Skip to main content

Data Protection Notice

The University of Turku (hereinafter “UTU”, “we”, “us”, “our”) processes your personal data to organize, manage and follow up to the NoRNet2023 Conference titled “The Politics of Educational and Working Life Transitions: Intersectional Perspectives” on 4 and 5 October 2023 (hereinafter the ‘Conference’). The information we will collect will be that necessary to manage your booking or attendance at NoRNet2023-conference. This will consist of information that you provide to us when registering. The information required will be clearly set out in the registration.

We process your personal data based on Regulation (EU) 2018/1725 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data by the Union institutions and bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (‘the Regulation’).


  1. Controller

The University of Turku makes decisions on and is responsible for processing personal data for the purposes described in this notice; in other words, University of Turku is the registered controller of these data. The company that administrates participant data (Aboa congress & event), is the processor of personal data.

 Our contact details are:

University of Turku
FI-20014 University of Turku
Tel. +358 29 450 5040

The contact person for issues related to personal data processing is:
Leena Haanpää (Conference Coordinator)
University of Turku
FI-20014 University of Turku

The data protection officer (DPO) of the University of Turku, Onerva Steudle, can be contacted at the e-mail address


  1. The purpose of processing personal data

The personal data are used for the purpose of organising the conference and for   information activities associated with it.


  1. Legal basic of processing personal data

The processing of personal data is always based on valid legislation.

The legal basis of processing personal data for the purposes covered by this notice is: Performance of a task carried out in public interest (Article 6(1)(e) of the General Data Protection Regulation)


  1. What personal data are processed?

We process the following categories of personal data collected via the registration form:

  1. first and last name
  2. e-mail address
  3. phone number (optional)
  4. organisational affiliation (optional)
  5. occupation (optional)
  6. whether you plan to attend the conference virtually or in-person
  7. if you attend the conference or any social events organised by the ‘Conference’ in person, photographs and audio-video recording depicting you (optional)
  8. if you attend the conference in person, dietary restrictions (optional)
  9. if you attend the conference in person, special health needs (optional)
  10. if you attend the conference online and you are located outside of the EU/EEA area and in the absence of an adequacy decision pursuant to Article 45(3) of Regulation (EU) 2016/679, your consent for transfer of your personal data outside of the EU/EEA area to allow you to attend the conference remotely.


  1. What sources of personal data are used?

Conference participants complete the data in the registration system of the conference company (Aboa congress & event), which administrates the participant data. The conference company only discloses data to the team organizing the conference and parties who are essentially involved in conference organisation (hotels, restaurants etc.)


  1. Transfer or disclosure of personal data

No regular transfers of the data take place to parties outside “UTU”.


  1. Transfer and disclosure of personal data to non-EU/EEA countries

Personal data are processed as a rule within the EU.

If you attend the conference online from outside the EU/EEA area, some of your personal data (such as, IP or MAC address) will be transferred outside of the EU/EEA in order to allow for your participation at the conference. The legal basis for the transfer of personal data outside the EU/EAA in this case is article 50(1)(a) of the Regulation (‘the data subject has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards’).

Transferring personal data outside of the EU/EEA may create additional risks, because there may be a lower level of protection in the non-EU/EEA country of destination. This may have an impact on your ability to exercise your data protection rights, in particular to protect your personal data from unlawful use or disclosure. Potential risks include: 1) Unauthorised access to certain categories of personal data (such as  IP or MAC address) could lead to profiling and discrimination for having participated in the event; 2) The laws and practices of the non-EU/EEA country of destination may require to provide data to government agencies or permit access by such authorities.


  1. Storage of personal data

We do not keep your personal information for longer than necessary for the purposes for which we collected it. However, we may keep your information for a longer period for statistical purposes with the appropriate safeguards in place (data aggregation).

Your contact details submitted via the registration form will be kept for six months following the conference or at the latest after the last follow-up action.

Your dietary restrictions and special health needs will be deleted after the end of the conference.

The personal data processed by the processor for the pre-event production of conference badges will be deleted by the processor once the production is completed. 

Videos and photos of the conference and social events organised by the UTU will be archived after 10 years and will not be available on the UTU website any more after that period. Please note however that, once information, including personal data, is uploaded online, it can be used by third parties for their own purposes, in their own platforms, and sometimes without us being informed. In such cases, please note that it may not be possible for us, notwithstanding any implemented safeguards, to ensure removal from the internet after the retention period has expired.

If you would like us to delete your personal data provided via the registration form, we will erase your data from the main server two calendar weeks following your request. We will erase any remaining personal data pertaining to you from our backup server within maximum six weeks following your request. For more information, please see further down how you can withdraw your consent. Technical website’s visitor logs are kept for one year.


  1. Your rights when we process your personal data

You have the right to access your personal data and to relevant information concerning how we use your personal data. You have the right to request rectification of your personal data. You have the right to ask that we delete your personal data or restrict its use. Where applicable, you have the right to object to our processing of your personal data, on grounds relating to your particular situation. Where applicable, you have the right to your data portability. We will consider your request, take a decision, and communicate it to you. If you would like to exercise your rights, contact the data protection officer (DPO) of the University of Turku, Onerva Steudle (

You can also withdraw your consent regarding the processing of photographs and/or audio-video recording depicting you at any time by informing staff at the reception desk of the Conference.