Privacy notice for Aalto University communication and events

Updated 31.5.2022 (updates accepted by communication services)

Aalto University informs protection of personal data in several privacy notices. If you are our alumni, stakeholder or donor, please find more information on your privacy here:

Privacy notice for partnership services

We communicate mainly via our websites (aalto.fi). You find more information on processing your personal data as a user of our webpages here: 

Privacy notice for aalto.fi

Our cookie policy

Why and on what basis does Aalto University process your personal data?

Aalto University and its units use personal data for:

• communication and distribution of newsletters,
• organising events and disseminating information about them,
• providing and developing of digital and other communication services,
• handling feedback,
• carrying out surveys, and
• drawing lotteries.

Aalto University processes personal data for the purposes of events, marketing, and printed and digital communication, including communication in social media as well as handling feedback and carrying out surveys. The purpose of the processing of personal data is to allow the Aalto community members to interact with both each other and with society at large. In addition, the university may process personal data in order to protect it, as well as to prevent and investigate its abuse as necessary.

Aalto University has a legitimate interest in communicating and marketing the activities of the university. The processing of personal data is based on consent when the data is used for targeted electronic direct marketing or for participation in and drawing of lotteries.

What personal data does Aalto University collect and process?

The personal data processed by the university may be divided into the following categories:

• Data given by the data subject when registering for an event, such as contact in-formation
• Data given by the data subject upon contacting Aalto University
• Personal data contained in photographs, recordings and videos, such as an identifiable person in a photograph taken at an event.
• Personal data contained in marketing and communication material
• Personal data collected for the purposes of security arrangements
• Personal data collected by other services

The personal data processed of those who have registered for events contains usually the following information:

• name
• required contact details
• organisation
• job title
• name and contact details of information source if different from participant

In order to participate in the lottery, the information requested at the time is collected on the form, but at least the contact information for reporting the lottery winnings.

The personal data processed may also contain the following data:

• role of the participant in the event
• for international events, the home country of the participant for statistical purposes
• amount of participation fee and payment details
• dietary restrictions, if food is served at the event, and information on special arrangements (no information on illnesses are collected)
• data related to organising side events and additional services
• data related to publishing
• data related to organising travel services
• data generated when the event is recorded (e.g. photos, videos, audio recordings)
• areas of interest specified by a training participant
• feedback on the training (collected anonymously)

In addition, we may collect data on the event participation history of an individual data subject.

How do we collect personal data?

As a rule, we collect data directly from the data subjects in connection with their registration for an event or another contact made by them. Personal data may be collected and updated using other personal data files of Aalto when a legal basis for it exists, as well as from the following:

• the Finnish Trade Register;
• online services and software applications of companies;
• authorities and companies providing services concerning personal data; and
• any publicly accessible online sources.

Personal data is also collected when using other services. For the purposes of security arrangements, the university may collect personal data from its own personal data files and those of its service providers and contract partners, when a legal basis for data collection exists.

To whom do we disclose personal data

A) Service providers and distribution of photographs and videos in social media

Aalto University collaborates with selected partners in personal data processing for purposes specified in this privacy notice, such as maintaining websites and organizing events. 

We disclose personal data to our partners only to the extent necessary for them to offer services to Aalto for the purposes defined in this privacy notice.

In addition, Aalto University may share photographs and videos in social media services. The processing of personal data contained in these photographs is subject to the privacy notices of the services used. See, for instance, the following social media services:

• Facebook (https://www.facebook.com/)
• Instagram (https://www.instagram.com/)
• YouTube (https://policies.google.com/privacy)
• LinkedIn, Vimeo and Panopto 

Information on dietary restrictions or personal special arrangements may be disclosed to a relevant service provider, and be disclosed primarily in a format that does not allow the information to be connected to an identifiable person.

B) To teachers and researchers

We may in some instances disclose personal data for scientific research or teaching. In such cases the data is processed in accordance with the requirements of the EU’s General Data Protection Regulation and of Finland’s legislation on data protection.

C) To third parties when required under law

We may disclose your personal data to third parties where access to or processing personal data is necessary:

• to comply with applicable legislation and/or court order, or
• to detect, prevent or otherwise address technical or security issues or malpractice.

D) Other recipients

Basic information and participation history of the data subject may be saved in the university’s common customer relationship management database. We may disclose to event participants a list of the names and organisations of everyone participating in the event. We will not publish the participant list on a public platform, such as the internet.

Transfer of personal data to third countries

The data protection policy of the university is to exercise particular care when transferring personal data outside the EU and the EEA to countries that do not offer the data protection required by the European General Data Protection Regulation (GDPR). Transfers of personal data outside the EU and EEA are done in accordance with the requirements of the GDPR, using as a basis e.g. its reference to decisions made on the adequacy of the level of protection provided (Article 45), utilising standard agreement clauses and following other data protection measures in accordance with the GDPR.

Period for which personal data is retained

Personal data is retained for as long as is necessary in relation to the purposes for which it was collected and processed or for as long as is required by law or regulation or unless data subject ask for removal of data.

The contact information of event participants is used in recurring events as well as in the marketing of other similar events. Due to legal requirements, for chargeable events and billing transactions, the information must be retained for at least six (6) years from the end of that calendar year

The storage of data on Aalto University staff and students follows the applicable privacy notices as well as the university’s data management plan (TOS).

Images containing personal data are processed as other data, i.e. in accordance with the privacy notice on personal data.

Personal data collected for the allotment will be deleted once the allotment has been completed. The exact date of the allotment will be announced in connection with each individual allotment.

The personal data included in the marketing and communication material will be kept until the data subject requests their deletion.

Aalto University partners who received personal data related to an event are required to destroy that information after the conclusion of the event.

The personal data of event registrants are stored pseudonymised for statistical purposes.

Personal data and principles of privacy protection 

Due diligence is observed in the processing of personal data and data security measures are followed as appropriate. Technical solutions such as firewalls and encryption are employed and they comply with current standards. The controller ensures that retained information, user permissions and other data critical for the security of personal data are processed according to instructions, confidentially and only by individuals whose job descriptions authorise the processing.

Your responsibility

You are responsible for the information you supply or make available to Aalto University recipients, and you should ensure the accuracy of the given information.

Amendments to the privacy notice

Aalto University updates this notice as needed. Updated versions of this notice will show the date of the new version at the beginning of the document. If we make changes to content of this notice, we will take appropriate measures to keep you informed in a manner consistent with the significance of the change. We encourage you to check this notice often to be aware of how Aalto University protects your data.

Other privacy notices

Aalto University maintains several privacy notices. For example, if you have university username, become our donor or stakeholder, participate our courses, or visit our campus, please find information about the processing of your personal data in order to implement these services on the University Privacy Statements page.

Controller, register person-in-charge and contact information

The controller of personal data in communication, marketing and event activities is Aalto University.

The personal responsible for communications and events is the communications director.
Tel.: (exchange) 09 47 001
Email: [email protected]

A contact person and person responsible is designated for each event and newsletter. The contacts details are given in connection with each event announcement, invitation or newsletter.