Privacy notice


General Data Protection Regulation (2016/679),  

Articles 13 and 14  

Created: 17.9.2020  

  1. The Registrar 

University of Vaasa  

Wolffintie 34  

65200 VAASA  

Business ID: 0209599-8  

Tel: 029 449 8000 



  1. Representative and liaison officers of the controller 

Project leader: Ilkka Luoto 


Tel: 029 449 8383 


  1. Data protection Officer 

Sami Kinnunen  

Tel: 0294498060  


  1. Nameof the register  

Name of the studyPaikkaperustaiset innovaatiot asuinalueiden kehittämisessä – Kaksoistapaustutkimus Vaasan Olympiakorttelista ja Ristinummesta (Lähiö-Inno). [Place-based innovations while developing residential areas – A double case study of the Olympic quarter and Ristinummi in the city of Vaasa] 

  1. The purpose for the processing of personal data 

The aim of this study is to investigate segregation and resident-inclusive user innovations. The aim of this survey is to gather information and experiences of the areas in question, Olympiakortteli and Ristinummi. The information might also be used to contact the respondents for example via email, if consent to this is given via the survey. 

  1. Legal basis for the processing of personal data 

The processing of personal data is necessary for scientific research purposes in the public interest based on section 4, paragraph 3 of the Data Protection Act (1050/2018). 

The juridical basis for the collection of personal data is therefore: 

  • Processing of personal data is necessary for the performance of a task carried out in the public interest. 
  1. Information content and retention periods 

The following information will be collected via the Webropol-survey: 

  • First and last name 
  • Place of living 
  • Email-address 
  • Phone number 

It is voluntary to give up personal information. The survey is also possible to be done anonymously. 

The personal information will be stored for the duration of the project, which is until the end of the year 2022. If immediate follow-up projects appear, where the personal information is needed, the information may be stored for the duration of that follow-up project, until the end of the year 2023. Other anonymous information from the answers will be kept for good for research purposes. 

  1. Where the personal data required for processingis obtained

Respondents provide the information themselves via the Webropol survey. 

  1. Transfer of personal data 

Personal data will not be transferred to other parties. 

Personal data will be handled in the Webropol-system. 

Webropol Oy 

Business ID/: 1773960-2 

Huovitie 3, 00400 Helsinki 

0201 552 150 | 


The research group of this project, in appropriate settings, will view the personal data. The research group can be viewed at: 


  1. Transfer of data outside the EU or EEA 

No data will be transferred outside of the EU or EEA.  

  1. Protection of personal data 

As the controller, the University shall take appropriate technical and organizational measures to protect personal data against unauthorized or illegal processing and against damage or loss of personal data.  

  • Manual material
    • Personal data is protected against unauthorized access and unauthorized processing (e.g. destruction, alteration or disclosure). Each processor can only process the personal data he/she needs in the course of his work.
    • Documents are kept protected from outsiders in a locked room. Documents are printed only when necessary and paper prints are destroyed after use.  
  • Data processed automatically
    • All data processing is based on access rights, which depend on the person’s role and position in the organization, and, if necessary, on the licenses granted separately by the responsible body of each registry. The validity of the licenses is checked daily. 
    • IT systems and services have been protected from unauthorized access in accordance with good industry practice, their operational capacity has been ensured to the necessary extent and their life cycle has been managed.  


  1. Automateddecision making 

No automatic decisions are made 

  1. Rights of data subjects 

The data subjects have  

  • theright to check with the controller what personal data concerning him or her have been stored in the register  
  • theright to demand that incomplete personal data be supplemented and that the University of Vaasa corrects inaccurate and erroneous personal data concerning the data subject without undue delay  
  • theright to have their personal data deleted without undue delay, provided that: 
    • personal data are no longer needed for the purposes for which they were collected or for which they were otherwise processed
    • the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing
    • personal data has been processed unlawfully
    • personal data must be deleted in order to comply with a legal obligation under European Union law or national law.  
  • restrict and oppose processing if
    • the data subject disputes the accuracy of his/her personal data
    • processing is unlawful or the data subject opposes the deletion of his or her personal data
    • the controller no longer needs such personal data for the purposes of processing, but the data subject needs them in order to establish, present or defend a legal claim
    • the data subject has objected to the processing of personal data pursuant to Article 21 (1) pending verification that the data subject’s legitimate grounds override the data subject’s grounds.  
  • the right to withdraw consent  
  • the right to withdraw his or her consent at any time, without prejudice to the lawfulness of the processing carried out on the basis of the consent before its withdrawal, if the processing of personal data is based on the data subject’s consent. The data subject also has the right to make a complaint with the supervisory authority. 

The data subject may have the right to transfer data from one system to another in the case of data to which that right applies. The Data Protection Officer provides advice and guidance on matters related to the data subject’s rights.  

  1. Other parties to be informed 

The use of the service generates log entries, which are used to ensure the information security of the service, the technical development of the service and the detection, prevention and resolution of fault situations (Information Society Code (917/2014) 138§, 141, 144, 272). The logs are kept for the time required for these purposes and are not used for any other purpose.  

  1. Modification of the Privacy Statement 

The University of Vaasa is constantly developing its operations and reserves the right to update this privacy statement. Changes can also be based on changes in legislation. We recommend that you check this notice from time to time.  

In the case of significant changes where our privacy statement changes substantially, we may also notify you in other ways before the change takes effect.  

This privacy notice was last updated 20.10.2020