Data protection notice - University of Oulu events

This privacy notice applies to participants in events organized by the University of Oulu.
In this data privacy notice, we explain how we handle your personal data and what rights you have to pertaining to your personal data.

Data privacy notice

Data controller

University of Oulu

Pentti Kaiterankatu 1

P. O. Box 8000, 90014 OULU

University Data Protection Officer: dpo(at)

Purpose of processing personal data and legal basis for processing personal data

This privacy notice applies to people who participate in events arranged by the University of Oulu. In this document we describe data protection practices that pertain to personal data collected and processed in the context of events.

The University of Oulu has a statutory mission to promote lifelong learning, interact with the surrounding society and promote the impact of research findings and artistic activities on society (Universities Act, section 2).

The University of Oulu organises events concerning research, studies and cooperation relationships with parties outside the University. Thus the events are a part of the University’s core operations. During events, personal data can be collected from participants before or during the event.

Typically, we process your personal data

  • for the practical arrangements of the event
  • for contact before the event and possibly after it.

The processing of your data is based on the University of Oulu’s task carried out in the public interest that includes research and teaching and events associated with these. Sometimes the grounds for processing of personal data at an event can be consent.

Regular sources of data

Personal data is collected directly from a participant on a form or in person before the event. Personal data can also be collected at the site of the event.

An event can be transmitted by means of streaming or recorded (photography, video recording, sound recording), depending on its nature.

Personal data to be processed

Typically the following data is collected for the purpose of organising an event:

  • Name
  • Contact information
  • Organisation
  • Job title or title

The data collected can include other information depending on the event. Such information includes, for instance,

  • Diet
  • Home country at international events
  • Ancillary programme
  • Information related to publication
  • Information associated with recording of the event
  • Feedback
  • Information related to payments and method of payment, if participation is subject to a charge.

Consent may be requested for purposes of communication, publication of contact information (list of participants or the equivalent), disclosure of information (if the event includes partners), or for transfer of data to the University’s own client relationship management system.

Recipients or categories of recipients of personal data

Registration details are collected on a form that is typically a service provided by an external service provider. Your data is processed by the University’s staff members or cooperation partners who take part in the arrangements. We request consent for disclosure of data to a cooperation partner separately.

If we disclose information related to the diet and special needs to a service provider, it is not disclosed with information that can be linked to the person.

Recordings can be used for the University’s communication and marketing purposes. If recordings are used for research and teaching uses, a separate privacy notice is presented for them and consent is requested.

Transfers of personal data

The University’s data protection policy is to exercise special care when transferring personal data outside the EU and the European Economic Area (EEA) to countries that do not provide data protection in accordance with the EU’s GDPR. The transfer of personal data outside the EU and EEA is carried out in accordance with the requirements of the GDPR.

Data transfers

If the personal data needs to be transferred outside of EU/EEA member states and the transfer would not be under Commission adequacy decision, such transfer will only be conducted in accordance with the rules of Chapter V of the GDPR.

Data storage time

Typically, personal data collected is disposed after the event or once the necessary post-event communication has been completed. Personal data can possibly be stored for a longer period of time if so required by reporting related to the event to an outside financier, for example. In such a case, we observe normal storage periods related to filing that are dictated by the financier or legislation.

You can always request erasure of data that has been collected with consent.

Data subject rights

You have the following rights as a data subject:

  • Right to access your data
  • Right to have inaccurate data corrected (make sure to keep your contact information up to date)
  • In certain situations, the right to have data erased ("right to be forgotten")
  • In certain situations, the right to restriction of processing
  • In certain situations, the right to object to processing
  • In certain situations, the right to have data transferred from one system to another if the processing is based on consent or agreement and is performed automatically.

Please note that the applicability and scope of your above-mentioned rights will be specified on a case-by-case basis in accordance with the EU General Data Protection Regulation, depending on e.g. the grounds for processing the data, and that you do not have the above-mentioned rights in all cases.

If you have any questions about your rights, you can communicate with the University's Data Privacy Officer or the contact person of the responsible unit.

If you want to use the above-mentioned rights, please send a request to the University’s registry office: kirjaamo(at), where you will get the necessary additional instructions.

Right of appeal to the supervisory authority

In addition to the rights mentioned above, you have the right to file a complaint about the processing of your personal data with the Office of the Data Protection Ombudsman as the supervisory authority. The contact details and opening hours can be found on the website of the Data Protection Ombudsman.

Obligation to provide the personal data

You have no statutory, contractual or any other obligation to provide us with your personal data. Henkilötietojen toimittaminen on yleensä välttämätön edellytys toimintaan osallistumiselle. Huomaathan, että jos et anna pyytämiämme tietoja, se vaikuttaa mahdollisuuksiisi osallistua toimintaan.

General description of the technical and organisational protection measures

The University as the Data Controller uses appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against damage or loss of personal data.