1. Registrar | CSC - Finnish IT Сentre for Science Ltd Business ID: 0920632-0 (hereinafter referred to as "we" or "CSC") |
---|---|
2. Contact person for register-related matters | CSC Service Desk Data Protection Officer |
3. Name of register | User register of Eduuni services |
4. What are the legal bases and purpose for processing personal data? | The basis for processing personal data is CSC's entitlement based on Eduuni, Tiimeri and Eduuni Cloud service production and user management. The purpose of processing the personal data is to:
|
5. What data do we process? | The user register holds and processes the following personal data of registered persons:
The personal data marked with an asterisk is data that is required for establishing a contract relationship and/or a customer relationship. Without this necessary personal data, we are unable to provide products and/or services. |
6. Where do we get the data from? | We acquire data primarily from the following sources
|
7. To whom do we hand over and transfer the data, and do we transfer the data outside of the EU or EEA? | Eduuni-ID, Eduuni-workspaces, Eduuni-wiki, Eduuni Jira We hand over data to services that use Eduuni-ID as identity management. Personal data is handed over at the time of sign in, service implementation and changes. It can be data subject's basic details and group memberships information in Eduuni and Tiimeri services. The service using the Eduuni ID, which is the customer's responsibility, may be located outside the EU/EEA area. Eduuni Cloud Personal data is mainly processed in the EU/EEA area. We do not transfer data outside the EEA, but the service provider Microsoft can process data outside the EEA in limited cases. Transfers of personal data are based on the adequacy decision (GDPR art. 45) for United States, i.e. Microsoft is certified to the Data Privacy Framework between the EU and the United States: https://www.dataprivacyframework.gov/list. |
8. How do we protect the data and how long do we hold it for? | The only persons authorised to use the systems containing personal data are those employees of our company who have the right to process customer data on the basis of the work they carry out. Each user has their own user ID and password for the systems. The data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and backups of these databases are located in locked facilities and only previously selected individuals have access to this data. We store the personal data for as long as it is needed for the purposes for which it was acquired. We store the personal data as long as the user's Eduuni ID or Eduuni Cloud Account is active. If the user's Eduuni ID or Eduuni Cloud Account expires or if the user requests to delete it, the personal data will be deleted without undue delay. Depending on the log, personal data will be removed from the security and technical logs within 6-24 months. We regularly assess the need for storing data, taking into account the applicable legislation. In addition, we take reasonable measures to ensure that the personal data about registered persons stored in the register is not contradictory to the data processing purposes, out-of-date or inaccurate. Where such data is identified, it is either corrected or destroyed without undue delay. Personal data is protected in accordance with the Code of Conduct for Service Providers (v1, v2). The Code of Conduct for Service Providers is a general standard for the research and higher education sector to protect privacy. |
9. What are your rights as a data subject? | As a data subject, you have the right to inspect the data about yourself that has been saved into the user register and to demand the correction of inaccurate data or its removal, provided that there is a legal justification for its removal. You can correct yourself the personal data you have given or request for its removal. Contact your sign in method if you need to correct the data provided by your sign in method. As a data subject, you have the right under the General Data Protection Regulation (as of 25.5.2018) to oppose the collection of your data or to request that it be restricted and to make a complaint about the processing of personal data to the supervisory authority. |
10. Who should I contact? | All enquiries and requests regarding this privacy policy should be made in writing or in person to the contact person specified in section two (2). |
11. When do we use cookies in our services? | According to Information Society Code (917/2014) cookies are used in Eduuni and Tiimeri services in such way that it do not violate your privacy. Cookies are used in Eduuni, Tiimeri and Eduuni Cloud services for
Preventing the use of cookies prevents you from signing in to Eduuni and Tiimeri services. |
12. Changes to privacy policy | If we make changes to this policy, we will make these accessible by updating this privacy policy document. If the changes are significant, we may inform people about these changes in some other way, such as by email or by publishing a notification on our webpage. We recommend that you visit our webpage regularly and pay attention to any changes to this privacy policy. |
Overview
Content Tools