Privacy notice for scientific research
1. Title, nature and duration of research
Title of research: Coexistence and conflict in the age of complexity: an interdisciplinary study of community dynamics (EmergentCommunity)
Duration of research: 1.1.2021-31.12.2025
Duration of data processing: Data processing will be going on till the end of 2027.
2. Data controller
Tampere University Foundation sr
33014 Tampere University
Kalevantie 4, 33100 Tampere
Business ID: 2844561-8
3. Principal investigator and contact person regarding the research registry
Dr. Eeva Puumala
TaPRI, Faculty of Social Sciences
Address: Kalevantie 5, 33014 Tampere University, Finland
Phone: +358 50 5135867
4. Contact information of the Data Protection Officer
The research will be done at the Tampere Peace Research Institute, Faculty of Social Sciences, Tampere University. The research team will include three post-doctoral researchers, a PhD researcher and a coordinator, in addition to the PI.
6. Content of research records
Data to be used in the project will include names, contact details, voice, and health information.
7. Sources of personal data
Data is being collected: from research participants themselves through interviews and through psycho-physiological measuring.
8. Purpose of processing personal data
The purpose of processing personal data is scientific research. The research studies how affective orientations shape community relations and dynamics in real life-like virtual reality environments. For this, it is vital to collect both interview data with information about the participants’ perceptions and understandings and health data that involves measuring autonomous arousal during immersion in the VR environments. The collection of personal data will be limited to an absolute minimum and the principle of data minimisation guides all phases of data collection.
The organisations listed in Section 1 serve as Joint Controllers that jointly determine the purposes and means of processing personal data.
The research goals and expected benefits or harm to the participants have been described in separate information sheets.
9. Lawful basis for processing personal data
- Public interest or the exercise of official authority
- Scientific or historical research purposes or statistical purposes
10. Sensitive personal data
The following types of sensitive personal data will be processed during the research project:
- Racial or ethnic origin
- Political opinions
- Religious or political beliefs
- Health data
No personal data concerning criminal convictions and offences will be processed during the research project.
Lawful basis for processing of sensitive personal data:
The processing activities are conducted for the purpose of scientific or historical research in the public interest, for statistical purposes, or in connection with the exercise of official authority
11. Transfer or disclosure of data to external parties
The data will not be transferred or disclosed to external parties.
12. Transfer or disclosure of data outside the EU/EEA
No data stored in the research records will be transferred to a country or an international organisation that is located outside the EU/EEA
13. Automated decision-making
Decisions will not be made by automated means.
14. Data protection principles
Protection of manual materials (e.g. paper documents):
- In a locked room
- In a locked cupboard
Protection of digital materials (e.g. information systems and equipment):
- multi-factor authentication (MFA)
- collection of log data
Processing of data that directly identifies an individual during the research project:
- Directly identifiable data will be removed during the analysis stage
- All data will be pseudonymised.
15. Processing of personal data after the research project has been concluded
The research records will be anonymised and archived without personally identifiable data.
Research data, e.g., video recordings, health information, and ethnographic notes, that cannot be archived, will be stored by the PI for a verification period of 5 years. After this it will be destroyed.
16. Data subjects’ rights and possible restriction thereof
Data subjects have the following rights under the EU’s General Data Protection Regulation (GDPR):
Right of access
- Data subjects are entitled to find out what information the University holds about them or to receive confirmation that their personal data is not processed by the University.
Right to rectification
- Data subjects have the right to have any incorrect, inaccurate or incomplete personal details held by the University revised or supplemented without undue delay. In addition, data subjects are entitled to have any unnecessary personal data deleted from the University’s systems.
Right to erasure
- In exceptional circumstances, data subjects have the right to have their personal data erased from the Data Controller’s records (‘right to be forgotten’).
Right to restrict processing:
- In certain circumstances, data subjects have the right to request the University to restrict processing their personal data until the accuracy of their data, or the basis for processing their data, has been appropriately reviewed and potentially revised or supplemented.
Right to object
- In certain circumstances, data subjects may at any time object to the processing of their personal data for compelling personal reasons
Right to data portability
- Data subjects have the right to obtain a copy of the personal data that they have submitted to the University in a commonly used, machine-readable format and transfer the data to another Data Controller.
Right to lodge a complaint with a supervisory authority
- Data subjects have the right to lodge a complaint with a supervisory authority in their permanent place of residence or place of work, if they consider the processing of their personal data to violate the provisions of the GDPR (EU 2016/679). In addition, data subjects may follow other administrative procedures to appeal against a decision made by a supervisory authority or seek a judicial remedy.
Office of the Data Protection Ombudsman
Street address: Ratapihantie 9, 6th floor, 00520 Helsinki, Finland
Postal address: PO Box 800, FI-00521 Helsinki, Finland
Switchboard: tel. +358 29 56 66700
Fax: +358 29 56 66735
Email address: firstname.lastname@example.org
The Data Controller follows a GDPR-compliant procedure for responding to subject access requests.