Privacy statement

Privacy statement in accordance with the Personal Data Act (523/1999, §10 and §24) and the EU General Data Protection Regulation (EU 2016/679).

1 Controller

UniSport, University of Helsinki (Business ID 0313471-7)
PO Box 53 (Fabianinkatu 28)
00014 University of Helsinki
tel. +358 (0)2941 22151


2 Contact person for filing system-related matters

Director Mika Suikki
PO Box 53 (Fabianinkatu 28)
00014 University of Helsinki
tel. +358 (0)405787708, mika.suikki@helsinki.fi

3 Name of filing system

Customer data file for UniSport’s electronic service system (Yolla)

4 Purpose of processing personal data

The personal data collected into the data file is used for handling and developing customer relationships and for marketing purposes approved by the customer (including monthly customer newsletters). The personal data outlined in section 5 will be collected from the customers so that they can be granted the right to book and use the services of UniSport, and so that they can be notified about changes to or cancellations of the service they have booked if required. In addition, UniSport uses the data for developing business operations and for statistics and analysis.

5 Data content of the filing system

A customer’s first name, last name, date of birth, customer group (e.g. student, Faculty of Social Sciences, University of Helsinki), gender, phone number, email address, University username or UniSport username, barcode identifier for automated access control, and the customer’s reservations, payments, cancellations and participation data.

6 Normal data sources

Data provided to UniSport’s customer service or online service by the customer.

7 Regular disclosures of data

The data will not be disclosed to any third party. The system uses an online interface where customers can log in with their personal log in details and examine the data relating to them and their reservations and edit their preferences regarding marketing communications.

When using a University of Helsinki username to sign in, the customer may, if desired, link their reservation data in the UniSport service to their University of Helsinki My Studies account. If they choose to do so, information about the customer’s bookings is transferred into the calendar of the My Studies service. The customer may withdraw their consent at any time.

Data regarding unpaid fees and the customer information connected with these may be transferred to a collection agency.

Data is disclosed to Finnish authorities in accordance with current laws and regulations.

8 Transfer of data to outside the EU or EEA

Customers can examine their own data online, meaning that the data can be accessed anywhere in the world. The data will not be disclosed or transferred to any third party.

The MailChimp service is used for sending newsletters. A sufficient level of data protection is ensured by MailChimp.

9 Principles of filing system protection

Manual material: Customer data will only be stored in electronic form.

Data processed through automated data processing: The customer data file is located in premises monitored by the University of Helsinki. All data communications relating to customer data are encrypted. Only UniSport staff members are authorised to access customer data on an individual basis. Staff members are trained to process data in accordance with the law. Login details are deactivated when a person’s employment relationship finishes.

UniSport always signs a Data Processing Agreement (DPA) with any system providers that are external to the University of Helsinki, thus ensuring data protection for the customer.

Customers can only access their own data with their log in details.

10 Right of access

The system uses an online interface where customers can log in with their personal login details and examine the data relating to them.

11 Right to demand rectification of data

Notifications regarding incorrect data may be made to any UniSport customer service point, at which point the data will be corrected.