Data protection

Data protection refers to safeguarding an individual’s privacy, for example, when processing personal data. The university’s various operations require the collection and storage of personal data from staff and students. We take data protection into account in all our activities.

Learn about the University of Lapland’s data protection policy.

Code of conduct for the protection of study data. (in Finnish)

Scientific research and data protection (Guidelines from the Data Protection Ombudsman).

General data protection notice of the University of Lapland.

Processing of personal data at the University of Lapland

We process personal data to fulfill our statutory duties under the Universities Act. This includes data from students, staff, stakeholders as well as research data that may contain personal information. Data related to alumni, marketing, customers and partners is processed based on contracts, consent, legitimate interest or legal obligation. Personal data is handled to carry out work tasks, enable student studies and maintain access rights and data security. Providing appropriate tools for community use is an essential part of fulfilling the university’s responsibilities.

All personal data is processed within the framework of legislation, regulations and agreements.

We act as the data controller in the processing of personal data and are responsible for the data even when the service is provided by a third-party supplier or outsourced.

Data Protection Officer

The Data Protection Officer at the University of Lapland ensures and monitors the implementation of data protection and acts as a contact person for authorities and individuals registered in the university’s personal data registers.

Information for data subjects

The privacy notices provide detailed information about different personal data repositories (registers): the content of personal data, the purpose of processing, the legal basis for storage and processing, retention periods, responsible persons and contacts, data sources, possible disclosures and transfers, the basis for data protection and the rights of the data subject regarding the processing of personal data. The university may use service providers for storing and processing personal data, with appropriate agreements in place to ensure data protection. If the service provider processes data outside the EU or EEA, this will be stated in the notice.

Rights of the data subject

The data subject always has the right to request access to their personal data from the data controller, as well as the right to request correction, deletion or restriction of processing and to object to processing. The right to deletion does not apply to personal data processed by the university based on statutory duties, public interest or other retention obligations.

Submit requests for data inspection, correction or deletion to the data controller using the provided forms.

If you wish to inspect your data or request correction or deletion, fill out the form and return it to the University of Lapland’s Records Office, the Lapland University Library service points or the university’s IT service desk, where your identity will be verified and the form forwarded to the Records Office.

As a rule, the data subject has the right not to be subject to decisions based solely on automated processing. The University of Lapland does not make automated decisions based on personal data.

If you wish to restrict or object to the processing of your data, contact the Data Protection Officer using the contact details on this page.

The data subject may have the right to transfer their data from one system to another, if applicable.

The data subject has the right to lodge a complaint with the supervisory authority. Contact details and instructions for filing a complaint under the regulation can be found here.

Technical and organisational security measures

We protect the university’s personal data as part of maintaining normal data security. All data processing is based on access rights, which are determined by the individual’s role and position at the university. Access rights are checked daily. Our IT systems and services are protected against unauthorised access in accordance with industry best practices, their functionality is adequately ensured and their lifecycle is managed.

Cookies

A cookie is a small text file that your browser stores on your device (e.g., computer, tablet, smartphone). The cookie file contains an anonymous, unique identifier that allows us to recognise and count different browsers visiting our site and determine whether you visit our site multiple times using the same device and browser.

Learn more about our cookie policy