Privacy notice

The University of Jyväskylä service management system (HelpJYU)

This privacy notice is delivered to user of HelpJYU-service when user is logging in to the system. There is a link to this notification on the login page.

For what purposes do we process personal data and what is the lawful basis for processing?. 1

What personal data do we process?. 1

Who can access your personal data?. 1

Will your personal data be transferred outside the EU/EEA area, and how are the transfers protected?  1

For how long will your personal data be processed and will the data be archived?. 1

Applying the right to objection. 1

What kind of rights do you have as a data subject?. 1

How can you apply your rights?. 1

General description of the technical and organisational safety measures. 1

Contact information. 1

 

 

For what purposes do we process personal data and what is the lawful basis for processing?

The centralised service management system for JYU service production, HelpJYU, facilitates the processing and statistics of service requests, service break notifications, orders, and advisory services. It also includes functions pertaining to administrative approval processes.

In addition the system is used for the maintenance of information provision (instructions) and for dealing with notifications of information security violations. Contact information can be used to collect feedback (e.g. survey).

The lawful basis consists of the following:

Processing of personal data in the service is based primarily on performing tasks related to public benefit or public authority (Universities Act 558/2007, Section 2).

Data processing may also be necessary to implement an agreement where the data subject is an involved party, or to carry out necessary actions preceding the establishment of such an agreement by the data subject’s request (employees).

The provision of support services as well as decisions on service requests can also be based on enforcing the data controller’s legitimate interests (6.1 f).

The University is committed to collect and process your personal data in a just and transparent way and to comply with related legislation. This privacy notice describes how the University administers your personal data in accordance with data protection regulations.

What personal data do we process?  

Data subjects consist of university staff, students, school-aged students, visitors, members of the University’s other interest groups or persons seeking membership in the above-mentioned groups who use the University’s support services (e.g. student applicants, personnel to be recruited).

•Staff: Data received from the HR system to the identification and access control system and further to the service management system, for example, identification code, JYU user ID, first name, surname, preferred first name, personal identity number, gender, nationality, language code, unit, supervisor, organisational contact information, personal contact information, identification information. Data received from centralised workstation management systems to the service management system, for example, identification data on the devices in a person’s use.

•Students: Student status data received from the study register to the identification and access control system and further to the service management system, for example, identification code, JYU user ID, first name, surname, preferred first name, personal identity number, gender, nationality, language code, unit, personal contact information, identification information.

•School-aged students: Student status data received from the school register to the identification and access control system and further to the service management system, for example, identification code, JYU user ID, first name, surname, preferred first name, personal identity number, gender, nationality, language code, unit, personal contact information, identification information.

•For visitors and outsiders: The respective JYU unit and/or the personal data and contact information given in conjunction with a service request.

Data are received:

• either directly from the data subject, for example, in conjunction with submitting or processing a service request (the HelpJYU portal, other contact)
• from the JYU identification and access control system, if the data subject has a valid relationship to the University as a staff member, student, school-aged student or visitor (as logged in the HelpJYU portal or identified by service personnel)
• from the University’s centralised workstation management systems (as logged in the HelpJYU portal or identified by service personnel)

Who can access your personal data?

JYU Services / process users..

For the needs of service provision, data are also transferred to the ServiceNow system. A data processing agreement has been signed between Fujitsu Finland and the University of Jyväskylä.

Data processors: Data processors — University of Jyväskylä (jyu.fi)

Will your personal data be transferred outside the EU/EEA area, and how are the transfers protected?

 

There will be no such transfers.

For how long will your personal data be processed and will the data be archived?

The life-span model of service management: Service request -> Processing the request -> Use of information systems and resources -> Decision on the request -> Closing the service request -> Archiving the service request. This life span takes place entirely within the service management system.

Service requests are not erased. A service request can be anonymised by the data subject’s request.

Applying the right to objection

A data subject has the right to object at any point, with a justified reason related to his or her specific personal situation, the processing of his or her personal data, which is based on public benefit or a justified interest. The data controller may then no longer process the personal data, except if the data controller can show that processing is necessary for a particularly important and justified reason that overrides the data subject’s interests, rights and freedoms or if it is necessary for making, presenting or defending a juridical claim.

What kind of rights do you have as a data subject?

You have the following data subject rights:

• Right to access your personal data
• Right to rectification (remember to keep your contact information up to date)
• Right to erasure (“right to be forgotten”) in some cases
• Right to restriction of processing in some cases
• Right of notification so that the data controller (unit responsible for the register) further informs any third-party recipients of the data about your request for the rectification or erasure, or restriction of processing of your personal data
• Right to object the processing in some cases, like for the purposes of direct marketing
• Right to data portability in some cases, i.e., to receive your data in such a form that allows transferring them to another system
• Right not to be subject to a decision based solely on automated processing, including profiling, which would produce legal effects concerning you or similarly affect you significantly
• Right to be informed of any information security breaches causing a major risk
• Right to lodge a complaint with a supervisory authority

If you have any questions about your data subject rights, you can contact the University’s Data Protection Officer or the contact person of the register.

How can you apply your rights?

The University has a common policy and instructions for the implementation of data subject rights: https://www.jyu.fi/en/university/privacy-notice/data-subject-rights

General description of the technical and organisational safety measures

The University of Jyväskylä, as the data controller, uses proper technical and organisational means to protect personal data against unauthorised or unlawful processing or the destruction or loss of personal data.

 

It has been separately agreed with the service provider on the technical and organisational safety measures of the ServiceNow system as part of the data processing agreement between the data controller and the data processor.

Contact information

Data controller

The University of Jyväskylä acts as the data controller and JYU Digital Services as the responsible unit for the processing of these personal data.

Contact information of the responsible unit:

Juha Alioravainen

The person’s contact details are available through the university’s contact search at: Contact information | University of Jyväskylä (jyu.fi) 

Data Protection Officer of the University of Jyväskylä, contact information

tietosuoja@jyu.fi, 040 805 3297

 

This privacy notice is published and made available to data subjects from 5 June 2019.

20 June 2022 added information about how the privacy notice is delivered to the data subject and a link to a summary of the data controllers.

15 November 2022 added information that contact information can be used to collect feedback (e.g. surveys).

21 October 2024 changed university's contact information (link)