Privacy notice

Purpose of processing personal data

The Centre for Child Psychiatry at the Department of Clinical Medicine at the University of Turku has developed a digital parenting programme based on behavioural therapy elements which will support young families in the situation caused by the coronavirus. The programme offers parents/guardians information about anxiety and ways to relieve the child’s anxiety.

The programme and related study (“Yhdessä selviydytään”) aim to

  1. gain knowledge on families’ psychological wellbeing and their experiences of social isolation during the coronavirus epidemic               
  2. study the impact of the parental guidance programme based on the parent’s/guardian’s assessment before and after completing the programme regarding 1. their ability to help their child manage his or her anxiety and their own and their child’s/children’s emotional symptoms. We will ask the participants about their experiences and satisfaction with the programme in order to gain data on the future usability and for further development of the programme.

Controller of the data file

The University of Turku is administering and maintaining the register of personal data connected to the programme and study.

Grounds for processing personal data

We are processing personal data based on the university’s basic duties and their implementation as defined in section 2 of the Universities Act, and on section 4(3) in the Data Protection Act.

Contact person

Questions about the study can be sent to:

The director of the study is Andre Sourander, Professor of Child Psychiatry, Research Centre for Child Psychiatry, University of Turku, Lemminkäisenkatu 3 / Teutori 3rd floor, 20014 University of Turku

Special personal data groups

The data will be collected from parents/guardians through online surveys. Before starting the programme we request the following Background information: Survey participant (mother/father/other, who), participant’s level of education, child’s age and gender, number of parents and children under 18 living in the household, child’s place of school or day care (home, school, nursery) and the name, date of birth, address and contact details (email and phone number). of the participant. Links to the follow-up surveys will be sent to the email address that has been provided by the research subject and/or by text message.

The guardian is asked to also complete the following surveys before the programme, immediately after completing the programme (only some of the questions), two weeks after completing the programme, and six months after completing the programme:

  • Questions relating to the coronavirus epidemic (5), which have been written for this study.
  • Questions about the parent’s thoughts and actions (12) relating to the coronavirus epidemic, which have been written for this study.
  • Questions mapping out the child’s anxiety symptoms (5), which have been written for this study. The parent can answer for one child or several children.
  • Questions mapping out the parent’s emotional symptoms (9), which have been written for this study.
  • Questions relating to the experiences of the programme and its use (4). We will receive information relating to the usage of the programme (time spent, pages visited) directly from the digital platform.

The research programme’s website, where all measurements are done, is located on a server maintained by the University of Turku, and it is covered by the information security guidance of the data administration of the University of Turku. The link between the website and the user’s computer is protected through SSL encryption. The website is accessed with a personal user ID and password. The research subjects are responsible for making sure that their actions do not allow a third party to access their login details. The website registers data on how the research subject uses the treatment programme (number and time of visits, length of time spent logged in, pages visited). The data can be used to study factors affecting the effect of the programme and technical development of the service, as well as identifying, preventing and fixing faults (Information Society Code (917/2014) Sections 138, 141, 144, 272).

The data will be stored for the amount of time required for these purposes, and they will not be used for any other purposes. The requirements relating to information security have been considered carefully in the programme’s development stage and when collecting, storing, analysing and archiving data. Identification data will be replaced with a research code. The identification data of a particular individual cannot be identified when the data is analysed and the results are published. Everyone processing confidential research data will agree never to share the data with a third party, use the data to hurt or humiliate a participant, or infringe on such rights that are protected through secrecy.

Data retention

The identifiable research data (personal data) will be anonymised once the study has been completed. The study will continue for six months after the intervention. The pseudonymised personal data will be stored on the university’s protected network drive until 2035. After that the personal data will be aggregated so that the data of any individual cannot be identified. The aggregated data will be archived for research purposes.

Potential data recipients

No personal data will be disclosed outside the research group. Participation in the study requires disclosing personal data for research purposes.

Potential data transfers to third countries

All data transfers will take place in Finland.

Publicity or confidentiality

All personal data that is collected is confidential and will only be used by the research group. Access to the data is protected through the use of a username and password. 

Rights of the data subject

The data subject has the right to request access to the personal data pertaining to them, to request the correction or removal of said data, and to object to the processing of said data. The data subject also has the right to submit a complaint to the supervisory authority. It is, however, possible to diverge from the rights of the data subject as it can be seen to impede the study.

Data Protection Officer of the University of Turku

Please contact the Data Protection Officer of the University of Turku with matters pertaining to the rights and responsibilities of the data subject,

Principles for protecting personal data

The IT Services of the University of Turku offer general IT infrastructure and services for the university’s faculties and departments. These services consist of an internet connection, centralised services, virtual service platforms, usernames, workstations, smart phones, storage space, data safety services, software permissions, help desk services and life cycle management.

The university’s staff define and maintain the internet infrastructure. The network is divided into different zones according to requirements (physical, wireless, services, workstations, protected use etc.). Storage services, servers and other services are produced on university premises, unless otherwise stated.

University buildings, including the Research Centre for Child Psychiatry, have centralised lock systems, and only keyholders who have been permitted access can enter the Centre. The forms containing personal data are kept in the Research Centre’s electronically locked archive for the duration of the study, and only specific members of the Research Centre staff are given access to them.

The IT Services are located in three data centres on campus, and they manage the workstations. The university offers a campus permit for the most common software and operating systems. Departments can manage the devices they require if they invest in safe and ongoing administration which follows the IT Services’ administrative rules.

All IT Services and their administration must follow the IT Services’ administrative rules and the university’s data security policy. They define the administrative operating principles: good administrative practice, respect for the privacy policy, and occupational safety.

Data security is maintained through the following main points:
1. centralised administration with a separate administrative account and compartmentalised access
2. using reliable and up-to-date hardware and software, continuous software updates
3. centralised identity management
4. locally administered internet infrastructure which applies to the industrial standard and service statistics
5. widely used security software and monitoring tools.

The Head of Information Security at the University of Turku is Mats Kommonen





You are using Internet Explorer. This website does not support Internet Explorer and it might not work correctly. Please switch to another browser.