Skip to main content
Privacy Notice

University of Vaasa
Wolffintie 32
65200 VAASA
Business ID 0209599-8
Phone: 029 449 8000

Representative of the Data Controller and Contact Person:

Ari Hovila

Contact Information for the Data Protection Officer:

Phone: 029 449 8060

Personal data processor

Certia Oy, Aboa Events (Aboa) (Business ID: 2327422-3)
Assistentinkatu 5, 20500 Turku
Phone. 040 565 6716

Contact person:

Gunilla Sjöberg
Phone. 040 515 1537

The organiser has instructed Aboa Events to handle the practical arrangements for the event and all side events, and Aboa Events therefore serves as the personal data processor and processes the personal data in accordance with this data protection statement.

Name of Registers

IT days 13–14 November 2024 participants
IT days 13–14 November 2024 exhibitors

Purpose of Processing Personal Data

Personal data will be processed for purposes related to organizing and implementing the University of IT days 2024, which will take place from November 13 to 14, 2024.

The data we request from you when you register online is the data we require in order to market, organise and implement meetings, logistics, logins and payments, for example, correctly. Your data is also used to provide you with information on the event you have registered for and will be participating in, before, during and after the event. Only information that is strictly necessary for providing these services is collected.

The personal data may be processed to the extent Aboa Events has agreed on with you when registering for the event. Data on allergies will be processed with your consent in order for any such allergies to be taken into account in the provision of catering services.

The processing of personal data is based on the participant’s consent.

Legal Basis for Processing Personal Data

The legal basis for processing personal data is:

  1. The data subject has given consent for the processing of their personal data for one or more specific purposes (GDPR Article 6(1)(a)).
  2. Processing is necessary for the performance of a contract to which the data subject is a party, or for taking pre-contractual steps at the data subject’s request (GDPR Article 6(1)(b)).
  3. Processing is necessary for the legitimate interests pursued by the data controller or a third party (GDPR Article 6(1)(f)).

The legitimate interest of the data controller is based on a relevant and appropriate relationship between the data subject and the data controller, arising from the data subject’s reasonable expectations at the time of data collection and within the context of the appropriate relationship.

Data Content and Retention Periods

We collect:

  • name (first name and last name) and contact details (email address, phone number)
  • if you are participating as a representative of an organisation or company, your job title and the name of the organisation/company
  • information on any food allergies/dietary information
  • invoicing address (if a fee is charged for the event).

Other relevant information (depending on the nature of the event) may also be collected in order for us to organise and implement the event you have registered for.

Personal data will be deleted when it is no longer needed for the implementation or post-processing of the event, in accordance with the archiving plan of the University of Vaasa or other legal regulations.

Regarding financial transactions, the retention period for personal data is based on accounting laws.

Data Transfer or Disclosure

Vaasa University utilizes an external data processor Certia Oy, Aboa Events, who handles personal data on behalf of Vaasa University under contractual agreements.

Vaasa University may disclose personal data to other parties involved in event arrangements if it is necessary for organizing the events. Otherwise, personal data is not transferred outside Vaasa University.

All of your personal data is processed safely and securely in accordance with applicable legislation.

For further information, please contact Aboa Events by email (

Transfer of Data Outside the EU or EEA

Personal Data is not transferred outside the EU/EEA area.

 Principles for Protecting Personal Data

As the data controller, Vaasa University employs appropriate technical and organizational measures to safeguard personal data against unauthorized or unlawful processing, as well as data damage or loss.

  • Manual Records
    • Personal data is protected against unauthorized access and unlawful handling (e.g., destruction, alteration, or disclosure). Each individual processing data can only process data necessary for their job duties.
    • Documents are securely stored in locked areas inaccessible to external parties.
    • Printed documents are produced only when needed and are destroyed after use.
  • Automated Data Processing
    • All data processing is based on access rights that depend on the individual’s role and position within the organisation. When necessary, specific usage permissions are granted by the responsible party for each registry. The validity of access rights is checked regularly.
    • IT systems and services are protected in accordance with industry best practice, their functionality is ensured to the extent necessary, and their life cycle is managed.
Automated Decision-Making

No automated decisions are made.

General rights of the Data Subject

The Data subject has the following rights:

  • Right to Access: The right to request information from the data controller about what personal data concerning them is stored in the registry.
  • Right to Rectification: The right to demand that incomplete personal data be supplemented and that Vaasa University correct any inaccurate or erroneous personal data concerning the data subject without undue delay.
  • Right to Erasure: The right to have their personal data deleted without undue delay, provided that:
    • The personal data is no longer needed for the purposes for which it was collected or otherwise processed.
    • The data subject withdraws consent, and there is no other legal basis for processing.
    • The personal data has been processed unlawfully.
    • The deletion is necessary to comply with a legal obligation under European Union law or national legislation.
  • Right to Restriction and Objection: the right to restrict or object to processing if:
    • The data subject disputes the accuracy of their personal data.
    • The processing is unlawful, or the data subject objects to the erasure of his or her personal data.
    • The controller no longer needs the personal data for the purposes of the processing, but the data subject requires it for the establishment, exercise, or defense of legal claims.
    • The data subject has objected to the processing of personal data pursuant to Article 21(1) pending verification whether the legitimate grounds of the data controller override those of the data subject.
  • Right to Withdraw Consent: The right to withdraw consent given at any time, without affecting the lawfulness of processing based on consent before its withdrawal, if the processing of personal data is based on the data subject’s consent.

The data subject also has the right to file a complaint with the supervisory authority.

Additionally, the data subject may have the right to transfer data from one system to another, provided if it pertains to information to which this right applies.

For advice and guidance on matters related to the data subject’s rights, please contact the Data Protection Officer at,

Other information to be disclosed

When using the service, log entries are generated. These logs are utilized for ensuring the service’s information security, technical development, and detection, prevention, and resolution of incidents (Tietoyhteiskuntakaari (917/2014) 138§, 141§, 144§, 272§). The logs are retained for the necessary duration for these purposes and are not used for any other purpose.

Changing the Privacy Notice

University of Vaasa continually develops its operations and reserves the right to update this privacy notice. Changes may also be based on changes in legislation. We recommend that you check this notice periodically.

In significant changes where our privacy notice is substantially altered, we may also notify you through other means before the change takes effect.

This privacy notice was last updated on March 20, 2024