Menu

Close

Quick links

Privacy Notice for Suspected Violations of the Responsible Conduct of Research at Laurea

This privacy notice describes how personal data is processed in connection with suspected violations of the Responsible Conduct of Research (RCR) at Laurea University of Applied Sciences.

Controller

Laurea University of Applied Sciences Ltd
Ratatie 22, 01300 Vantaa, Finland

Contact person for the controller: President & CEO Jouni Koski – jouni.koski@laurea.fi
Person responsible for the register: Vice President Mari Vuolteenaho – rehtorintoimisto@laurea.fi
Data Protection Officer: Marjo Valjakka – tietosuoja@laurea.fi

Purpose and Legal Basis for Processing Personal Data

Laurea is committed to the guidelines for the Responsible Conduct of Research issued by the Finnish National Board on Research Integrity (TENK), which aim to promote reliable, transparent, and responsible research and development activities.

Personal data is processed for the purpose of investigating and resolving suspected violations of the Responsible Conduct of Research (RCR).

The processing of personal data is based on public interest and the exercise of official authority.

Categories of Personal Data and Regular Sources of Data

Suspicions of RCR violations are reported using a dedicated notification form.
The notifier provides the following personal data about themselves:

  • Name
  • Email address
  • Other voluntarily provided contact details and information relevant to the investigation

Regarding the person who is the subject of the suspected violation, the notifier provides the following information:

  • Name
  • Organisation
  • Known contact details
  • Other information relevant to investigating the suspicion

Additional personal data relating to the person suspected of the violation may be obtained from the person themselves during the course of the process.

Regular Disclosures and Transfers of Data

Notifications are addressed to the President of Laurea. The President may appoint a preliminary investigator and, if necessary, an investigation committee. The preliminary investigator or investigation committee may hear external experts during the process.
The notification of a suspected RCR violation, information on the initiation of the process, and related decisions with appendices are submitted to the Finnish National Board on Research Integrity (TENK).

Documents generated in the course of the procedure are, as a rule, public, unless their disclosure is specifically restricted by law.

Principles of Data Protection

The processing of personal data complies with Laurea’s information security and data protection guidelines. Personal data is accessible only to those individuals who need it to perform their work-related duties.

Processing of personal data is based on the performance of work-related tasks. Access restrictions are implemented through personal user rights and technical safeguards. Access to the systems requires a personal username and password. Granting of user rights is the responsibility of the system’s main user.
System providers acting as data processors are responsible, in accordance with contractual obligations, for the technical protection and information security of the personal data they process.

Retention Period

Documents containing personal data are, as a rule, retained permanently.

The retention period is based on a decision issued by the National Archives of Finland on 15 September 2017 (AL/20757/07.01.01.03.02/2016) under the Archives Act (831/1994), concerning the permanent preservation of data in higher education institutions’ information systems exclusively in electronic form.

Automated Decision-Making and Profiling

No automated analysis, decision-making, or profiling is carried out in the process for handling suspected violations of the Responsible Conduct of Research at Laurea.

Rights of the Data Subject

The rights of the data subject are determined in accordance with Articles 15–22 of the EU General Data Protection Regulation (GDPR).


Right of Access

A data subject has the right to inspect and obtain a written copy of the personal data concerning them.
Requests must be submitted in writing to rehtorintoimisto@laurea.fi.
The request must specify which data it concerns.

Right to Rectification

A data subject may request the rectification of inaccurate personal data.
Requests must be submitted in writing to rehtorintoimisto@laurea.fi, specifying which data the request concerns.

Right to Erasure

As the processing of personal data is based on public interest, the data subject does not generally have the right to have their personal data erased.
The data subject may request erasure if:

  • the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  • the personal data has been processed unlawfully; or
  • the personal data must be erased in order to comply with a legal obligation under EU or national law.

Right to Lodge a Complaint

The data subject has the right to lodge a complaint with the supervisory authority.
Office of the Data Protection Ombudsman
Visiting address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: P.O. Box 800, 00531 Helsinki
Switchboard: +358 29 56 66700
Registry: +358 29 566 6768
Email: tietosuoja@om.fi