Skip to content

Research permits

Register controller and contact information

Diaconia University of Applied Sciences, P.O. Box 12, 00511 Helsinki

Data protection officer’s e-mail:

What is the purpose of processing personal data?

Diak processes data about those people who apply for a permit to use Diak, its students or staff as a subject for research or development. Personal data is used for processing the research permit application in question and contacting people in connection to it, for example to notify the applicant of the decision on the research permit.

What is the basis for processing the data?

The bases for processing personal data are legal obligations (Universities of Applied Sciences Act, etc.), performing a task in the public interest and exercising public authority. In some cases, the basis for processing can also be the consent of the data subject.

Whose personal data does the register contain?

The research permits personal data register contains data about research permit applicants, authors, those responsible for the research, research supervisors and research permit processors.

Where was the data collected?

Data is collected from research permit applicants and from the research application documents that they have provided.

What personal data does the register contain?

The research permit personal data register contains, among other things, the following information:

  • Research details
  • Name and contact details of research permit applicant
  • Research supervisor’s details
  • Research authors’ names
  • Research sponsor’s details.

Other personal data may also be processed if it is included in the research permit application documents.

How long is personal data stored in the register?

In general, data is stored for 20 years in an electronic system that deletes them automatically at the end of the storage period in accordance with Diak’s information management plan. Older materials are stored in paper format and disposed of at the end of the storage period. Some materials are stored permanently by order of the Finnish National Archive.

How is data protected?

Digital materials: Materials are received via email and processed only in digital format in Diak’s decision-making and case management system, which is protected with personal user IDs, limitations of access rights and other IT measures.
Paper materials: Paper materials are not collected, but if they are created, they will be stored in a locked space with access control. When the paper material is no longer needed, it is taken for disposal in a locked trash container (“data protection bin”).

Will the data be disclosed to external parties?

Personal data will not be disclosed outside of Diak, but Diak may contract external processors, who will process personal data. An external processor may be an IT system supplier, for instance.

Is the data subject to automatic decision-making?

Systems using the register do not have automatic decision-making functions.

Will data be transferred outside of the EU/EEA?

As a rule, the personal data contained in the register is not transferred outside the European Union or the European Economic Area or to international organisations. However, due to the international nature of the operations, Diak may use resources, applications and servers located outside the EU or EEA when providing the services. In these cases, Diak ensures that there is a legal basis for the transfer of data and that personal data is protected, for example by requiring standard contractual clauses approved by the EU Commission and compliance with appropriate technical and organizational security measures. In addition, where appropriate, a TIA assessment will be carried out in connection with such data transfer, as well as monitoring the overall level of data protection in known countries. In all cases, the data transfer is carried out in accordance with the General Data Protection Regulation and only to the extent strictly necessary.

What rights do I have?

You have the right to information on how and for what purpose your personal data will be processed. You can also request access to records of your personal data, and request that incorrect information be rectified.

You can also submit a request to delete your data or restrict its use. However, in some cases the data cannot be deleted or its use restricted, for example if the personal data is being processed to fulfil a legal obligation, complete a task in the public interest orexercise public authority vested in Diak.

In certain situations, you also have the right to transfer the personal data you have provided to us to another controller or to object to the processing of your personal data, i.e. to request that we do not process them at all. In addition, you may request that we do not make a decision on your part based solely on automated processing of personal data.

If you would like to know more about the processing of your data or exercise your rights, you can contact Diak’s Data Protection Officer ( or submit a request using the form found on Diak’s website

You also always have the right to lodge a complaint with a supervisory authority. If necessary, you can also contact the Data Protection Ombudsman, a government official who supervises the processing of personal data in Finland.

Contact information:
Office of the Data Protection Ombudsman
P.O. Box 800, 00531 Helsinki
Tel. +358 29 566 6700

General advice for individuals: Tel. +358 29 566 6777