Research information system UniartsCRIS data protection statement

Articles 13 and 14 of the EU General Data Protection Regulation. Informing a data subject. Drawn up on 29 June 2018 Updated on 26 May 2021, on 4 December 2023

1. Data controller

Uniarts Helsinki

Postal address: P.O. Box 1, 00097 Uniarts
Phone number: +358 294 47 2000 (exchange)

2. Entity and person in charge of processing personal data

Head of Development Services Markus Torkkeli (Development Services)

Phone number: +358 40 5005503

3. Contact person for handling personal data

Planning Manager Helena Haimi (Development Services), main user of the system

Phone number: +358 40 7104293

4. Data protection officer

Uniarts Helsinki’s data protection officer is Legal Counsel Minna Eskola.

Phone number: +358 29 447 3940
Postal address: P.O. Box 1, 00097 Uniarts

5. Name of the register

Research information system UniartsCRIS.

The research information system maintains data on research and artistic activities carried out by Uniarts Helsinki staff or researchers who are otherwise affiliated with the university (grant-funded researchers) and by doctoral students. Activities refer to publications, results of artistic activities, expert duties, teaching merits and international visits.

Data on research activities and artistic activities is public, excluding certain data that has been separately agreed upon with the funding source. The university uses the research data to pass on information about its research activities in accordance with good scientific practice and to provide the necessary research-related data to the Ministry of Education and Culture in accordance with section 51 in the Universities Act (558/2009).

Processing of personal data is based on a legal obligation in accordance with the EU’s General Data Protection Regulation (EU 2016/679):

When requested by the Ministry of Education and Culture, each university must provide the Ministry with the data necessary for the evaluation, development, statistics and other supervision and steering of education and research (section 51 in the Universities Act (558/2009). In addition, the university processes, compiles statistics on and analyses data related to research activities and social interaction in the public interest to carry out tasks in accordance with section 2 in the Universities Act.

  • The university compiles statistics on and analyses data provided by the research information system to assess and develop its research activities.
  • The research information system helps in compiling statistical reports needed for the assessment and development of the activities of the university and its units and in producing data for external reporting needs (data collected by the Ministry of Education and Culture).
  • The research information system is used for presenting the university’s activities and for submitting information to national portals maintained by the Ministry of Education and Culture.

7. What data do we process?

Required personal data: Name and unit data, title, duration of the employment relationship, person number assigned by the university, areas of expertise.

The above-listed data is necessary for organising the university’s activities and putting the contractual relationship into effect.

Optional data: ORCID ID, gender, degree, field of study, docentship, research area, disclosed information, photo.

Data connected with the expert includes

  • Publications
  • Artistic activities
  • Research activities (specialist duties)
  • Teaching merits
  • International visits
  • Conferences organised by Uniarts Helsinki

8. Where do we get information?

Persons save the results of the activities themselves. The required personal data is transferred from Uniarts Helsinki’s personal data system (Mepco) and as regards data on doctoral students, from the student information system Oodi (in the future: Peppi).

9. To whom do we disclose or transfer data, and do we transfer data outside the EU or the EEA?

Publication data will be passed on to the Ministry of Education and Culture via the VIRTA Publication Information Service and further to the website. No data will be transferred outside the EU or the EEA.

10. How do we protect data and for how long do we store it?

Only those of our employees who are authorised to process the register data in their line of work are entitled to use the system containing personal data. The data is gathered in databases protected with firewalls, passwords, and other technical means. The databases and their backup copies are situated in locked spaces, and the data can only be accessed by certain pre-named persons.

11. Storage period of personal data

Personal data is stored for as long as is necessary for fulfilling the purpose for which it was collected and processed or for as long as is required by law or regulations. The storage period of archived data has been described in the university’s information management plan.

We store data that is not ordered to be archived in a manner that complies with the requirements of the EU’s General Data Protection Regulation. Publications and their meta data will be stored permanently. This is based on the Act on Collecting and Preserving Cultural Materials (28.12.2007/1433).

12. What are your rights as a data subject?

Data subjects are entitled to check the data concerning them stored in the personal data register and demand that erroneous, outdated, unnecessary, or illegal data is rectified or erased. If a data subject has access to the data, they can edit the data personally or they can send an email (

In accordance with the GDPR, data subjects have the right to request the restriction of the processing of their personal data as well as the right to lodge a complaint about the processing of their personal data with the supervisory authority.

If the data subject is not satisfied with the manner in which Uniarts Helsinki has processed their personal data, the subject can appeal to the national data protection supervisory authorities for an inquest into the matter. In Finland, the national data protection supervisory authority is the data protection ombudsman, whose contact details are available at

13. With whom can you get in touch?

All questions on the processing of personal data as described in this data protection statement can be directed to the contact person mentioned in item 3, who may forward the matter to the data protection officer, if necessary. If you find that your rights mentioned in item 11 are being neglected, you can contact the university’s data protection officer mentioned in item 4 directly.