IT Days 2025, Privacy Notice

Valid from 11 November 2024

Why do we process your personal data?

We process personal data for purposes related to the organization of the higher education IT Days hosted by Tampere University, held on 11-12 November 2025.

Personal data is used for event-related communications (before, during, and after the event), event arrangements, including catering services, and for handling payment transactions. Only the necessary information required for providing these services is collected.

Personal data may be disclosed if this has been agreed upon with Certia Oy (Aboa Events) during the registration process. Allergy information is processed based on consent to accommodate dietary requirements during the event.

The processing of personal data requires the participant’s consent.

Do we use automated decision-making or profiling?

We do not make automated decisions or profiling.

What personal data do we process?

The register includes the following data about individuals:

• Name and contact details
• Information on whether the participant represents an organization or company, including position and organization/company name

Dietary restrictions or allergies

Other relevant information may be collected if necessary to organize and carry out the event.

Personal data will be deleted when it is no longer needed for the execution or follow-up of the event, in accordance with the University of Tampere’s records management plan or other relevant regulations.

For payment processing, the retention period of personal data is based on accounting legislation

Why are we allowed to process your personal data?

The legal basis for processing personal data is:

1. The data subject has given consent for the processing of their personal data for one or more specific purposes (GDPR Article 6(1)(a)).
2. Processing is necessary for the performance of a contract to which the data subject is a party, or for taking pre-contractual steps at the data subject’s request (GDPR Article 6(1)(b)).
3. Processing is necessary for the legitimate interests pursued by the data controller or a third party (GDPR Article 6(1)(f)).

The legitimate interest of the data controller is based on a relevant and appropriate relationship
between the data subject and the data controller, arising from the data subject’s reasonable
expectations at the time of data collection and within the context of the appropriate relationship.

Where do we get your personal data needed for processing?

Your personal data is collected with your consent when you register for the event through the online registration form. During registration, you can choose to consent to or decline the publication of your name on participant lists, websites, apps, etc.

If you do not provide the required information requested during registration, Aboa Events will be unable to process your registration or record you as a participant.

Processors and disclosures of your personal data

Tampere University utilizes an external data processor Certia Oy, Aboa Events, who handles personal data on behalf of Tampere University under contractual agreements.

Tampere University may disclose personal data to other parties involved in event arrangements if it is necessary for organizing the events. Otherwise, personal data is not transferred outside Tampere University.

All of your personal data is processed safely and securely in accordance with applicable legislation.

For further information, please contact Aboa Events by email (aboaevents@certia.fi).

Do we transfer your personal data outside the EU/EEA?

We do not transfer your personal data outside the EU/EEA.

How long do we keep your personal data?

Personal data is retained for as long as necessary for the execution and follow-up of the event in accordance with the University of Tampere’s records management plan or other regulatory requirements.

For payment transactions, retention periods are based on the Accounting Act.

What rights do you have as a data subject?

• Right to withdraw consent (General Data Protection Regulation EU 679/2016, Article 7,3.)You have the right to withdraw your consent at any time if the processing of your personal data is based on your consent. The withdrawal of consent does not affect the lawfulness of our processing based on consent before its withdrawal.
• Right of access (Article 15)You have the right to know what personal data is being processed about you and what data has been stored about you. In many systems related to admissions, you can view the information stored about you yourself when logged in.
• Right to rectification (Article 16)You have the right to obtain that incorrect, inaccurate or incomplete personal data concerning you be rectified or completed without undue delay. In addition, you have the right to demand that your unnecessary personal data be erased.
• Right to be forgotten (Article 17)Depending on the basis for data processing, you may have the right to have your personal data erased from the university’s register. Such a right does not exist, for example, in cases where the processing of your personal data is necessary for compliance with a legal obligation or for the exercise of official authority vested in the university (Article 17, paragraph 3b).
• Right to restriction of processing (Article 18)In certain situations, you may have the right to request that the processing of your personal data be restricted until your data or the basis for processing it has been duly checked and corrected or supplemented.
• Right to data portability (Article 20)You have the right to receive the personal data you have provided to the university in a structured, commonly used and machine-readable format and the right to transfer such data to another controller without hindrance from the university. This right applies to situations where the processing of data is automated and based on consent or a
  contract.The right does not apply, for example, to the processing of personal data that is necessary for the performance of a task carried out in the public interest or for the fulfilment of a legal obligation to which the controller is subject. Therefore, as a rule, the right does not apply to the university’s personal registers.
• Right to object (Article 21)Based on your particular personal situation, you have the right to object at any time tothe processing of your personal data when the processing is based on the performance of a task carried out in the public interest, the exercise of official authority or the legitimate interest of a higher education institution. In this case, your data may only be further processed if there is a compelling and justified reason for the processing that can be demonstrated.

Right to lodge a complaint with an authority (Article 77)

You have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data violates applicable data protection legislation. In addition, you have the right to seek other administrative and judicial remedies.

Office of the Data Protection Ombudsman, P.O. Box 800, FI-00531 Helsinki, E-mail:
tietosuoja@om.fi
Tel. 029 566 6700
www.tietosuoja.fi

Contact us in questions related to personal data protection

If necessary, send your request related to the exercise of the rights of the data subject electronically to the university’s e-mail address tau@tuni.fi or by paper mail to the following address:

University of Tampere
33014 University of Tampere

As the data controller acting

Tampere University Foundation sr
33014 University of Tampere
Kalevantie 4, FI-33100 Tampere
Business ID 2844561-8

The contact person in matters concerning the register is

Mandi Hakala
IT Manager, IT Development Services
Tampere University
+358 (0) 294 52 11

You can reach the Data Protection Officer

dpo@tuni.fi