Data privacy notice - University of Oulu room booking

This privacy notice describes how University of Oulu collects and processes your personal data when you use University of Oulu room reservation application to the creation of new room and service reservations.

Data privacy notice

Data controller

University of Oulu
Pentti Kaiterankatu 1
P. O. Box 8000, 90014 OULU

Units in charge of the processing:
University of Oulu, ICT-services
Director of Information Management Kari Keinänen, e-mail address: ict(at)oulu.fi

University Data Protection Officer: dpo(at)oulu.fi

Purpose of processing personal data and legal basis for processing personal data

Personal data is processed based on the user’s consent.

The units in charge of the registry has the right to make changes to this privacy policy, and shall keep a version history of the changes. Changes in the privacy policy will be informed to users whose data is kept in the registry.

The register will only include personal information of users that have signed in to the room reservation application.

The use of personal data in this registry is related to the use of the room reservation application, and to the creation of new room and service reservations done with the application. In addition, the data may be used to improve the application and related services with statistical analysis. Anonymized data may also be given to research purposes..

Personal data to be processed

We handle the following personal data:

  • name of the user
  • e-mail address of the user
  • username of the user
  • user’s calendar and service reservations and their details
  • user login information

In addition to this personal data, the application may gather calendar reservations from the registrar’s existing systems, but this information is not stored within this registry.

Recipients or categories of recipients of personal data

The personal data held in the registry will be shared by the application provider when needed for application use. There is an existing Data Processing Agreement (DPA) with the application provider to describe the handling of this data. The personal data will not be shared regularly with any other party.

Data transfers

The personal data will not be transferred outside the EU and EEA.

Principles of protecting the registry

Handling of the registry will be done with diligence and care, and data processed with information systems will be protected appropriately. When any registry data will be stored on internet servers, the hardware’s physical and digital security will be handled appropriately. The registrar will see that any stored data, server access rights and other data critical to personal security will be handled confidentially and only by those employees whose job description includes it.

Data storage time

Personal data of the user is retained until it is requested to be removed, there is no use for them for the application, or when there are no legal grounds to keep them.

The origin of personal data

The personal data is collected from the user based on their login information from the registrar’s existing personnel and room booking systems, and through the use of the application.

Data subject rights

You have the following rights as a data subject:

  • You have the right to withdraw your consent, provided that the processing of the personal data is based on consent. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
  • You have the right to obtain information on whether or not personal data concerning you are being processed in the project, as well as the data being processed. You can also request a copy of the personal data undergoing processing.
  • Right to have inaccurate data corrected (make sure to keep your contact information up to date)
  • In certain situations, the right to have data erased ("right to be forgotten")
  • In certain situations, the right to restriction of processing
  • In certain situations, the right to object to processing

Please note that the applicability and scope of your above-mentioned rights will be specified on a case-by-case basis in accordance with the EU General Data Protection Regulation, depending on e.g. the grounds for processing the data, and that you do not have the above-mentioned rights in all cases.

If you have any questions about your rights, you can communicate with the University's Data Privacy Officer or the contact person of the responsible unit.

If you want to use the above-mentioned rights, please send a request to the University’s registry office: kirjaamo(at)oulu.fi, where you will get the necessary additional instructions.

Right of appeal to the supervisory authority

In addition to the rights mentioned above, you have the right to file a complaint about the processing of your personal data with the Office of the Data Protection Ombudsman as the supervisory authority. The contact details and opening hours can be found on the website of the Data Protection Ombudsman.

General description of the technical and organisational protection measures

The personal data of users will not be used for automated decision making or profiling.