The EU General Data Protection Regulation, articles 13 and 14
1. Name of the register
Events of University of Turku
2. The identity and contact information of the Data Controller
University of Turku
Address: University of Turku, FI-20014 TURUN YLIOPISTO
Telephone: +358 29 450 5000 (operator)
3. Contact information of the Data Protection Officer
Further information: www.utu.fi/dpo
4. Contact information for matters regarding the use of the register
University of Turku
Molecular Plant Biology Unit
5. Purpose and legal basis for the processing of personal data
The purpose of the event-specific register is to store the contact information of persons who have registered to a University of Turku event and data related to the registration. The data collected from the data subject will be utilized in implementing the agreement that has formed through registration, especially in communication related to the event and directing individual services to the registered persons.
The legal basis for the processing of personal data is set by an agreement that is formed between the data controller and the data subject through the registration.
6. Personal data groups in this privacy notice
Personal data is collected from persons who register to an event. The collected data may vary between different events.
7. Recipients and recipient groups of personal data
- The symposium organiser (University of Turku) has instructed Aboa Events (Business ID 2327422-3) to handle the registration arrangements for the event, and Aboa Events therefore serves as the personal data processor and processes the personal data in accordance with this privacy notice.
- Lyyti Oy (Lyyti is the system supplier for the Aboa Events event management system to receive the registrations. Event-related data is stored in Lyyti).
- Registered data can be disclosed to stakeholder (for example the organisers or instructors of the programme related to the event).
8. Information on transferring data to third countries
Personal data related to the events will not be disclosed to parties outside the EU or the European economic region.
9. Retention period of personal data
Personal data and other registration data related to the event is stored in the register for a maximum of 5 years after the end of the event or training.
Personal data can be stored longer than 5 years if there is a legislative or other obligation originating from outside the University (for example, terms stated by the funder of training) which requires a longer retention period for personal data.
10. Rights of the data subject
The data subject has the right to access their personal data retained by the Data Controller, the right to rectification or erasure of data, and the right to restrict or object the processing of data, and the right to transfer the data from one controller to another.
The data subject has the right to make a complaint with the supervisory authority.
The contact person in matters regarding the rights and obligations of the data subject is the Data Protection Officer, whose contact information is listed at the beginning of the privacy notice.
11. Is there an obligation to provide personal data that is based on legislation or an agreement, or required in order to form an agreement, and does the data subject have to provide personal information, and are there any consequences for not providing said data
If the data subject does not provide required data regarding the registration to the event, the data controller cannot accept the registration of the data subject or commit to the agreement between the data controller and the data subject regarding the registration to the event.
12. Information on the source of personal data
Registered data is acquired from the data subject through their registration to the event.
13. Information on the existence of automatic decision-making, including profiling
Registered data will not be used for automatic decision-making or profiling.
14. Principles of protection of the register
The register data is stored according to the best practices, good information security and legislative regulations so that it is protected from external parties. The register is protected with user identification and passwords as well as structural and group-specific authorisation. The personal data registers can be accessed only by members of personnel who require the use of personal data for performing their work tasks. The system can be accessed only through a protected network connection.
An agreement on the terms regarding the processing of personal data, which is in accordance with the EU Data Protection Regulation, has been made with the system supplier (Lyyti Oy).
15. Further information
The use of the service creates log entries which are used for ensuring the information security of the service, developing the technology of the service, and for detecting, preventing or investigating technical faults or errors (Sections 138,141,144, and 272 of the Information Society Code (917/2014). The logs are retained for these purposes for the required time period and they will not be used for any other purposes.