Personal Data Act (523/1999), sections 10 and 24
1. Controller
University of Helsinki
Business Identity Code: 0313471-7
PO Box 53 (Fabianinkatu 32)
00014 UNIVERSITY OF HELSINKI
Phone: +358 2941 911
2. Contact person
Jere Reinikainen / Elina Ekholm
Email: firstname.lastname@helsinki.fi
3. Name of register
Customer register of the University of Helsinki’s online payment service
4. Purpose of processing personal data
To process and invoice orders as well as manage customer relationships; use of the online payment service does not require registration.
5. Data content of the register
For the purposes of customer relations and order processing, the first and last name of the customer, the e-mail address and the language used in the transaction are stored in the register. In addition, the online payment service order data includes information provided by the customer when placing an order, such as the product content of the order, additional information on participation in an event/conference and the payment method of the order.
6. Regular sources of data
As a rule, disclosed by the Customer
7. Retention period of personal data
The retention period of personal data is based on the retention period of accounting records and receipts as specified in the Accounting Act. According to the Accounting Act, supporting documents must be kept for at least six years after the end of the accounting period. The material required by the Accounting Act is stored on the designated server of the University of Helsinki. The personal data of orders to the online payment service itself are automatically anonymised two years after the order.
8. Regular disclosure of data and the transfer of data outside the EU or the European Economic Area
No data will be disclosed or transferred outside the EU or the European Economic Area unless it is necessary for the provision of the service.
9. Principles for protecting the register
The register will not be disclosed to third parties. The right to use the register requires user rights determined by the University of Helsinki, and the register is located on a University of Helsinki server protected by a firewall and user authorisation.
Information will be distributed both internally and externally to the following groups:
• University of Helsinki staff who need the information to perform their work tasks
• Authorities as required by law (e.g., social services and tax authorities)
• Partners and subcontractors (e.g., parties related to payment and delivery) necessary to process orders and manage customer relationships
Access to the information in the register can only be granted to pre-determined members of the register controller’s staff whose job description includes processing the information. These staff members are bound by confidentiality.
10. Right of access and its exercise
Those registered can access the information about them in the register. Signed access requests must be submitted in writing to the controller’s contact person.
11. Data rectification and its implementation
Those registered can request the rectification of erroneous information in the register. Written rectification requests must be sufficiently detailed.
Rectification requests must be addressed to the controller’s contact person.