Privacy notice

Multilingual and intercultural competences are at the heart of internationalisation: the processing of personal data in the survey

PRIVACY NOTICE, 10 October 2020

Estimated duration of the project: from 1 January 2020 to 30 June 2025.
The survey is financed by the University of Jyväskylä.

In the project “Multilingual and intercultural competences are at the heart of internationalisation”, we aim at clarifying the possibilities and challenges involved in the implementation of students’ personal internationalisation plans. Internationalisation plans are piloted in this project as a cooperation between three faculties of the University of Jyväskylä (JYU) and the Centre for Multilingual Academic Communication (Movi). The pilot project has three stages and lasts from spring 2020 to spring 2021. The data collected during the pilot consist of recorded group discussions, written materials produced by students, and a survey answered by students and staff. The data are used in reporting the results as well as in scientific and professional presentations and publications related to the project. The collected data are also utilised in teaching and continuing education. Personal data and results are processed confidentially, in compliance with privacy legislation. Your personal details cannot be identified in the survey or the publications: at the reporting stage, the data are processed so that individual respondents remain anonymous.

Participation in the survey is voluntary, and you are not required to submit any information. You can interrupt your participation at any time. In this Privacy Notice, we describe the processing of personal data in more detail.

Students as well as teaching and administrative staff from all the faculties that participate in the pilot project (JSBE, Faculty of Sport and Health Sciences, Faculty of Education and Psychology) are recruited to the survey. The aim is to recruit about 200 people. The data are collected in the academic year 2020–2021.

We collect the following personal data about you:

1) Questionnaire: The unit in which you work/study, your job title at JYU, and your questionnaire answers.

2) Group discussion: recordings (audio and/or video), notes based on the discussion, and materials produced by the participants.

The participants have been given a direct link to this Privacy Notice. When you answer the questionnaire or participate in the group discussion, you give consent for participation in the study.

The results of the study will be reported in autumn 2021 on the project website, where you will also find information about other publications.

The legal basis for processing personal data

The purpose of the survey is to develop university-level teaching in compliance with the Universities Act (Section 2.2), which requires that universities arrange their activities so as to ensure a high international standard in, for example, education and teaching in conformity with research integrity. Therefore, the processing of data is necessary for compliance with a legal obligation [EU General Data Protection Regulation GDPR 2016/679, Article 6(1)(c)]. In so far as processing cannot be based on the Universities Act, it is necessary for the performance of a planning and investigation task carried out in the exercise of official authority (GDPR 6(1)(e); Data Protection Act 1050/2018, 4.1.2).

Transfer of personal data outside the EU/EEA

Your data are not transferred outside the EU/EEA in the survey.

De-identification of data

Direct identification data will be removed as a protective measure when generating the data (pseudonymised data, in which case persons can be later identified on the basis of a code or similar data, and new data can be merged with the data). Identifiers are removed from group discussion data when transcribing them. Participants’ identity is protected through image processing in potential videos.

Personal data processed in the survey are protected

JYU requires that everyone processing personal data have completed training for the task. User rights and authorisations are granted only to the extent required by the employees’ duties. The use of information systems is controlled by logging. The information security of the information systems is reviewed on a regular basis.

The University conducts self-assessments or orders audits from third parties in order to evaluate the level of cooperation partners’ and/or subcontractors’ data protection, information security and risk management. In compliance with the General Data Protection Regulation, data processing agreements are signed with all processors of personal data.

The University uses camera surveillance and access control in its premises.

Any alleged criminal action will be reported to the police for investigation.

The University implements information security according to the information security practices of the state administration and the ISO 27000 standard. For more information on the information security principles of the University of Jyväskylä, see

Personal data will be protected by means of
user name password registered use (electronic data are processed only by persons who have a separate right to work in the project and use its data, e.g. research assistants’ employment contracts) access control (physical facilities)

The researchers have completed data protection and information security training.

Agreements have been signed with research assistants and/or processors/joint controllers of personal data.

The processing of personal data after the study
The research register will be erased by 1 July 2025.

Controller and researchers

The controller for this study is:

University of Jyväskylä, Seminaarinkatu 15, P.O. Box 35, 40014 University of Jyväskylä. Tel. +358 14 260 1211, Business ID 0245894-7.

Data protection officer of the University of Jyväskylä: tietosuoja(at), tel. +358 40 805 3297.

Scientist in charge: Peppi Taalas, +358 50 5541 720,, Seminaarinkatu 15, P.O. Box 35, 40014 University of Jyväskylä.

Contact person(s): Lotta Kokkonen, +358 40 805 3148,, Mattilanniemi 6, P.O. Box 35, 40014 University of Jyväskylä.

Researchers: Personal data are processed by persons who have a contract with the university, and they participate in either data collection, data analysis, or the reporting of results. For further information on the persons, please contact the scientist in charge.

Processors of personal data: In the survey, we use personal data processors whom JYU has found to comply with information security policies and who have signed a data protection agreement. The current processors are the Webropol survey software provider and Microsoft. This Privacy Notice is published on the project website (, where we update potential changes related to personal data processors.

Rights of data subjects

Right to access data (Article 15, GDPR)

You have the right to obtain information about whether your personal data are processed, and which personal data are processed. If you want, you can also request a copy of the personal data processed in the study.


Right to have data rectified (Article 16, GDPR)

If there are inaccuracies or errors in your personal data processed by us, you have the right to request their rectification or supplementation.


Right to erasure (Article 17, GDPR)

You have the right to request your personal data be erased in certain situations.

Right to the restriction of processing (Article 18, GDPR)

You have the right to restrict the processing of your personal data in certain situations, such as if you deny the accuracy of your personal data.

Right to object (Article 21, GDPR)

You have the right to object to the processing of your personal data if the processing is based on public or legitimate interest. As a result, the university cannot process your personal data unless it can prove that processing is based on a highly important and justified reason that supersedes your rights.

Derogation from the rights of data subjects Derogation from the aforementioned rights is possible in certain individual situations on the basis of the GDPR and the Finnish Data Protection Act, insofar as the rights prevent or significantly complicate the realisation of scientific or historical research purposes or statistical purposes. The need for derogation must always be assessed separately for each situation.

Profiling and automated decision-making
In this study, your personal data will not be used in automated decision-making. Here the purpose of the processing of personal data is not to assess your personal characteristics (i.e. profiling). Instead, your personal data and characteristics will be assessed from the perspective of broader scientific research.

Executing the rights of data subjects If you have questions on the rights of data subjects, please contact the university’s data protection officer. All requests concerning the execution of the rights must be submitted to the Registry Office of the University of Jyväskylä. Registry Office and Archive, P.O. Box 35 (C), 40014 University of Jyväskylä, tel. +358 40 805 3472, email: kirjaamo(at) Street address: Seminaarinkatu 15, Building C (Main Building), floor 1, room C 140.

Any data breaches or suspicions of data breaches must be reported to the University of Jyväskylä.

You have the right to file a complaint with the supervisory authority of your permanent place of residence or employment if you consider that the processing of personal data is in breach of the GDPR (EU 2016/679). In Finland, the national supervisory authority is the Data Protection Ombudsman.

Office of the Data Protection Ombudsman
Ratapihantie 9, floor 6, 00520 Helsinki, P.O. Box 800, 00521 Helsinki
Tel. +358 29 566 6700
Email (Registry):