Welcome to DEx Labs — a space to explore and experiment. Avoid entering sensitive or real data.

Privacy Policy

Privacy Policy for Design Explorer (DEx) Systems

Last updated: April 7, 2026

This privacy policy describes the processing of personal data in Design Explorer (DEx) systems and defines your privacy rights and our commitments to protecting your personal data. We apply EU and Finnish privacy legislation. The key data protection laws are the EU General Data Protection Regulation (GDPR) and the national Data Protection Act supplementing the GDPR.

Registry Name

Design Explorer (DEx) User Registry

1. Data Controller

Tampere University
33014 TAMPERE UNIVERSITY
Phone: +358 294 52 11
Business ID: 2844561-8

Contact person for registry matters:
Tero Juuti
Phone: +358 50 517 9029
Email: tero.juuti@tuni.fi

Data Protection Officer:
Email: dpo@tuni.fi
Phone: +358 294 528 550

2. Purpose of Processing Personal Data

Design Explorer (DEx) is a design pattern management environment used at Tampere University. Collected personal data is used for:

  • Managing access rights and verifying user identity
  • Enabling communication and collaboration
  • Informing and messaging
  • Ensuring information security, providing user support, and resolving issues

The legal basis for processing is the performance of a task carried out in the public interest or in the exercise of official authority (GDPR Article 6(1)(e)), based on the Finnish Universities Act (558/2009).

3. How Personal Data Is Collected

When a person is invited to the system, the email address and any other identifying information needed for the invitation are provided by the inviter, who is an administrator and a member of the Tampere University community. Otherwise, personal data is collected from the individual during registration or later during use of the system.

4. Personal Data Processed

The registry contains information about students, teachers, and company partners. The following categories of personal data are collected and processed:

  • Mandatory: Identification data such as name, username or other unique identifier, and email address
  • Authentication data: Encrypted password or external authentication identifier (e.g., TUNI login)
  • Other descriptive data: User role within the system, workspace memberships, and information about authentication methods used
  • User-generated content: Including projects, patterns, elements, and related design data created within the system
  • Security data: Data related to maintaining and developing information security (including login sessions and indirect data derived from service usage, such as network traffic data provided by the web browser)

5. Regular Disclosures and Recipient Groups

Personal data is primarily processed by members of the Tampere University community. Processing is limited according to the person's role.

Data is not disclosed for external use, except when requested by a competent authority based on mandatory legal requirements.

The environment is hosted on Tampere University's infrastructure. Software development and maintenance is provided by Elisa Industriq Finland, which has access to the system for technical support and update purposes (data processor).

6. Data Transfers Outside the EU/EEA

Registry data is not transferred outside the EU or EEA. However, the system's user interfaces are accessible from outside the EU and EEA in compliance with Tampere University's information security practices and policies.

7. Principles of Registry Protection

System data is protected through access control and role-based processing. Users are identified with a username/password combination. Personal data is protected during network transmission. Data is stored on servers managed by Tampere University. Only designated personnel with confidentiality obligations can access the registry.

8. Data Retention Period

Personal data is retained for as long as the user account is active and necessary for the purposes described in this policy. Users can delete their account and all associated data at any time from the Profile section.

If a user account is deleted, all personal data and user-generated content associated with the account are removed. Projects in which the user is the only member are also deleted. Projects shared with other members are preserved and remain available to those members.

Data retention follows Tampere University's records management plan.

9. Obligation to Provide Data

Providing identification data (name, email address) is necessary to use the service. Without this data, access to the system cannot be granted.

10. Automated Decision-Making and Profiling

Registry data is not used for automated individual decisions, including profiling.

11. Your Rights Regarding Personal Data

Under data protection legislation, you have the right to:

  1. Access — obtain confirmation as to whether your personal data is being processed, and if so, access your data
  2. Rectification — have inaccurate, incomplete, or outdated personal data corrected or supplemented
  3. Erasure — in exceptional cases, have personal data completely deleted from the controller's registries (right to be forgotten)
  4. Restriction — in certain situations, request restriction of processing until your data has been properly verified and corrected or supplemented
  5. Object — object to processing on grounds relating to your particular situation, insofar as the processing is based on public or legitimate interest
  6. Data portability — request transfer of data, provided that you have supplied the data yourself, the data is processed on the basis of a contract or consent, and processing is carried out automatically

From the "Profile" section of the system, you can:

  • Download your data (access and portability — rights 1 and 6)
  • Delete your account and all associated data (erasure — right 3). Before deletion, you will see a list of projects you are a member of. Projects in which you are the only member will be permanently deleted along with your account; projects shared with other members will be preserved.
  • Edit your name (rectification — right 2). Email changes must be requested from an administrator.

For other requests concerning data subject rights, contact the data controller using the details in the Contact section below.

You also have the right to lodge a complaint with the supervisory authority. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto, https://tietosuoja.fi).

12. Cookies

The service uses session cookies to maintain login state. No analytics cookies are used.

13. Changes to This Privacy Policy

The system is continuously evolving, so we may update this privacy policy as needed or as required by law. We recommend that you review the contents of this privacy policy from time to time.

14. Contact

For questions and requests regarding this privacy policy:

Tero Juuti
Email: tero.juuti@tuni.fi
Phone: +358 50 517 9029

Data Protection Officer:
Email: dpo@tuni.fi
Phone: +358 294 528 550