BIOVALENT database privacy notice

Published

23.8.2023

What should you know about the processing of your personal data?

The University of Jyväskylä collects personal data about you to carry out its duties. You have rights to this data, such as the right to access the data and the right to be sure that it is stored securely and only for the necessary time. Above all, you have the right to know the following:

what information we collect about youand why,
for how long, and where we keep this information, and
to whom we share this information.

All of these points are explained in this privacy notice.

How to find the information you are looking for?

We have created this privacy notice to be as easy as possible to use and understand. That is why you will find the key points summarised under each section. If you are interested in knowing more, please follow the links in the sections or contact the data protection officer of the University of Jyväskylä.

Contact the data protection officer

Why we process your personal data?

Managing the site's resources requires limiting usage. The API key provides the ability to build applications on top of the data. Registration provides a way to verify and ensure that the data license terms are followed.

Personal data is processed for the purposes of compiling usage statistics, monitoring compliance with the terms of use, and ensuring data security. Data processing may also be necessary for managing customer relationships and developing services, e.g., notifying users of changes or sending user surveys.

Personal data is obtained from the data subject themselves.

What data we process and how long?

Each query made to the BIOVALENT database is logged with the following information: the original IP address of the query, the email address associated with the API key, the complete query parameters, and the timestamp of the query. The data is stored on a server maintained by the University of Jyväskylä's digital services.

How long will personal data be processed?

The data is stored for the duration of the customer relationship. The customer relationship is considered to have ended one year after the customer has last used the service.

What rights you have and how to exercise them?

You have the following rights:

Right to access your data.
Right to have any incorrect information corrected.
Right to have your data erased (right to be forgotten), in certain situations.
Right to restrict processing.
Right to have the responsible unit inform the party to which your data is disclosed of your data being corrected, erased, or the processing being restricted.
Right to object processing, e.g. direct marketing.
Right to have your data transferred from one system to another, when processing is based on an agreement or your consent.
Right to be notified of any information security breaches resulting in a high risk.
Right to file a complaint with the supervisory authority.

The right to object to data processing

You have the right to object to the processing of your personal data, that is, to request that the data will not be processed at all. When data is processed to fulfil the legitimate interests of the controller or third parties, the data subject can object to the processing on grounds related to their specific personal situation. In this case, data processing must be stopped, except if: the controller can demonstrate that there is a significantly important and justified reason for the processing that overrides the interests, rights, and freedoms of the data subject, or the processing is necessary to prepare, present, or defend a legal claim.

If you want to exercise your right to object, contact the controller.

You can exercise your rights by sending a request to the university's Registry Office. You can use the form on the Registry Office's website or send your request informally. Keep in mind that withdrawing your consent doesn’t change the processing that happened before the withdrawal.

Get to know your rights

Use the form of the Registry Office

Send an informal request to the Registry Office

Who can access your personal data?

The data content of the register is fully and exclusively intended for the internal use of the University of Jyväskylä, and the data is processed by the employees whose job duties require it.

Learn more about data processors

To whom we transfer your data?

The data content of the register is fully and exclusively intended for the internal use of the University of Jyväskylä.

Other disclosure of personal data is subject to Act on the Openness of Government Activities.

No personal data is transferred outside the EU/EEA.

On what basis we process your personal data?

We process your personal data based on legal grounds, agreements, or your consent. If you want to dive deeper into our legal bases, such as the relevant legal provisions, you can find more information through the menu below.

Processing is needed in order to implement agreements to which the data subject is a party or to take steps prior to entering into an agreement as requested by the data subject (article 6.1(b) of the EU General Data Protection Regulation (GDPR, 679/2016). Ensuring data security: ensuring the security of data and managing access rights (public interest Genal Data protection Regulation 6(1)(e) and the management of customer relationships is based on the legitimate interests of the controller (General Data Protection Regulation 6(1)(f)).

How to contact us?

If you want more information about the processing of your personal data, do not hesitate to contact our data protection officer via email or phone (+358 40 805 3297).

Contact our data protection officer

Contact information of units

Below you find the contact information of the responsible unit. If you wish, you can directly contact the unit instead of the data protection officer.

If you want to exercise your rights (withdraw your consent for example) you can contact the Registry Office by email:

Send a request to the Registry Office