The purpose of this personal data policy is to define the main principles, responsibilities and procedures that will be followed when personal data is processed at the university.
At the university, we implement data protection as part of all our mission: research, teaching and societal impact. Data protection is included in operations of our enablers of success, such as study services, IT services, HR services and real estate services. The data protection and security skills of every Aalto community member are essential when implementing data protection.
Data protection means everyone's right to the protection of privacy and their personal data.
´Personal data´ means any information relating to an identified or identifiable natural person.
Special categories of personal data include sensitive information such as health information, or information on religious beliefs or political opinions – special conditions under GDPR need to be met to process such information.
The protection and careful processing of personal data is
- ethically and legally compliant way of working: Aalto University Code of Conduct
- our obligation based on regulation such as the European Data Protection Regulation (GDPR) and Act on the Protection of Privacy in Working Life
- part of the professional skills of every Aalto community member, such as responsible conduct of research, teaching and study counseling as well as the basic skills of students to act in a digital environment.
Data security is essential when ensuring data protection in practice. Check out the university's security guidelines:
What can everyone do for data protection?
- Learn to recognize and classify information and personal data you handle. Keep your privacy skills up to date by attending training.
- Follow University security guidelines, and only use the services and applications offered by the University. Avoid transferring the personal data outside the original data processing system or service.
- Plan and minimize the processing of personal data: ensure that only such personal data that is necessary for the purpose and performance of the tasks, are processed. The planning of the processing of personal data is particularly important in development tasks, or when renewing operations or introducing a new system or application (privacy by design and default).
- Inform and share knowledge: when personal data is collected and processed, data subjects must be informed in advance. Check out the university's privacy notices.
- Regularly destroy any unnecessary and expired data, documents and messages – Do not store personal data “just in case”. Correct outdated information.
- Should you notice any incident or suspicious activity in connection to personal data, notify [email protected] without delay. Cyber security incidents or personal data breaches include, for example, incomplete or incorrect data, unauthorized access to another's information, a message sent to the wrong party or the information published mistakenly, or the leakage of personal data from the system.
If you have a need for an advice or data protection training, please contact University Data Protection Officer: dpo(at) aalto.fi