University of Jyväskylä emailing lists – Privacy notice

Published

23.8.2023

What should you know about the processing of your personal data?

The University of Jyväskylä collects personal data about you to carry out its duties. You have rights to this data, such as the right to access the data and the right to be sure that it is stored securely and only for the necessary time. Above all, you have the right to know the following:

what information we collect about youand why,
for how long, and where we keep this information, and
to whom we share this information.

All of these points are explained in this privacy notice.

How to find the information you are looking for?

We have created this privacy notice to be as easy as possible to use and understand. That is why you will find the key points summarised under each section. If you are interested in knowing more, please follow the links in the sections or contact the data protection officer of the University of Jyväskylä.

Contact the data protection officer

Why we process your personal data?

University of Jyväskylä processes contact information of stakeholders, partners, students and employees in the course of its activities. We process personal data in order to maintain and manage email lists that support the University of Jyväskylä's activities. In addition, personal data is processed to ensure data security and the proper functioning of the service.

What data we process and how long?

We process the following personal data: name, and email address and information about your employer, if the email address reveals it. In addition, any contact or other personal data contained in the messages themselves and their attachments may be processed.

The data will be kept as long as the email list is active and related to university activities. The University will verify once a year with the list administrator that the list is active. If the list is not active or the administrator does not respond, the data will be deleted 90 days after the list is closed, in which case both contact details and messages will be deleted. You have the possibility to opt-out from a list.

Email lists may not be used for direct marketing, without the prior consent of the data subject (opt-in), nor may special categories of personal data be processed on the list.

The data of the data subject is obtained from the data subject or from the University's registers.

Personal data may also be collected from public data sources, such as websites, where there are appropriate grounds for doing so. The data subject has the right to opt-out.

What rights you have and how to exercise them?

You have the following rights:

Right to access your data.
Right to have any incorrect information corrected.
Right to have your data erased (right to be forgotten), in certain situations.
Right to restrict processing.
Right to have the responsible unit inform the party to which your data is disclosed of your data being corrected, erased, or the processing being restricted.
Right to object processing, e.g. direct marketing.
Right to have your data transferred from one system to another, when processing is based on an agreement or your consent.
Right to be notified of any information security breaches resulting in a high risk.
Right to file a complaint with the supervisory authority.

You can exercise your rights by sending a request to the university's Registry Office. You can use the form on the Registry Office's website or send your request informally.

Get to know your rights

Use the form of the Registry Office

Send an informal request to the Registry Office

Who can access your personal data?

At the University, your personal data is processed by the employees whose tasks include the processing of personal data.

In addition, the service providers we use have access to your personal data in their capacity as processors. However, the service providers do not actively process personal data, but they have access to personal data for maintenance purposes.

Email lists are created in Microsoft's (processor) O365 service.

Learn more about data processors

To whom we transfer your data?

We do not transfer your data.

Personal data will not be transferred outside the EU/EEA.

On what basis we process your personal data?

We process your personal data based on legal grounds, agreements, or your consent. If you want to dive deeper into our legal bases, such as the relevant legal provisions, you can find more information through the menu below.

The primary basis for the processing of personal data is fulfilling a duty for the public interest (General Data Protection Regulation, GDPR, Article 6.1e; Universities Act 2009/558, Section 2). Lists of interested parties include persons with such positions or posts (as well as related work in public organisations, trade, and industries, non-governmental organisations, or in other such activities) that allows them to serve as experts, or in other equivalent roles in the University’s activities.

The list of interested parties can also be used for informing about the University’s or its unit’s activities as well as for other communication with interested parties (GDPR Article 6.1f; Data controller’s legitimate interest) when it is not about performing the University’s duties as a public authority. A data subject has the right to forbid the use of his/her personal data.

How to contact us?

If you want more information about the processing of your personal data, do not hesitate to contact our data protection officer via email or phone (+358 40 805 3297).

Contact our data protection officer

Contact information of units

Below you find the contact information of each unit. If you wish, you can directly contact the appropriate unit instead of the data protection officer.

If you want to exercise your rights (withdraw your consent for example) you can contact the Registry Office by email:

Send a request to the Registry Office