NPO TTÜ Student Campus´Privacy Policy

Contact information of the processor of personal data
TTÜ Student Campus NPO
Registry Code: 80131259
Address: Raja Str. 4D, Tallinn 12616

Application of personal data processing

NPO TTÜ Student Campus has committed itself to protect the privacy of its clients and users by processing personal information in accordance with the requirements of the legislation and by applying all precautionary measures to protect personal data.

Personal data to be processed

Personal data is considered to be all information relating to an identified or identifiable natural person.  The personal data to be processed by NPO include, inter alia, the following types of data and changes made to these data types:

• name and surname, date of birth (dd/mm/yyyy), citizenship, document no
• address (street, city, ZIP code, country), phone, e-mail
• purpose of visit (business, leisure, conference)
• vehicle no

While using Wi-Fi internet connection, personal data and public information of Facebook and/or Gmail will be collected as follows:

• Facebook ID or Gmail address
• Person’s name
• IP address of the device
• MAC address of the device

Objectives for the processing of personal data and data retention

Processing personal data is necessary for the implementation of a contract. NPO will process the personal data for the following purposes:

• providing accommodation services and forwarding information about accommodation
• invoicing;
• client communication, incl. contacting for forwarding operational information;
• fulfilment of obligations arising from legislation;
• improving the service;
• protecting its rights;

NPO maintains personal data for as long as it is legally required or reasonably necessary for the purposes for which the NPO has the right to process data. Wi-Fi service’s user data is collected and stored on the Ruckus SmartZone Wi-Fi controller, which is located in the service provider’s secure Tier II data centre.

Forwarding personal data to third parties

NPO is the liable processor of personal data. NPO does not forward personal data to third parties without the prior consent of the client, except on the bases provided by legislation. NPO can forward personal data received from the clients to the following parties:

• Authorized processors, i.e. persons processing the personal data of NPO’s clients on the behalf of NPO (OIXIO AS, Tallinn University of Technology, Zone Media OÜ, FORUS Security AS, Hotellinx Baltics OÜ);
• Surveillance and investigative authority.

Authorized processors are required to take all precautionary measures to protect the personal data of the clients, to keep distributed information confidential and to process personal data in accordance with the limits set by the legislation.

Personal data received by Wi-Fi authentication is not processed or sent to third parties. The data will only be used if there is a reason to suspect that a specific Wi-Fi user is causing problems in the network (cyber-attacks, spreading viruses, etc.). Once the person of concern has been identified, the stored contact information will be used to contact and warn the user.

Safety

The NPO implements all measures (including organizational, physical, IT security measures) for the protection of personal data that is being processed. Access to the modification and processing of personal data is restricted to authorized persons and the personal data of all NPO clients and users is treated as confidential.

Access to personal data, correction of data

The client can see the personal data collected about him/her by logging in to e-Campus information system. The client has the right to demand the correction of his/her inaccurate data. If the client feels that the processing of personal data has violated his/her rights, he/she has the right to contact the Estonian Data Protection Inspectorate or the court for termination of the violation.