Name: Metropolia Ammattikorkeakoulu Oy
Business ID: 2094551-1
Postal Address: PL 4000, 00079 Metropolia
Visiting Address: Myllypurontie 1, 00920 Helsinki
Phone (switchboard): + 358 9 7424 5000
Data Protection Officer: Suvi Väänänen
Email: tietosuojavastaava@metropolia.fi
The purpose of processing personal data in the Scale Down project is to co-develop and build a physical and digital robotics testing platform, and to support the related reporting, coordination, communication, and dissemination of the projects results.
The processing is based on Article 6(1)(e) of the General Data Protection Regulation (GDPR):
In cases of communication and publication (e.g., photos, quotes), processing may be based on Article 6(1)(a): the data subject’s consent.
The data subjects of the personnel register include company representatives, project experts, students, and stakeholders participating in the project.
The data subjects of the personnel register include company representatives, project experts, students, and stakeholders participating in the project.
Personal data is primarily collected from the data subject themselves and the organizations involved.
Personal data from the personal data register is disclosed to the following recipient groups:
Personal data in the register is processed in various information systems and software, and access to the personal data contained in the register is granted as necessary, e.g., via a technical interface during maintenance tasks or in the event of a fault. The external system providers and service providers behind these tools can be considered recipients of personal data and regular disclosures.
As a rule, personal data contained in Metropolia University of Applied Sciences’ registers is not transferred outside the European Union (EU), the European Economic Area (EEA), or to international organizations.
However, transfers of personal data outside the EU or EEA may occur when necessary for the implementation of IT services essential for work or studies. Such transfers are assessed on a case-by-case basis. The most common destination country is the United States. In some cases, personal data may also be transferred to countries such as India, particularly in situations where global ICT service providers rely on offshore support functions such as Helpdesk or technical user support.
Any international data transfers from Metropolia’s personal data registers are protected by the safeguards set out in Chapter V of the General Data Protection Regulation (GDPR). These include:
SCCs are embedded in the relevant data processing or service contracts with third-party service providers. Only data that is strictly necessary for the performance of the relevant service is transferred. All transfers are carried out in compliance with applicable data protection legislation, and the security and confidentiality of the data are ensured through legally binding contractual arrangements.
Where data is transferred outside the EU or EEA, the transfer is approved by Metropolia as the data controller and preceded by a documented Transfer Impact Assessment (TIA). The SCCs are included in the contract with the service provider. Metropolia continuously monitors and assesses the data protection practices in recipient countries. Transfers may also be carried out using another legally valid mechanism explicitly approved in writing by Metropolia.
Personal data is retained for five years following the end of the project, i.e., until 31 December 2032. This retention period is based on requirements related to EU structural fund reporting, the Universities of Applied Sciences Act, and the Data Protection Act.
A data subject may submit a data request by providing Metropolia with a carefully completed, printed, and personally signed data subject request form, available on Metropolia's public website and/or intranet. The form can be submitted either electronically to tietosuojavastaava@metropolia.fi or in person at Metropolia's Myllypuro campus. If printing is not possible, provide similar information as requested in the form to tietosuojavastaava@metropolia.fi. You may be asked to verify your identity so that we can respond to the data request safely.
Metropolia's Myllypuro Campus
Myllypurontie 1, 00920 Helsinki
The response to a data subject request will be provided by Metropolia's Data Protection Officer. For additional information about the processing progress or the content of the response, the Data Protection Officer may be contacted.
According to the GDPR, the data controller must respond to a data subject's request to exercise their rights within one month of receiving the request.
Data subjects can submit requests regarding the following topics:
The data subject has the right to obtain confirmation from the data controller on whether their personal data is being processed. They are also entitled to inspect the personal data stored about them in the register and receive copies of the data.
The data subject has the right to request the controller to restrict processing in any of the following situations:
The data subject has the right to have their personal data erased from Metropolia's register without undue delay, provided one of the following applies:
The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
The data subject withdraws consent on which the processing is based, and there is no other legal basis for processing.
The personal data has been unlawfully processed.
The personal data must be erased to comply with a legal obligation under EU law or national legislation.
Not applicable.
The data subject has the right not to be subjected to a personal data breach, as defined in GDPR Article 33, due to negligence by the data controller or the processor handling personal data on behalf of the controller. The data subject has the right to be informed without undue delay if a personal data breach is likely to result in a high risk to their rights and freedoms.
The data subject has the right to lodge a complaint with the supervisory authority if the data subject considers that the processing of personal data concerning him or her violates applicable data protection regulations.
Office of the Data Protection Ombudsman
Visiting address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: P.O. Box 800, 00531 Helsinki
Phone: +358 29 56 66700
Fax: +358 9 56 66735
Email: tietosuoja@om.fi
