Why is your personal data collected and what is the legal basis for processing?
Higher education institutions and state research institutes can use the JUSTUS - Publication Information Reporting Service (hereinafter JUSTUS service) to report data from their scientific research publications to the annual publication data collection of the Ministry of Education and Culture. The data is used as a basis for monitoring and steering the development of the research structure of higher education institutions and as allocation criteria of basic funding for universities and universities of applied sciences. The purpose of the publication data collection is also to provide a knowledge base on the functioning and societal impact of the Finnish research system.
The data of the JUSTUS service is public, and you can browse it in the Research.fi service. Its purpose is to improve the visibility and accessibility of research produced in Finland. Those who made a significant contribution to the research publication must be mentioned in the list of authors.
The JUSTUS service also allows the user to parallel record their publication in the publication archive used by the higher education institution or research institute, which makes publications more openly accessible.
The organization that published the research publication has the right to process, disclose and publish public data from the publication. The data reported by the organizations is used for the annual publication data collection of the Ministry of Education and Culture. The obligation of universities to provide the Ministry of Education and Culture with the data necessary for the evaluation, development, statistics and other supervision and steering of education and research is based on section 51 of the Universities Act. The obligation of universities of applied sciences to provide similar information is included in section 45 of the Universities of Applied Sciences Act. The processing of your personal data is based on article 6 (1e) of the EU’s General Data Protection Regulation. The processing is necessary for the performance of a task of public interest. For research institutes, the collection of publication data is based on a decision made by the research institutes to participate in the Ministry of Education and Culture’s publication data collection.
Which of your personal data is collected?
Data on publications’ authors is collected in accordance with the instructions of the Ministry of Education and Culture. Data recorded on authors includes:
- First and last name
- Organization
- Organization’s sub-unit code
- ORCID researcher identifier (not mandatory)
Data recorded on the user of the service, i.e., the person recording the publication:
- First and last name
- Organization
- Email address
- Unique identifier (uid attribute of Eduuni-ID)
- Log data on the use of the service
Customer organizations of the JUSTUS service can also transfer their personnel data from their systems to JUSTUS, which can be used to complement the author data of publications. Administrators of customer organizations can transfer the following data of the person making publications on the service:
- First and last name
- Organization-specific identifier
- Organization’s sub-unit code
- ORCID researcher identifier
Where is your data collected?
Your data can be obtained either from yourself or from the organization that recorded the research publication.
Who has access to your data and to whom is it disclosed or transferred?
In the JUSTUS service, customer organizations decide on the disclosure of publication data from the JUSTUS service to the VIRTA Publication Information Service, through which the data is transferred as part of the annual publication data collection of the Ministry of Education and Culture to the Research.fi service. Based on the organizations’ commissions, data can also be disclosed to other systems. The data processing procedures of the VIRTA Publication Information Service are described separately on VIRTA’s wiki pages (Description of data processing in the VIRTA Publication Information Service, available in Finnish).
The rights to save and edit personal data related to publications on the JUSTUS service are granted to administrators named by the organizations that have joined the service.
CSC - IT Center for Science Ltd and its subcontractors are the personal data processors.
How can you see your personal data?
The data on publications and their authors is visible at the Research.fi service.
Will your personal data be transferred outside the EU/EEA?
Your personal data is not disclosed outside the EU or the EEA.
How long will your data be stored?
Personal data related to publications will be stored for an indefinite period of time. Processing log data concerning publication data is stored for five years from the end of the processing year, and processing log data on author data (available in Finnish) is stored for six months from the end of the processing month.
What kind of rights do you have as a data subject?
As a data subject, you have
- the right to receive information on the processing of personal data
- the right of access to data
- the right to rectify data
- the right to restrict the processing of data
- the notification obligation regarding the rectification of personal data or restriction of processing
- the right to object to the processing of data
- the right not to be subject to automatic decision-making without a legal justification
- the right to lodge a complaint with the supervisory authority, contact information: https://tietosuoja.fi/en/contact-information
Who can you ask about your data processing and rights?
The organization that saved the publication data is the controller of personal data related to its publications. In order to obtain additional information and to exercise your rights, you must contact the controller. You can check the contact information of your organization at https://wiki.eduuni.fi/x/AqpCAw (available in Finnish).
General description of the technical and administrative safety measures
The JUSTUS Publication Information Reporting Service and the Research.fi service protect personal data by appropriate technical and administrative measures against unauthorized or illegal processing and damage to or loss of personal data. These measures include the use of firewalls, encryption technology and equipment rooms, appropriate access control, controlled granting of access rights and monitoring their use, instructions for personnel involved in the processing of personal data and careful selection of those handling the data.