ReBel Event Privacy Policy

The following section describes how we process the personal data of Laurea stakeholders in ReBel project. This privacy policy is based on Laurea’s stakeholder privacy statement.

For the ReBel project, the stakeholders referred to in this privacy policy are participants of ReBel project events. The events aim to foster solidarity and promote sense of belonging among migrant women who have been in host countries for more than five years.

Data Controller(s)

Project Coordinator:
Laurea University of Applied Sciences, Ratatie 22, FI-01300 Vantaa, Finland

  • Controller’s contact person: Project Manager Suvi Valsta, suvi.valsta@laurea.fi
  • Data Protection Officer: Marjo Valjakka, marjo.valjakka@laurea.fi


Project partners:
• Vihreä Sivistysliitto Visio ry / Educational Centre Visio, Mannerheimintie 15B A, 00260 Helsinki, Finland
• What Design Can Do / What Design Can Do, Tweede Kostverlorenkade 123H, Amsterdam 1053 SE, the Netherlands
• Fundacion Euroarabe de Altos Estudios (Fundea) / Euro-Arab Foundation for Higher Studies, Calle San Jeronimo 27, Granada 18001, Spain

What personal data do we process and for what purposes?

Laurea’s co-operation projects are based on the obligation laid down in the Polytechnics Act (932/2014) to implement teaching and research, development and innovation activities in co-operation with business and industry, as well as other operating environments.

We process the following personal data for all event participants (“Contact Information”) in order to contact them on matters related to event organisation:

  • First and last name
  • Email address
  • Information on consent granted by the person to send them marketing materials
  • Event name
  • Registration date (in case of advance event registration)
  • Other voluntary data provided by the participant such as special diets for in-person events, Creative Collective challenge submissions or data related to applying to the challenge, and any data provided in a feedback questionnaire related to an event

In addition, we process other stakeholder personal data related to reporting the project’s results to its funder European Education and Culture Executive Agency (EACEA), EU, as follows:

  • First and last name: The impact of the project reported as “unique event participants” is a key performance indicator tied to in a CERV instrument project funding.
  • Gender: The impact of the project across genders is a key performance indicator tied to in a CERV instrument project funding.
  • Country of residence: The geographical reach and the country of residence of participants is a key performance indicator tied to in a CERV instrument project funding.

NB! Individual’s first and last names, gender, or countries of residence will not be reported to the funder in connection with their other personal information. Merely the total amount of persons anonymously from each respective gender and countries of residence per event will be reported.

On what basis do we process personal data?

The processing of personal data for project event registration is based on consent.

Where do we collect the personal data we process?

We collect the participant information that the participant themselves provides, using electronic or paper forms.

How long do we store personal data?

Project ends 2/2026 and after that project data, including personal data, will be archived according to Laurea’s Data Management Plan. Personal data of participants will be stored as long as is needed for auditing from the side of project funder and will be destroyed immediately after the auditing period and need to retain participant data has passed.

Marketing im­ple­mented by the project

With regard to electronic marketing implemented by the project, the legal basis for processing is the explicit consent given by the data subject. A data subject may withdraw their consent to the processing of personal data at any time and prohibit the use of their personal data for marketing and communication purposes.

Where do we disclose personal data?

In principle, no personal data will be disclosed to 3rd parties.
Personal data is not transferred outside the EU or EEA area.
No automatic decision-making or profiling is carried out on the basis of personal data.

How do we protect personal data?

The data security and data protection guidelines of Laurea University of Applied Sciences are followed in the processing of personal data. Personal data are accessible only to those who require the data in order to perform their job.

The restrictions of use are arranged through personal access rights and by means related to data communications. A user ID and password are required to access the systems. The administrator of the system is in charge of granting access rights.

System suppliers acting as processors of personal data are responsible for the technical protection and information security of personal data in accordance with the agreements.

The rights of data subjects

The rights of data subjects are determined in accordance with Articles 15–22 of the EU’s General Data Protection Regulation. The contact person for matters related to the rights of data subjects is Marjo Valjakka, Data Protection Officer at Laurea University of Applied Sciences, marjo.valjakka@laurea.fi

Right of access

Data subjects may request access to the data concerning themselves. The request is made in writing to the contact person in charge of the register above. The request must specify the data it concerns. When submitting a request, the data subject must also prove their identity in a reliable manner.

Rec­ti­fi­ca­tion

Data subjects may request the contact person in charge of the register to rectify their data.

Re­stric­tion of processing

The data subject has the right to restrict the processing,

  • if the data subject disputes the accuracy of the personal data, in which case the processing is limited to a period during which the controller can verify their accuracy
  • the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead
  • the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the establishment, exercise or defence of legal claims.

Porta­bil­ity of data that are based on consent

The data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a machine-readable format if the processing is based on consent and the processing is carried out by automated means.

Right to lodge a complaint with a data protection authority

The data subject has the right to lodge a complaint with the supervisory authority if the data subject considers that the processing of personal data concerning them is in breach of applicable data protection legislation. In Finland, the national supervisory authority is the Office of the Data Protection Ombudsman.

Scroll to Top