When your project handles personal data
When you use CSC's services to process personal data in your research project you need to select "We handle personal data in this project" when creating a project in MyCSC. Read what is personal data from the office of the data protection ombudsman web pages. After this, you will be presented with a GDPR Document, where you should describe your data processing activities.
In this form, you describe the personal data processing activities and the types of personal data you are processing. You also need to check a box if you handle special categories of data. Read more about sensitive data and about managing sensitive data on Research.csc.fi website.
This form is attached to your CSC project and serves as an instruction to processing personal data for CSC. If you do not know how to fill in the form, please contact the data protection officer of your organization (see the contact details at the end of this page). Note, that you can edit this description any time, or download it as a PDF file on the Project management page in MyCSC (see screenshot below).
Data processing agreement
The General Terms of Use for CSC's Services for Research and Education with data processing agreement and the description of processing activities together with the other materials mentioned in the data processing agreement, constitute a legally binding data processing agreement for the purposes of the EU General Data Protection Regulation (2016/679, the “GDPR”). All of CSC's users accept the Data processing agreement together with the General Terms of Use for CSC's Services for Research and Education when registering as users.
In the GDPR definitions, processing essentially refers to anything you can possibly do with someone’s personal information: collecting it, storing it, destroying it, etc. GDPR compliance requires data controllers (in this case You as a CSC's service user) to sign a data processing agreement with any parties that act as data processors on their behalf (in this case CSC acts as a data processor on you behalf when You use our services).
Filling in the data processing agreement and the GDPR Document are mandatory parts of contracting to use CSC’s Services for Research and Education, if personal data is processed.
Please refer to:
- The General Terms of Use for CSC's Services for Research and Education
- The Data Processing Agreement
- Service descriptions
- The CSC Data Policy
to find more detailed information on how we as a data processor protect your personal data.
Contact information of Finnish universities data protection / legal offices
| University | Contact information |
|---|---|
| Aalto University | tietosuojavastaava@aalto.fi Data Protection Policy |
| LUT University | dataprotection@lut.fi tietosuoja@lut.fi Data protection policy |
| University of Eastern Finland | tietosuoja@uef.fi Data protection policy |
| University of Helsinki | tietosuoja@helsinki.fi Data protection policy |
| University of Jyväskylä | tietosuoja@jyu.fi Data protection policy |
| University of Lapland | tietosuoja@ulapland.fi Data protection policy |
| University of Oulu | dpo@oulu.fi Data protection policy |
| University of Tampere | dpo@tuni.fi Data protection policy |
| University of Turku | dpo@utu.fi tietosuoja@utu.fi Data protection policy |
| University of Vaasa | tietosuojavastaava@uwasa.fi Data protection policy |