Customer and Stakeholder Data Processed in the Partnership Management of the University of the Arts Helsinki

Articles 13 and 14 of the EU General Data Protection Regulation. Informing a data subject. Drawn up on May 17, 2018; Updated on August 13, 2020

Published 31.1.2020 | Updated 13.8.2020

1. Entity and person in charge of processing personal data

Communication and Society Relation Director Eveliina Olsson
E-mail address: firstname.lastname@uniarts.fi, telephone: +358 50 461 6780

2. Contact persons for handling personal data

Senior Advisor Marja-Leena Pétas-Arjava
E-mail address: firstname.lastname@uniarts.fi, telephone +358 50 526 1958

3. Register name

Customer and stakeholder register

4. What are the purpose and the legal basis for processing personal data?

According to the Universities Act, the mission of the University is to is to promote independent academic research as well as academic and artistic education, to provide research-based higher education and to educate students to serve their country and humanity at large.

In carrying out its mission, the University of the Arts Helsinki shall, in accordance with the Universities Act, promote lifelong learning, interact with the surrounding society and promote the social impact of university research findings and artistic activities. Customers’ and stakeholders’ personal data are processed in order to enable the artistic activities and social interaction of the University. The purpose for the processing of personal data is to communicate on the University’s activities, to inform on its artistic activities, and to tend to customer and stakeholder relationships.

The stakeholder groups of the University of the Arts Helsinki include various actors in the field of arts, the alumni of the various academies of the University, customers of adult education, corporate customers of the Events Service, and other partners.

The legal basis for processing personal data is comprised of agreements, of the legitimate interest of the University, and additionally of a consent thereto in so far as this is a matter of newsletters that the person has subscribed in person, and of other communication materials.

5. What data do we process?

In connection with customer and stakeholder group activities, we process the personal data of the following groups of persons: University alumni and various stakeholder groups such as strategic, key, and international partners. We also process information about the personnel of those customers active in the service business (companies, associations, public organizations) and on the private persons who are our customers.

The personal data to be processed includes:

Basic information on the data subject: name, e-mail address, postal address, and telephone number

Eventual information on the duties: profession, title and/or position, field of activity; name of organization, company or community; address of organization, general e-mail address and web address of organization

Account information: campaigns and events in which the person has taken part and other eventual special observations

Eventual consent to direct marketing

When processing personal data, we do not make use of automated decision-making and profiling as referred to in the Data Protection Regulation.

6. Where do we get information?

We get information from the following sources:

the data subjects themselves via web forms for instance
event participant lists
lists of other partners
customer information on adult and complementary education
the corporate customer register of the Event Services
the student register
the personal data system of the University of the Arts Helsinki
we also receive information from Ticketmaster’s sales platform.

7. To whom do we disclose and transfer data, and do we transfer data outside the EU or the EEA?

In processing personal data, we use subcontractors working for us. We have outsourced IT administration to a third-party service provider administering and protecting the server on which personal data are saved. We have taken steps with our subcontractors to ensure your data protection by concluding agreements for the processing of personal data. We transfer personal data outside the EU/EEA. We have taken appropriate steps to ensure safeguards in connection with the transfer. We use the standard contractual clauses adopted by the EU.

8. How do we protect data and how long will we keep them?

The system is used via the Internet over a protected connection from the server machines of the provider. Use is subject to a user ID and a password. All users of the partnership data system are members of the University of the Arts Helsinki staff. The system has a main user and four other Admin users (one in each of the University’s three academies and one in the joint services).

Each user has a personal user ID and a password, the access rights of which expire when the person in question leaves the University services or the duties for which he or she has been given access rights. Data not used during a period of 24 months are erased from the system.

9. With whom can you get in touch?

All questions on the processing of personal data as described in this data protection statement are to be asked by getting in touch with the contact person named in Point two who will, in case of need, forward the matter to the data protection officer. In case you feel that your rights are not respected, you may get directly in touch with the Uniarts Data Protection Officer.