Experiences from Accessible Gaming Event - Privacy Notice

Privacy notice for scientific research 06.11.2025

EU General Data Protection Regulation (EU 2016/679), art. 12, 13, 14

1. Title, nature and duration of research

Title of research:  Over the Barriers – Experiences from Accessible Gaming Event

Nature of research: Online Survey

Duration of research and duration of data processing: The data will be preserved until end of 2030.

2. Data controller

Tampere University Foundation sr

• Street address: Kalevantie 4, 33100 Tampere
• Postal address: FI-33014 Tampere University
• Business ID: 2844561-8

3. Contact person regarding the research registry and responsible of the research

• • Pauliina Baltzar, Faculty of Information Technology and Communication Sciences, Tampere University, Finland, pauliina.baltzar@tuni.fi

4. Contact information of the Data Protection Officer

 dpo@tuni.fi

5. Researchers

TACCU Researchers will be responsible of the research and will have access to the data.

6. Content of research records

No directly identifying personal data, in other words direct identifiers, will be collected in the research questionnaire. As indirectly identifying data, we will collect demographic information such as age group and disability status.

7. Sources of personal data

The research material is collected in its entirety from the respondents themselves with an online survey.

8. Purpose of processing personal data

The purpose of processing personal data is to support research on accessible gaming by collecting insights from participants of the Over the Barriers event. The data will be used to understand attendees’ experiences with accessible gaming tools, identify areas for improvement, and inform the development of future events. Additionally, the research contributes to broader knowledge on accessibility in gaming and interactive technologies.

9. Lawful basis for processing personal data

The lawful basis for processing under the EU’s General Data Protection Regulation, Article 6 Paragraph 1, and the Personal Data Act, Section 4: Public interest or the exercise of official authority:

Scientific or historical research purposes or statistical purposes

10. Sensitive personal data (special categories of data and criminal records)

No sensitive personal data nor criminal convictions or offences will be processed in the research.

Lawful basis for processing of sensitive personal data

The lawful basis for processing under the EU’s General Data Protection Regulation, Articles 9 (special categories of personal data) and 10 (personal data relating to criminal convictions and offences), and the Personal Data Act, Sections 6 and 7:

Scientific or historical research in the public interest, statistics, or the exercise of official authority.

11. Transfer or disclosure of data to external parties

Personal data will not be transferred from the person conducting the research to anyone else during the research.

12. Transfer or disclosure of data outside the EU/EEA

The data in the research register will not be transferred to a third country or to an international organization outside the EU or the EEA region.

13. Automated decision-making

Decisions will not be made by automated means.

14. Data protection principles

Manual material will not be collected.

Protection of digital materials

The collection, processing, and storage of the digital research material is done using Tampere University’s digital services, which are protected by a username, password, and partly multifactor authentication (MFA), and with Tampere University’s digital device, which is protected with a username and password. The username and password are personal and only known by the persons conducting the research.

Processing of direct identification data

Direct identifications will not be composed with research answers.

The collection, processing, and storage of the digital research material is done using Tampere University’s digital services, which are protected by a username, password, and partly multifactor authentication (MFA), and with Tampere University’s digital device, which is protected with a username and password. The username and password are personal and only known by the persons conducting the research.

Protecting data in transit

Data will not be transferred from the person conducting the research to other persons. The communication between the device and the digital services used in the work takes place using a WPA2-secured network connection. In addition, the device and the digital services are protected by a username and password, and partly by multi-factor authentication (MFA).

15. Processing of personal data after the research project has been concluded

The research register will be anonymized and archived without personally identifiable data. The data will remain in TACCU’s archives. When anonymized, the material no longer contains personal data and therefore does not form a personal register.

16. Data subjects’ rights and possible restriction thereof

Because no directly identifying personal data, in other words direct identifiers, are collected in the research, it is not possible to identify an individual data subject in the research register. Therefore, it is not possible to realize the following data subject’s rights:

• Right to inspect data (right to access personal data)
• Right to correct data
• Right to erase data
• Right to restrict processing
• Right to object
• Right to transfer the data from one system to another

The data subject instead has, where applicable:

• Right to lodge a complaint with a supervisory authority

Data subjects have the right to lodge a complaint with a supervisory authority in their permanent place of residence or place of work, if they consider the processing of their personal data to violate the provisions of the GDPR (EU 2016/679). In addition, data subjects may follow other administrative procedures to appeal against a decision made by a supervisory authority or seek a judicial remedy.

Data Protection Ombudsman Contact Information:

• Street address: Lintulahdenkuja 4, 00530 Helsinki
• Postal address: PL 800, 00531 Helsinki
• Switchboard: 029 566 6700
• Email address: tietosuoja@om.fi
• Other contact information: https://tietosuoja.fi/en/contact-information

The Data Controller follows a GDPR-compliant procedure for responding to subject access requests.