Data privacy notice - Proposals for external members of the University Board of Directors

The University Collegium of the University of Oulu is collecting proposals for external members of the University Board of Directors. Here we describe the privacy policies that apply to the personal data collected and processed in connection with the submitted proposals.

Data privacy notice

Data controller

University of Oulu

Pentti Kaiterankatu 1

P. O. Box 8000, 90014 OULU

University Data Protection Officer: dpo(at)oulu.fi

Purpose of processing personal data and legal basis for processing personal data

This privacy notice applies to proposals collected by the University Collegium of the University of Oulu for external members of the University Board of Directors. In this document, we describe the privacy practices that apply to the personal data collected and processed in connection with the submitted proposals.

The task of the University College is to decide the number of members of the board, the length of the term of office of the board and its members, and select the members referred to in section 15, subsection 4 of the University Act. (Section 22 of the University Act).

Proposals for the external members of the board are obtained from university students and staff.

The legal basis for the processing of personal data is the legal obligation of the data controller.

Regular sources of data

Personal information is collected on an electronic form from those submitting proposals.

Personal data to be processed

In addition to the name, publicly available information about the merits of the proposed person is collected from the proposers.

Proposers submit their proposals anonymously. The Collegium will not process proposals that contain special personal data (i.e. sensitive personal data).

Recipients or categories of recipients of personal data

Registration details are collected on a form that is typically a service provided by an external service provider. Your data is processed by the University Collegium members.

Data transfers

Personal data is not passed on to third parties or outside the European Union or the European Economic Area.

Data storage time

Personal data collected is disposed of after the decision process and subsequent communications are completed.

Data subject rights

You have the following rights as a data subject:

  • Right to access your data
  • Right to have inaccurate data corrected (make sure to keep your contact information up to date)
  • In certain situations, the right to have data erased ("right to be forgotten")
  • In certain situations, the right to restriction of processing
  • In certain situations, the right to object to processing
  • In certain situations, the right to have data transferred from one system to another if the processing is based on consent or agreement and is performed automatically.

Please note that the applicability and scope of your above-mentioned rights will be specified on a case-by-case basis in accordance with the EU General Data Protection Regulation, depending on e.g. the grounds for processing the data, and that you do not have the above-mentioned rights in all cases.

If you have any questions about your rights, you can communicate with the University's Data Privacy Officer.



If you want to use the above-mentioned rights, please send a request to the University’s registry office: kirjaamo(at)oulu.fi, where you will get the necessary additional instructions.

Right of appeal to the supervisory authority

In addition to the rights mentioned above, you have the right to file a complaint about the processing of your personal data with the Office of the Data Protection Ombudsman as the supervisory authority. The contact details and opening hours can be found on the website of the Data Protection Ombudsman.

General description of the technical and organisational protection measures

The University as the Data Controller uses appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against damage or loss of personal data.