Personal Data Protection Policy

Processing of personal data at Novia University of Applied Sciences

Here we describe how personal data is processed at Novia University of Applied Sciences. Novia UAS complies with the General Data Protection Regulation (GDPR) and other applicable regulation.

Novia UAS is responsible for all processing of personal data within its operations. This document describes how your personal data is processed at Novia UAS.

Novia UAS processes personal data in accordance with regulation (EU) 2016/679 of the European Parliament and of the Council, see link below. These provisions are often referred to as the General Data Protection Regulation, perhaps more known as GDPR.

1. How does Novia UAS treat personal data?

At Novia UAS, we process personal data in order to fulfill our assignment as a public authority (higher education institution), i.e. to provide first-class education and research, and collaborate with the entire society. We also do it to review and develop our operations, and to comply with the law.

All processing of personal data at Novia UAS occurs in order to promote these purposes. Processing must also have a legal basis. Only the personal data needed for a particular purpose is processed.

As an employee, a student or an external stakeholder, you can get more information in detail on how your personal data is processed from the contact persons for the registers for personal data that Novia UAS maintain, or, from your supervisor, the teacher responsible for a course, the project leader, the person responsible for the event, or other contact persons at Novia UAS. If you experience that youy have not received the information from them, you can contact the Data Protection Function at Novia UAS. Contact information can be found at the bottom of this page.

2. What personal data do Novia UAS collect?

At Novia UAS, there are various reasons for collecting personal data. The most common reasons are that you are a student, an employee, a participant in a conference/a seminar/training or another event, respondent in a survey, a job applicant, or that you have contacted or collaborated with Novia UAS for some other reason.

Most of this information will be collected directly from you. In certain cases, we also collect data from other sources such as from other public authorities.

What personal data we process depends on the information we need. The following information is often necessary:

  • Contact information such as your name, address, phone number and email address. Personal identity numbers are processed when we need to ensure your identity or to coordinate your information between systems to ensure uniform information.
  • Bank or other financial information in order to disburse a payment or send an invoice.
  • Personal data that has been collected within the framework of participation in a research study.
  • Study results or other information regarding your studies at Novia UAS.
  • Information on how you use our websites, for example cookies, which are used to improve user-friendliness.
  • Information regarding conference, training or course participation.
  • Personal data which is necessary for an employment or if you have applied for a job.

3. How is your personal data protected?

Novia UAS must ensure that all processing of personal data is protected through appropriate technological and organisational measures. The measures must ensure a security level appropriate to the risk of the processing. The security aspects must include confidentiality, integrity and availability as well as adequate technological protection. This may involve only giving those authorised access to the information, encrypting the information, storing it in specially protected locations and making a processing copy.

4. Who can access your personal data?

A lot of information at Novia UAS constitutes official documents according to the Act on the Openness of Government Activities (621/1999). It is possible that an official document, which must be provided upon request, may contain your personal data. When someone requests an official document, the data protection legislation is considered as well as the Act on the Openness of Government Activities. Personal data is not disclosed unless there is a legal basis for it.

In addition to this, your personal data may be disclosed to Novia UAS’ partners in research projects, to suppliers or other parties that need access to it due to an agreement between Novia UAS and you, if it is needed for a public interest task or legitimate interest, as part of the exercise of official authority or because of a legal obligation that Novia UAS has.

A public interest task is a task that Novia UAS must fulfill according to law, or according to decisions based on laws, but which is not directly part of Novia UAS assignment as a public authority.

When transferring personal data to another party, Novia UAS takes all legal, organisational and technological precautions necessary in order to protect your data. You will be informed if we plan to disclose information about you to other organisations.

Novia UAS will only transfer personal data to other parties if there is a legal basis for this.

5. For how long do we store your personal data?

We only store your personal data for as long as is necessary for the purpose of the processing, or as long as is required by law.

