Aalto University

Aalto University privacy notice for partnership services

This privacy notice provides information to Aalto University alumni, donors and stakeholders about the processing of their personal data in CRM-system as part of the services of the Aalto University Advancement and Corporate Engagement (ADCO).
gdpr-nn-banner-wj.jpg

General provisions concerning privacy and protection of personal data are included in Aalto University Data Protection Policy. Also Records Management Plan (TOS) regulates processing personal data. In addition, Aalto University has appointed Data Protection Officer ([email protected]).

At Aalto, our operations take place in compliance with the Act on the Openness of Government Activities (621/1999). Pursuant to the principle of openness set out in the act, information in the possession of a university is public unless otherwise provided by law. Compliance with the act may obligate the university to disclose personal data to third parties.

Aalto University Data Protection Policy
Read our Policy
Records Management Plan TOS
Read our plan

If you have been invited to attend our event, you will find more information about the processing of personal data necessary for organizing of events from this privacy notice:

Privacy notice for Aalto University communication and events

Why and on what basis does Aalto University process your personal data?

A purpose of the processing of personal data is to better understand the needs of Aalto University’s internal and external customers, alumni and partners, as well as to improve the quality of our operations, the selection of new services, and the targeting and depth of our customer services. An additional goal is to further Aalto University’s societal impact as well as the university’s relationship management and engagement with individuals and with industry.

The university may also process personal data for data protection purposes and to prevent and investigate data breaches or misuse.

Services for alumni and partnerships process personal data for three purposes, the legal grounds for which are as follows:

Aalto University maintains Alumni register (CRM) based on legal obligations. Personal data in alumni register is used to help administer alumni memberships, relations, activities and communications as well as for Aalto University alumni operations and service marketing purposes. The data may also be used to generate statistical information for Aalto University’s use.  The processing of personal data is based on the legitimate interest of the controller. Registering to alumni membership (Aalto Alumni Circle) is voluntary.

Stakeholder lists include individuals whom, due to their position or professional duties, Aalto may wish to contact as experts, mentors, partners, visiting lecturers, research subjects, or for other roles in Aalto University activities or those billed by Aalto University, such as tuition fees or those billing Aalto University. Personal data collected for partnership activities may be used for communications about the work of Aalto or of a part of Aalto as well as in other stakeholder communications. The processing of personal data is based on the legitimate interest of the controller and for personal data related to billing, on the controller’s legal obligations.

Personal data on donors is collected in connection with their donations. The personal data is used in communications for donors, for example, in donor newsletters and in invitations to stakeholder events. Donor information may be published and remain online permanently (e.g. donor names may be on a webpage) if the donor granted consent for this when making a donation. The processing of personal data is based on the legitimate interest of the controller and, as for receipts and permanently stored data, on the controller’s legal obligations.

If personal data collected in the context of alumni or partnership activities is used for direct marketing for commercial purposes, this practice is based on the legitimate interest. In such cases, we follow the legal provisions on electronic services and electronic direct marketing.

What personal data does Aalto University collect and process?

The personal data processed by the university may be divided into the following categories:

Identification data:

  • name and contact details
  • date of birth (alumni and staff)
  • gender and nationality (alumni)
  • personal identification number (private donors)

Links to social media pages of the data subject. Link to theses, published with consent of the author.
Information relating to alumni activities, degrees and theses, published with consent of the author
Information relating to donations.
Information relating to billing.
-                         bank account
Information relating to marketing impact

How do we collect personal data?

Data on alumni required to maintain Alumni register is recorded from the Aalto University student information system. Data on alumni graduated between 1960-2021 has been recorded to Alumni register in 2021. Alumni data can also be received from the data subjects as they register to alumni membership.   

With respect to other services, the data is for the most part collected from the data subjects themselves through their registrations or through other contact with them.

Personal data may be collected and updated using other personal data files of Aalto when a legal basis for it exists, as well as from the following: the Finnish Trade Register; online services and software applications of companies; authorities and companies providing services concerning personal data; and any publically accessible online sources. 

To whom do we disclose personal data?

Aalto University uses external service providers, who may process personal data as part of their services. The service providers are considered data processors to the extent that they process personal data and do so in accordance with the aims defined by Aalto University.

As a part of the university’s societal impact work, we engage in broad collaboration with various businesses and public organisations, and we participate in activities of ecosystems that share the goals of the university and are in line with the university’s interests. The university requires of its partners trustworthiness and a code of conduct, and responsibility for protecting personal data is arranged according to the GDPR for each collaborative relationship.

In order to measure and direct the impact of our work, we need to follow the scale and, if possible, relevance of our networks and collaborations. This requires transparency as well as effective utilisation of both human and technical resources. We may disclose needed personal data to these collaborative partners on a case-by-case basis.

Based on act of openness and separately drawn agreement we can also disclose personal data to collaborative partners such as Aalto University alumni associations.

Transfer of personal data to third countries

A data protection policy of the university is that particular care is to be taken when transferring personal data outside the EU and the EEA to countries that do not offer the data protection required by the European General Data Protection Regulation (GDPR). Transfers of personal data outside the EU and EEA are done in accordance with the requirements of the GDPR, using as a basis e.g. its reference to decisions made on the adequacy of the level of protection provided (Article 45), utilising standard agreement clauses and following other data protection measures in accordance with the GDPR.

Period for which personal data is stored

Personal data is stored for as long as is necessary in relation to the purposes for which it was collected and processed or for as long as is required by law or regulation. The storage of data on Aalto University staff and students follows the applicable privacy notices as well as the university’s data management plan. Any data concerning the contractual employment relationship of Aalto staff will be erased at the termination of the employment relationship. Any data concerning partnership activities will be erased at the termination of the partnership. Data on donations will be stored for a minimum of six years after the last instalment.

Rights of the data subject concerning personal data

Under the GDPR, you have the right to review your information and rectify any inaccurate or erroneous personal data. In addition, with certain exceptions, you have the right to erase your data. If he processing of personal data is based on your consent, you also have the right to withdraw your consent. You find more information on your rights listed below.

Your responsibility

You are responsible for the information you supply or make available to Aalto University recipients, and you must ensure the accuracy of the information.

Amendments to the privacy notice

Aalto University updates this notice as needed. Updated versions of this notice will show the date of the new version at the beginning of the document. If we make changes to content of this notice, we will take appropriate measures to keep you informed in a manner consistent with the significance of the change. We encourage you to check this notice often to be aware of how Aalto University protects your data.

Other privacy notices

Aalto University maintains several privacy notices. For example, if you have university username, attend university events, or visit our campus, please find information about the processing of your personal data in order to implement these services on the University Privacy Statements page.

Privacy notices

Aalto University's privacy notices

Read other privacy notices (events, IT-services etc)
People in Dipoli Building

Controller, register person-in-charge and contact information

The controller of personal data in partnership activities is Aalto University.

The register person-in-charge is Ville Krannila.
Tel.: (exchange) 09 47 001
Email: crm-support(at)aalto.fi

  • Published:
  • Updated:
Share
URL copied!