username and password. The information is treated as confidential and may not be disclosed to persons other than those who need it for their work and who are bound by confidentiality obligations.
Right of access and refusal
The data subject has the right to check what data relating to him or her have been recorded in the personal data file. A written request for inspection must be signed and sent to the person responsible for the register.
The right of inspection is free of charge and is exercised no more than once a year.
Data retention period
We only keep personal data for the period necessary for the type of personal data and the purpose for which they are processed.
Your web browser may refuse or delete cookies. However, it will affect our ability to provide you with personalised, high quality online services.