  • If, for example, you are an employee, we process your personal data for as long as we need to manage your employment conditions.
  • If you are a student, we process your personal data as long as it is needed to administrate your study conditions.
  • If you are a participant in a study, we process your personal data for as long as is necessary to ensure the quality of the research.
  • In regard to official documents, personal data is managed in accordance with national legislation on openness, processing of information, freedom of information, and archiving. In many cases, this means that your personal data may be stored in Novia UAS’ central archive in perpetuity.

6. Transfer of data to a third country

Novia UAS may transfer personal data to a third country outside the EU/EEA, primarily as part of international research projects. Novia UAS will then take all reasonable legal, organisational and technological precautions necessary to achieve an adequate security level for your personal data. You will also be informed if this should occur.

7. Rights under the General Data Protection Regulation

The GDPR gives you the following individual rights with Novia UAS:

Right of access
You have the right to be informed if Novia UAS is processing your personal data. You also have the right to a copy of the personal data that is being processed. In connection with such a request, Novia UAS also provides further information on the processing, its purpose, categories of processed personal data, expected storage time, etc. You havde the right to get the information without cost. An administrative fee may be charged if a request is clearly unjustified or unreasonable.

Right to rectification
You have the right to request that your personal data be rectified if it is incorrect. You can do this by, for example, providing correct information to the contact person for the register. Novia UAS is obligated to correct your personal data without undue delay. Novia UAS is not obligated to correct your data if it is only managed for archiving or statistical purposes.

Right to erasure (‘right to be forgotten’)
You have the right to request that your personal data be erased from Novia UAS’ registers if the personal data is no longer needed to meet the purpose for which it was collected.

There may be provisions that state that Novia UAS cannot not delete your data, for example the provisions on official documents, research and study documentation. If your personal data has been transferred to other parties, Novia UAS will take all reasonable measures to inform these parties about your request.

If Novia UAS cannot delete your data for legal reasons, we will limit the processing of your data to only include what is necessary to fulfill our obligations.

Right to restrict processing
You have the right to request that the processing of your personal data be restricted – this means that we will only process your personal data for certain specific purposes. Novia UAS will restrict processing in the following cases:

You claim that your personal data is incorrect and Novia UAS requires time to verify the accuracy of the data.
Novia UAS no longer requires the data, but you have requested that we continue to store it because you require it to exercise a legal claim.

You object to processing carried out by Novia UAS. In that case, processing is limited until it has been established whether your reasons for objecting override Novia UAS’ legitimate reasons for processing the data.
You want us to erase your personal data, but we cannot comply due to legal or equivalent mandatory bases.

Right to object to processing
In certain cases, you have the right to object to Novia UAS processing of your personal data, for example in regard to teaching or research. Novia UAS will then cease processing unless we have imperative grounds to continue with it, or if processing is necessary to exercise a legal claim.

Right to data portability
In certain cases, you have the right to receive your personal data or to have your personal data transmitted to another controller than Novia UAS. This applies when your personal data concerns you and was supplied by you, the data is processed on the basis of consent or a contract, the processing is carried out by automated means, the transfer is technically feasible, and, the rights and freedoms of others are not adversely affected by the transfer.

Right to not be subject to automated decision-making
In certain cases, you have the right not to be subject to a decision based solely on automated processing (also applies to profiling). This applies to fully automated decision-making that produces legal effects on you, except when the decision is necessary for a contract between you and the Novia UAS, or, authorised by a law, or, based on your explicit consent.

Right to be informed about a breach
You have the right to be informed about a personal data breach that is likely to result in a high risk to your rights and freedoms as a a person.

Right to whitdraw consent
When the only basis for the processing of your personal data is consent, you have the right to whitdraw your consent at any time. Withdrawal of consent does not affect processing performed before the withdrawal.

Right to lodge a complaint with the Data Protection Authority
You have the right to lodge a complaint with the Data Protection Ombudsman if you consider that the processing of your personal data violates the EU General Data Protection Regulation (EU) 2016/679.

8. Questions?

If you have questions about data protection, you can always contact the persons responsible for the registers, the person responsible for a project or a course, or the data protection offier (see below).

Contact information

Address: Dataskydd vid Åbo Akademi, Domkyrkotorget 3, 20500 Åbo

Links