In accordance with the EU General Data Protection Regulation (GDPR), this is the privacy statement for the Digivision 2030 project website (digivisio2030.fi). Drafted on 27 April 2022.
This privacy statement applies to the use of the www.digivisio2030.fi online services.
1. Controllers
The Digivision 2030 project parties together (Finnish higher education institutions).
2. Contact point
Commissioned by Finnish higher education institutions, CSC – IT Center for Science Ltd. (“CSC”), Digivision 2030 project office digivisio @ csc.fi.
3. Name of register
Digivision 2030 project (hereinafter Digivision) personal register of the public website (https://digivisio2030.fi/en/frontpage/).
4. Legal basis and purpose of processing personal data
Digivision collects personal data on the users of its public website (https://digivisio2030.fi/en/frontpage/). Digivision is committed to complying with the requirements of data protection legislation in the processing of personal data. The purpose of processing personal data is the technical maintenance and development of the Digivision websites as well as the maintenance, analysis and development of website content communications and marketing.
The processing of personal data in the personal data register of Digivision’s public website is based on the consent of the data subject.
When a visitor visits the Digivision public website, a notification icon/dialog box appears, which requires the visitor’s consent to collect cookies. If the visitor does not give their consent, their computer or other Internet-connected device will not be monitored.
The data is not used for automated decision-making or profiling.
5. Data content of the register
“Cookies” may be occasionally transferred to the visitor’s computer on the Digivision public website.
Cookies can be used to collect data on, for example: from what page a website visitor has come to the digivisio2030.fi address; the websites the visitor has browsed and when; the browser used by the visitor; the resolution and operating system of the visitor’s screen; and the IP address of the visitor’s computer, i.e. where the information sent from the Internet address comes from and where it is received.
The IP addresses of the website visitors and the cookies necessary for using the service are processed based on legitimate interest, for example, in order to ensure data security and to collect statistical data on website visitors in cases where it can be considered personal data. If necessary, consent for third-party cookies is requested separately.
The Matomo application is used for user statistics and analytics on the digivisio2030.fi website: https://matomo.org
We use Matomo to collect anonymized information on the use of the digivisio2030.fi website in the following cases:
- Total utilization per hour, day, week and month
- The types of devices used to access the website (for example, mobile or desktop devices)
- The screen resolution used for the website
- The web browsers used for the website (Chrome, Firefox, Edge, Safari, etc.)
- Number of times individual web pages on the website are accessed
- The extent to which the website is accessed directly or through the search results of a search engine
- The duration of the website visit
No analytics data is disclosed to third parties.
Under the Information Society Code (917/2014), cookies are used on this website without violating the service user’s protection of privacy. Cookies are not used to link website visitors to personal data or contact details. Cookies are not used to examine or copy the visitor’s terminal device data. The information collected by cookies is sent without any personal data so that we can track our site usage trends.
If so desired, users may disable cookies in their browser settings. However, this may interfere with the functioning of the website. For more detailed instructions on deleting cookies, see your browser’s help section.
6. Regular disclosure of data and transfer of data outside the EU or EEA
Data is not regularly disclosed to other parties.
Data can also be transferred by the controller outside the EU or EEA. Data will not be transferred to the United States without the explicit consent of the data subjects.
7. Principles for protection of the register
Due diligence is observed in the processing of the register, and all data processed with the use of information systems is appropriately protected. When register data is stored on Internet servers, adequate measures are taken to ensure the physical and digital security of their equipment. The controller shall ensure that stored data, server access rights and other personal data critical to the security of personal data are treated in a confidential manner and only by employees whose job description includes it.
8. Right of access and right to rectification
Each person in the register has the right to check their data stored in the register as well as the right to rectification of inaccurate personal data concerning them and to have incomplete personal data completed. If a person wishes to check the data concerning them or to demand rectification, the request must be submitted in writing to the controller. If necessary, the controller may ask the person making a request to prove their identity. The controller shall respond to the customer within the time period laid down in the EU General Data Protection Regulation (usually within one month).
9. Other rights related to the processing of personal data
A person in the register has the right to request the erasure of personal data concerning them from the register (“right to be forgotten”). Data subjects also have other rights under the EU’s General Data Protection Regulation, such as restricting the processing of personal data in certain circumstances. Requests must be submitted in writing to the controller. If necessary, the controller may ask the person making a request to prove their identity. The controller shall respond to the customer within the time period laid down in the EU General Data Protection Regulation (usually within one month).