Privacy Notice of Identity and user rights management

​Purpose of processing

User rights management maintains data on user accounts, email addresses, user rights and roles granted to users by the University of Turku.

Users include the staff and students of the University of Turku, Open University applicants and students, Turun normaalikoulu and Rauman normaalikoulu teacher training school pupils, and external data system users operating on behalf of the University of Turku (visitors) that use the data systems in question.

At the University of Turku, user rights management is implemented through the identity management system (IdM; https://idm.utu.fi/). It sets a life cycle for access rights; for example, after the access criteria such as the right to study and contract of employment expire, the user account is disabled.
 
The identity management system creates the University user name, password, and email address.

The user name is granted for the use of the University data systems. Examples include the email system, network access, data systems for administration, teaching and research, network drive services, and the University intranet.
 
Data is handled only by employees whose duties include maintaining user data. Only the system administrators and system service providers participate in the development and testing of the identity management system.

Basis for processing

Processing of data is based on the University’s task that is set in Section 2 of the Universities Act (558/2007) and its implementation for public interest.

User management
  • enables the protection of personal data that is stored in the user rights management of the University of Turku as provided in Section 32 of the Personal Data Act (523/1999);
  • ensures that the rights and obligations of the parties to the employment are protected by the Act on the Protection of Privacy in Working Life (759/2004) and
  • allows to intervene in unauthorised access, transfer, and other processing of data.

Contact information

TURUN YLIOPISTO
University Services
IT Services
20014 University of Turku
Phone: +358 29 450 6000 

Categories of personal data 

  • user name
  • user account status
  • identification number, date of birth
  • email addresses
  • password related data
  • names
  • contact information
  • mother tongue / preferred language
  • gender
  • nationality
  • employment related information
  • data on the right to study
  • data on visitors

Origin of data

 User authorisation is based on the data gathered from:

  • Human Resources register
  • Academic and Student Affairs register
  • Turun normaalikoulu and Rauman normaalikoulu teacher training school pupil registers
  • requests forwarded to the IT Services
  • data provided by the users themselves

The above-mentioned registers have their own separately submitted privacy notices.

Registered material is transmitted to the identity management system through the data warehouse of the University of Turku.

Data on a visitor is provided by a University staff member acting as the visitor’s supervisor. This data is processed by the IT Services and stored in the identity management system.

The following visitor data is stored (mandatory *):
names (*)

  • external email address
  • external organisation
  • phone number
  • language (Finnish, English; *)
  • identification number or date of birth (*)
  • purpose behind the request (*)
  • visitor role (*)
  • address information
  • period of validity (*)
  • supervisor and unit (*)

In order to register and apply for Open University courses, an applicant without an active University of Turku account can either self-register or ask an Open University officer to create an account on their behalf.

The Open University account is created with the following mandatory data:

  • names
  • external email address
  • identification number or date of birth
  • period of validity

Period for retaining data

Data is currently stored permanently and retained to maintain identity links.

Recipients of data

The information contained in the identity management system is intended for internal use.
 
The identity management system delivers information to the following internal systems of the University of Turku:

  • LDAP directory system
  • AD directory system
  • Academic and Student Affairs register
  • Turun normaalikoulu teacher training school pupil register
  • data warehouse

Possible transfers to third countries

The identity management system does not disclose material outside the EU or EEA countries without the user's own activities.

Publicity or confidentiality

The data is confidential where it concerns the security arrangements and the implementation of data systems (Act 24.1 Section 7 of the Public Procurement Act).
 
Access to the user rights management data is not, as a rule, handed over to third parties unless there is a legitimate basis.

Rights of the data subject

You have the right to access your personal data retained by the Data Controller, the right to ask rectification or erasure of data, and the right to restrict or object the processing of data.
 
You have the right to lodge a complaint with the supervisory authority. Contact information of the Data Protection Officer of the University of Turku: dpo@utu.fi
 
Requests for data rectification in other registers should be addressed to the Data Controller of the register in question.

Additional information

The use of the service creates log entries which are used for ensuring the information security of the service, developing the technology of the service, and for detecting, preventing, or investigating technical faults or errors (Sections 138,141,144, and 272 of the Information Society Code (917/2014)).

The principles of the protection of personal data are described on the following page:
http://www.utu.fi/en/unit/university-services/it-services/information_security/Pages/Data-Security-Description.aspx

Keywords:
Tags:

20014 Turun yliopisto, Finland
Tel. +358 29 450 5000

People search

Follow us: 
Facebook   Twitter   Instagram   Youtube   LinkedIn
© University of Turku