Due to the many tasks of Aalto University, we maintain several privacy notices. You can get familiar with their contents through the links and attachments on this page. In the context of university activities, you are data subject, i.e. person whose data is processed, if you are for example our student, staff, alumni, partner or customer. Please note that depending on the relationship between the data subject and Aalto, either one or more of the privacy notices may apply.
The following privacy notices describe the processing and protection of personal data when organizing university events and communications.
We inform on the processing of personal data of Aalto University alumni, donors and stakeholders in the CRM system in this privacy notice.
This privacy notice provides information to Aalto University alumni, donors and stakeholders about the processing of their personal data in CRM-system as part of the services of the Aalto University Advancement and Corporate Engagement (ADCO).
This privacy notice describes the Aalto University policy on the personal data collected and processed by the Aalto University IT Services (ITS) in connection with the services it produces and the processes it executes.
Aalto University ('Aalto') collects personal data that relates to the users of the aalto.fi website ('website'). This privacy notice applies to the website aalto.fi. Aalto acts as the controller for personal data that users of the website provide when they visit the website or by other means or that is collected automatically in conjunction with website browsing activity.
You find information on the protection of personal data of our students and applicants to bachelor’s, master’s and doctoral education on the pages:
Privacy notice for students concerns degree students, exchange students, non-degree students who have a right to pursue single course(s) and Open University students. The notice contains information about how personal data on students is processed and the rights that students have to their own personal data.
This privacy notice applies to applicants to bachelor’s, master’s and doctoral education, and contains information about how your personal data is processed and the rights that you have to your own personal data.
Under the GDPR, you have the right to review your information and rectify any inaccurate or erroneous personal data. In addition, with certain exceptions, you have the right to erase your data. If he processing of personal data is based on your consent, you also have the right to withdraw your consent. You find more information on your rights listed below.
According to the GDPR, you have a right to know what information on yourself is stored in the personal data file. You have the right to request that any inaccurate or erroneous data on yourself be rectified without undue delay. If data you wish have rectified or erased is maintained by an Aalto partner, we will request that the partner take the appropriate measures.
Barring certain exceptions, the GDPR guarantees your right to have your erased, or as it is termed, your right to be forgotten. However, this right does not obtain in cases where the university’s right as the controller to process personal data is based on the university’s obligation to perform tasks carried out in the public interest or in the exercise of official authority. If the processing of personal data is based on your consent, you may also withdraw your consent. In that case, you may submit a request to us to erase data concerning yourself from our system. If there is no other legal grounds for processing your data, we will erase it.
If you contest the accuracy of the personal data or the lawfulness of the processing, or or if you have exercised your right to object to the processing, you may request that the processing of the personal data be restricted to storage only. The processing of the data is then confined to its storage only until, for example, the accuracy of the data is verified. If you do not have the right to request erasure of the data, you may request instead that Aalto University limit its processing to only that needed in order to store the data.
You always have the right to object to the processing of your personal data when the processing is for marketing purposes.
In this section, you will find information on how you can exercise the rights of the data subject at Aalto University if necessary.
Requests under the GDPR concerning the processing of personal data can be submitted through our personal data portal:
Aalto university personal data portal
Please note, however, that regular service addresses or contact person named in privacy notice for different services will still be used primarily for contact information changes and other routine changes.
You may also contact the data protection officer of Aalto University if you have questions or demands relating to the processing of personal data:
DPO: Anni Tuomela
Phone: 09 47001
Email: dpo(at)aalto.fi
If you consider the processing of your personal data to be an infringement of data protection legislation, you have the right to lodge a complaint with the Data Protection Ombudsman, which is the supervisory authority. Read more:
We have an obligation to communicate personally any security breach of personal data to those data subjects whom the breach concerns. The right enters into force if the breach is likely to result in a high risk to the rights and freedoms of the individual, e.g. in the form of identity theft, payment fraud or other criminal activity.
An information security team operates at Aalto (email security(at)aalto.fi) to process reported data protection and information security incidents concerning the university and to help resolve them, investigating whether data breaches have occurred.
We process personal data with care, and take proper care of data security. Up-to-date technical solutions such as firewalls and encryption are used.
In our processes, the personal data is processed only by our employees or our partners' employees who are entitled to process personal data. Access and read-only access to the data systems are determined and granted only to the extent required by the task and only to the individuals who need the personal data in the data system concerned in order to perform the task assigned to them.
We process your personal data in accordance with General Data Protection Regulation (GDPR), in a way that respects the rights and freedoms of the data subject. We ensure that data protection principles are followed at all stages of the processing of personal data.
Personal data is be processed manually (on paper) electronically and in various different data systems which are administered by either Aalto or its partner.
We have selected as service providers only those processors who comply with good personal data processing practices through appropriate technical and organizational measures, meet the requirements of the General Data Protection Regulation and are able to enforce your rights.