Common information
Metropolia University of Applied Sciences Ltd.
Business ID: 2094551–1
P.O. Box 4000, 00079 Metropolia
Myllypurontie 1, 00920 Helsinki
Phone: +358 9 7424 5000
Responsible Person for the Register
Riitta Konkola
President, CEO
Data Protection Officer
Suvi Väänänen
Email: tietosuojavastaava [at] metropolia.fi (tietosuojavastaava[at]metropolia[dot]fi)
General description of technical and organizational security measures to protect personal data and registers:
- Agreements regarding register protection have been established with system providers. Responsibilities are detailed in relevant agreements where necessary.
- Employees and other personnel are committed to confidentiality and are obligated to keep any personal data they process confidential.
- System providers (data processors) handle the storage of registers and related data in accordance with good data management practices and adhere to strict confidentiality.
- The confidentiality and security of personal data within registers are ensured through appropriate technical and administrative measures in line with good data management practices.
- Access rights and permissions for systems, tools, and other storage platforms are restricted to only those individuals whose duties require data processing.
- Employees authorized to access systems containing personal data receive proper training relative to their tasks.
- Each system user authenticates with personal credentials issued upon granting access. Access is revoked when the individual’s tasks at Metropolia no longer require such access.
- Data is stored in databases that are both logically and physically secured.
Databases and their backups are located in locked facilities, with access granted only to specifically designated individuals.
Personal data contained in Metropolia’s registers is not used for automated decision-making or profiling.
The data subject has the right to obtain confirmation from the controller as to whether or not personal data concerning them is being processed. Additionally, the data subject has the right to access their personal data stored in the register, as well as the right to review the data and receive copies of it. Requests can be made by contacting the contact points described in Section 3. When submitting a request, the data subject must verify their identity in a reliable manner. The controller must respond to the data subject's request to exercise their rights within one month of receiving the request, in accordance with the General Data Protection Regulation (GDPR).
A data subject can submit a data request to Metropolia by providing a carefully completed, printed, and personally signed data request form available on Metropolia’s public website and/or intranet. The form can be submitted either electronically to tietosuojavastaava [at] metropolia.fi (tietosuojavastaava[at]metropolia[dot]fi) or in person at Metropolia’s Myllypuro campus.
Right to access personal data
The data subject has the right to review what personal data concerning them has been stored in the personal data register.
Right to rectification and restriction of processing
The data subject has the right to request the controller to restrict processing if:
- The data subject disputes the accuracy of their personal data (right to rectification), and processing is restricted for the period necessary to verify the accuracy.
- The processing is unlawful, and the data subject opposes the deletion of their personal data and instead requests the restriction of its use.
- The controller no longer needs the data for processing purposes, but the data subject requires it for legal claims.
Right to erasure
The data subject has the right to have their personal data erased without undue delay if:
- The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
- The data subject withdraws consent, and there is no other legal basis for processing.
- The personal data has been unlawfully processed.
- The personal data must be erased to comply with legal obligations under EU or national law.
Right to data portability
The data subject has the right to receive their data in a structured, commonly used, and machinereadable format and to transfer the data to another controller, if technically feasible. This right applies to automated processing based on consent or a contract where the data subject is a party.
Right not to be subject to a personal data breach
The data subject has the right not to be subjected to a breach of personal data resulting from negligence in data protection by the controller or its processors. They also have the right to be informed without undue delay if the breach is likely to pose a high risk to their rights and freedoms.
Right to object to processing
The data subject has the right to object to the processing of their personal data based on their specific situation if processing is carried out for public interest tasks or the exercise of public authority. Processing must cease unless the controller demonstrates compelling legitimate grounds or if necessary for legal claims.
If processing is based on consent, the data subject has the right to withdraw their consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
The data subject has the right to lodge a complaint with the supervisory authority if they consider that the processing of their personal data violates applicable data protection regulations.
The national supervisory authority in Finland is the
Office of the Data Protection Ombudsman
Visiting address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: P.O. Box 800, 00531 Helsinki
Phone (switchboard): +358 29 56 66700
Email: tietosuoja [at] om.fi (tietosuoja[at]om[dot]fi)
Personal Data Registers by Data Controller
Privacy policies are constantly updated in a format that takes accessibility requirements into account.
- Customer Register of the 3UAS-libraries
- Metropolia’s register of entrance examination for Bachelor's degree programme in Nursing and Personal Data register of testing related to the implementation of the entrance examination
- Privacy Notice: Personal Data Register of Vallu Entrance Examination Service for Higher Education Institutions' Student Selection
- Personal Data Register of Get Work Vantaa Project’s career coaching service
- Personal Data Register of Helsinki XR Center
- Personal data register of the Hytke project of Metropolia University of Applied Sciences
- Personal data register of ICI Project in Metropolia
- Personal data register of ICI Project Research Material in Metropolia
- Personal Data Register of Metropolia’s A-STEP2030 Project
- Personal Data Register of Metropolia's BSGI Project (Baltic Sea Game Incubation)
- Personal Data Register of Metropolia's Healthy Boost Project
- Personal Data Register of Metropolia’s Living Game Intelligence Network
- Personal Data Register of Metropolia's TUTTU net - Product Developer's Test and Support Network - online service's personal data register
- Personal Data Register of Metropolia's Urban SOS-Project's Research Material
- Personal Data Register of Metropolia's Urban SOS-Project
- Personal data register of research and evaluation in Tokasa-project
- Personal Data Register of U!REKA’s annual conference
- Personal Data Register of Path to a diverse worklife -project
- Privacy Notice of U!reka European University
- Personal Data Register of Metropolia's Bit1 Student Game Competition
- MOVE ON -Project Privacy Notice