| 1. Data Controller
Tampere University Foundation sr
FI-33014 Tampere University
Kalevantie 4, FI-33100 Tampere, Finland
Business ID 2844561-8
|2. Contact person
Please send all inquiries to:
Name Atte Oksanen
Address Kalevantie 4, 33014 Tampereen yliopisto
|3. Data Protection Officer firstname.lastname@example.org|
|4. Name of the register
Hate and public sphere: Societal impacts and legal remedies
|5. Purpose of processing personal data and the lawful basis for processing
Purpose of processing:
The EU’s General Data Protection Regulation (GDPR) Article 6 (1) (lawfulness of processing), Article 9 (processing of special categories of personal data) and 10 (processing of personal data relating to criminal convictions and offences) and Data Protection Act Articles 4, 6 and 7.Lawful basis for processing:
☐ Legal obligation
☐ Vital interests of data subjects
☐ Public interest or the exercise of official authority
☐ Legitimate interests of the Data ControllerIf the basis for processing is Consent, describe how users can withdraw their consent: The Users can stop and withdraw from the survey at any point during the research without any specific reason.
The personal data processed in this research includes: gender, year of birth and field of science (Researchers) and political party (Council Members).The sensitive personal information processed in this research: Question regarding if the person has reported an offence (cyberhate or harrasment) to the police. There are no questions included regarding person’s own criminal convictions.
|7. Sources of information
Media professionals are contacted via HR departments of media companies and e-mail lists. Researchers receive a part of the personal data (name and email addresses) from universities’ HR department (details can be also be collected through universities’ public websites). Contact details for Council Members are collected from public websites. The rest of the personal data are given by the participants themselves in the survey (including gender, age, belonginess to a specific sensitive personal data group).
|8. Regular disclosure of data and recipients
Regular disclosure of data to third parties:
During the ongoing research, the data is not transferred outside the research group. After the research is concluded, the anonymized data will be achieved to The Finnish Social Science Data Archive.The Data Controller has signed a contract to outsource processing activities:
☐ Yes, please specify:
|9. Transfer of data outside the EU/EEA If data is transferred outside the EEA, please describe the related data protection procedures
Will data stored in the register be transferred to a country or an international organisation located outside the EU/EEA:
☐ Yes, please specify:
|10. Data protection principles
A manual data: The research does not include any manual data.B electronic data: Direct identifiable data is removed during the data analysis phase. Data is handled anonymously during each research process phase. The identifiable data (name and email address) are not associated with answers in LimeSurvey system at any point during the research process. Email addresses are used only to contact university researchers and municipality council members.
The data are stored in LimeSurvey system and in the university server can only be accessed by specific user names with passwords. The data are handled only by the research group.
|11. Data retention period or criteria for determining the retention period
The list of email addresses is stored only during the ongoing research process. Data protection is considered carefully.
|12. Existence of automated decision-making or profiling, the logic involved as well as the significance and the envisaged consequences for data subjects
The data stored in the register will be used to carry out automated decision-making, including profiling:
☐ Yes, please specify:
|13. Rights of data subjects
Data subjects have the following rights under the EU’s General Data Protection Regulation (GDPR):
– Right of access
o Data subjects are entitled to find out what information the University holds about them or to receive confirmation that their personal data is not processed by the University.
– Right to rectification
o Data subjects have the right to have any incorrect, inaccurate or incomplete personal details held by the University revised or supplemented without undue delay. In addition, data subjects are entitled to have any unnecessary personal data deleted.
– Right to erasure
o In exceptional circumstances, data subjects have the right to have their personal data erased from the Data Controller’s records (‘right to be forgotten’).
– Right to restrict processing
o In certain circumstances, data subjects have the right to request the University to restrict processing their personal data until the accuracy of their data (or the basis for processing their data) has been appropriately reviewed and potentially revised or supplemented.
– Right to object
o In certain circumstances, data subjects may at any time object to the processing of their personal data for compelling personal reasons.
– Right to data portability
o Data subjects have the right to obtain a copy of the personal data that they have submitted to the University in a commonly used, machine-readable format and transfer the data to another Data Controller.
Reasons for restriction: During the data collection phase, the participants have the right not to participate in the survey and they can ask to erase their indefinable data, name and email address from the LimeSurvey system. This means, the email address is destroyed and not stored any longer. The research data is handled anonymously throughout the research process. The answers are saved in the system anonymously and the identifiable data (name and email address) are not associated with answers in LimeSurvey system at any point during the research. Therefore, it is not possible to define any details to specific participants afterwards.
– Right to lodge a complaint with a supervisory authority
o Data subjects have the right to lodge a complaint with a supervisory authority in their permanent place of residence or place of work, if they consider the processing of their personal data to violate the provisions of the GDPR (EU 2016/679). In addition, data subjects may follow other administrative procedures to appeal against a decision made by a supervisory authority or seek a judicial remedy.The Data Controller follows a GDPR-compliant procedure for responding to subject access requests.