Privacy policy

1. Data Controller
Tampere University Foundation sr
FI-33014 Tampere University
Kalevantie 4, FI-33100 Tampere, Finland
Business ID 2844561-8

2. Contact person
Please send all inquiries to:
Atte Oksanen
+358 50 318 7279
atte.oksanen@tuni.fi

3. Data Protection Officer
dpo@tuni.fi

4. Name of the register
Sentiment 2020

5. Purpose of processing personal data and the lawful basis for processing
Purpose of processing: Sentiment 2020 survey study (academic research).
Lawful basis for processing:
☒ Consent
☐ Contract
☐ Legal obligation
☐ Vital interests of data subjects
☐ Public interest or the exercise of official authority
☐ Legitimate interests of the Data Controller

6. Contents
Study includes background information from participants such as age, gender and income. Background information does not include sensitive topics. Question on Twitter username is voluntary, and information is used only to collect behavioural data on Twitter usage and commenting (e.g. number of tweets, likes and positivity and negativity of the comments).

7. Sources of information
Survey will be collected from Amazon’s Mechanical Turk. Social media behavioural data will be collected through Twitter API.

8. Regular disclosure of data and recipients
Third parties do not handle the data.

9. Transfer of data outside the EU/EEA
If data is transferred outside the EEA, please describe the related data protection procedures
Will data stored in the register be transferred to a country or an international organisation located outside the EU/EEA:
☒ No
☐ Yes

10. Data protection principles
A manual data
B electronic data
Data encryption, passwords. Final data will not include per se any identifiers and all details that could reveal the identities of participants will be removed after data collection.

11. Data retention period or criteria for determining the retention period
Data collection period 1.4.2020–30.6.2020.

12. Existence of automated decision-making or profiling, the logic involved as well as the significance and the envisaged consequences for data subjects
The data stored in the register will be used to carry out automated decision-making, including profiling:
☒ No
☐ Yes, please specify:

13. Rights of data subjects
Data subjects have the following rights under the EU’s General Data Protection Regulation (GDPR):

  • Right of access
    • Data subjects are entitled to find out what information the University holds about them or to receive confirmation that their personal data is not processed by the University.
  • Right to rectification
    • Data subjects have the right to have any incorrect, inaccurate or incomplete personal details held by the University revised or supplemented without undue delay. In addition, data subjects are entitled to have any unnecessary personal data deleted.
  • Right to erasure
    • In exceptional circumstances, data subjects have the right to have their personal data erased from the Data Controller’s records (‘right to be forgotten’).
  • Right to restrict processing
    • In certain circumstances, data subjects have the right to request the University to restrict processing their personal data until the accuracy of their data (or the basis for processing their data) has been appropriately reviewed and potentially revised or supplemented.
  • Right to object
    • In certain circumstances, data subjects may at any time object to the processing of their personal data for compelling personal reasons.
  • Right to data portability
    • Data subjects have the right to obtain a copy of the personal data that they have submitted to the University in a commonly used, machine-readable format and transfer the data to another Data Controller.
  • Right to lodge a complaint with a supervisory authority
    • Data subjects have the right to lodge a complaint with a supervisory authority in their permanent place of residence or place of work, if they consider the processing of their personal data to violate the provisions of the GDPR (EU 2016/679). In addition, data subjects may follow other administrative procedures to appeal against a decision made by a supervisory authority or seek a judicial remedy.

The Data Controller follows a GDPR-compliant procedure for responding to subject access requests.