Privacy Notice for Person Remote Identification Service
Name of the register
Person identification using remote identification tools
Identity and contact information of the Data Controller
University of Turku Address: University of Turku, FI-20014 TURUN YLIOPISTO
Email: firstname.lastname@example.org Telephone: +358 29 450 5000 (operator)
Contact information of the Data Protection Officer
Email: DPO@utu.fi More information about Data Protection Officer of University of Turku: www.utu.fi/dpo
Contact information in matters regarding the use of the register
University of Turku Identity and Access Management Email: email@example.com
Purpose and legal basis for the processing of personal data
The University of Turku's user authentication register is used to archive the identifiers of user authentication performed by remote means.
The processing of personal data is based on the activities in the public interest, exercise of official authority, compliance with a legal obligation, performance of a contract, depending on which role the account use is associated to.
Personal data groups in this privacy notice
- First name
- Last name
- Mobile phone number
- Social security number or other national identification code or date of birth
- Biometric data
- When using identification service to recognize user also other personal data will be stored in register
Recipients and recipient groups of personal data
Signicat AS (“Signicat”)
Information on transferring data to third countries
The data will not be transferred or disclosed to parties outside the EU or the European economic region.
Retention period of personal data
Personal data will be deleted from register, when University’s legal need for archived data ends.
Rights of the data subject
The data subject has the right to access their personal data retained by the Data Controller. The data subject does not have the right to have their data erased. The processing is a one-time event only for validating the use of data in the University Identity and Access Management. Thus, the rectification of user data must be performed there.
The data subject has the right to make a complaint with the supervisory authority.
The contact person in matters regarding the rights and obligations of the data subject is the Data Protection Officer. Contact information of the Data Protection Officer can be found at the beginning of this notice.
Information on the source of personal data
Source of personal data:
- From the person concerned when registering
Information on the
existence of automatic decision making, including profiling
After successful identification persons user account will be verified in the University of Turku identification and access management system.
Principles for the protection of data
The registered data is stored according to the best practices, good information security and legislative regulations so that it is protected from external parties. The register is protected with user identification and passwords as well as structural and group-specific authorization. Registers containing personal data can be accessed only by the members of personnel who require the use of personal data for performing their work tasks. The system can be accessed only through a protected network connection.
An agreement on the terms regarding the processing of personal data, which is in accordance with the EU General Data Protection Regulation, has been made with the system supplier (Signicat Ltd).
The use of the service creates log entries which are used for ensuring the information security of the service, developing the technology of the service, and for detecting, preventing, or investigating technical faults or errors (Sections 138,141,144, and 272 of the Information Society Code (917/2014)). The logs are retained for these purposes for the required time period and they will not be used for any other purposes.
Last edited on 29th of June 2021.