Why and on what basis does Aalto University process your personal data?
A purpose of the processing of personal data is to better understand the needs of Aalto University’s internal and external customers, alumni and partners, as well as to improve the quality of our operations, the selection of new services, and the targeting and depth of our customer services. An additional goal is to further Aalto University’s societal impact as well as the university’s relationship management and engagement with individuals and with industry.
The university may also process personal data for data protection purposes and to prevent and investigate data breaches or misuse.
Services for alumni and partnerships process personal data for three purposes, the legal grounds for which are as follows:
Aalto University maintains Alumni register (CRM) based on legal obligations. Personal data in alumni register is used to help administer alumni memberships, relations, activities and communications as well as for Aalto University alumni operations and service marketing purposes. The data may also be used to generate statistical information for Aalto University’s use. The processing of personal data is based on the legitimate interest of the controller. Registering to alumni membership (Aalto Alumni Circle) is voluntary.
Stakeholder lists include individuals whom, due to their position or professional duties, Aalto may wish to contact as experts, mentors, partners, visiting lecturers, research subjects, or for other roles in Aalto University activities or those billed by Aalto University, such as tuition fees or those billing Aalto University. Personal data collected for partnership activities may be used for communications about the work of Aalto or of a part of Aalto as well as in other stakeholder communications. The processing of personal data is based on the legitimate interest of the controller and for personal data related to billing, on the controller’s legal obligations.
Personal data on donors is collected in connection with their donations. The personal data is used in communications for donors, for example, in donor newsletters and in invitations to stakeholder events. Donor information may be published and remain online permanently (e.g. donor names may be on a webpage) if the donor granted consent for this when making a donation. The processing of personal data is based on the legitimate interest of the controller and, as for receipts and permanently stored data, on the controller’s legal obligations.
If personal data collected in the context of alumni or partnership activities is used for direct marketing for commercial purposes, this practice is based on the legitimate interest. In such cases, we follow the legal provisions on electronic services and electronic direct marketing.
What personal data does Aalto University collect and process?
The personal data processed by the university may be divided into the following categories:
- name and contact details
- date of birth, gender and nationality (alumni)
- personal identification number (private donors)
Links to social media pages of the data subject. Link to theses, published with consent of the author.
Information relating to alumni activities, degrees and theses, published with consent of the author
Information relating to donations.
Information relating to billing.
- bank account
Information relating to marketing impact
How do we collect personal data?
Data on alumni required to maintain Alumni register is recorded from the Aalto University student information system. Data on alumni graduated between 1960-2021 has been recorded to Alumni register in 2021. Alumni data can also be received from the data subjects as they register to alumni membership.
With respect to other services, the data is for the most part collected from the data subjects themselves through their registrations or through other contact with them.
Personal data may be collected and updated using other personal data files of Aalto when a legal basis for it exists, as well as from the following: the Finnish Trade Register; online services and software applications of companies; authorities and companies providing services concerning personal data; and any publically accessible online sources.