Submit service request
Help link to main page

Privacy Statement – Turnitin Originality


EU General Data Protection Regulation (2016/679)

  1. Data Controller Jyväskylä University of Applied Sciences Ltd
    PL 207, 40101 Jyväskylä
    +358 20 743 8100

Contact Person for Register Matters, Contact Information During Office Hours

Process Owner: Education Services Manager
Content Administrator: Educational Development Services
Technical Administrator: ICT Services

firstname.lastname[a]jamk.fi

  1. Content of the Register and registered groups

As the data controller, Jamk collects personal data for the text similarity service in connection with Turnitin’s Originality system. The supplier is Turnitin LLC (service provider). Service provider’s Privacy Statement https://guides.turnitin.com/hc/en-us/articles/27377195682317-Turnitin-Services-Privacy-Policy

The following information is collected in the register:

  • person’s name, Jamk’s e-mail address
  • educational institution
  • the information of the written material, i.e. the return
  • a user ID is collected when registering an account

Registered groups: 1) staff

  1. Processing of Personal Data and Its Purpose

As a data controller, Jamk collects and processes personal data in order to perform plagiarism detection related to text recognition. Personal data is processed in accordance with Jamk’s personal data handling instructions and the general privacy statement at https://www.jamk.fi/en/jamk/data-protection-in-jamk.

  1. Personal data processors

Personal data is processed by Turnitin’s technical and content administrators in Jamk.

  1. Regular Data Sources

The data source is the information entered into the service by the persons themselves.

  1. Personal data retention period

We store certain user personal data as long as necessary to enable continuous use of the services. How long we retain certain personal data varies depending on its type and use, after which it is deleted.

  1. The rights of the registered person and their implementation

Based on the data protection regulation, the data subject has the right to:

  • To withdraw consent
  • Access to your personal data
  • The right to have errors corrected
  • The right to prohibit direct marketing
  • The right to object to processing
  • The right to restrict processing
  • The right to have the data transferred.

In order to implement the registrant’s rights, a request is made to Jamk’s data protection officer, data protection(at)jamk.fi. More information about Jamk’s data protection officer and the data subject’s rights and their implementation can be found in Jamk’s personal data handling instructions and the general privacy statement https://www.jamk.fi/en/jamk/data-protection-in-jamk.

  1. Information security and principles of registry protection

In the service, personal data is protected by appropriate technical and administrative measures against unauthorized or illegal processing and against damage or loss of personal data. The customer’s and user’s personal information is stored in third-party data centers, where firewalls, personal data encryption and other industry standard techniques are used to prevent interference or access by outside intruders. However, the Internet is never completely secure and we are not responsible for any security breaches that are beyond our reasonable control.

For the EU, the service is managed in Germany, so all data is transferred to the servers there.

You log in to the service by registering as a service user and creating an account that contains a username and password. The account is linked to Jamk’s email address.

The user is responsible for maintaining the confidentiality of the account ID and password. If the user becomes aware that the account is being used without permission or that the user or customer account identifiers have been lost, or if you suspect a security breach, it is the user’s responsibility to report it immediately by sending an email to informationsecurity(at)turnitin.com.

The personal information collected and processed is kept confidential and is not disclosed to anyone other than those who need it in their work or confidentially and to a limited extent based on service contracts to the register controller’s customers.

The service provider’s personnel undertakes to process personal data securely, confidentially and only to provide the service.

  1. Data transfer

Personal data is only stored in the EU and EEA and processed only in the EU and EEA. Data transfer outside the EU and EEA area is done only for support purposes. In this case, the service provider ensures that personal data is processed in accordance with the requirements of the data protection regulation and the processing in accordance with the regulation is agreed in the data processing agreements required by the regulation.

  1. Profiling and Automated Decision-Making

Personal data in the register is not subject to automatic decision-making or profiling.

Back to top Back to top