Information about cookies and the processing of personal information on our website can be found on the page website and cookies.
For questions about data processing, contact details are available in the relevant data protection statement.
The data protection officer of the University of Helsinki can be reached at tietosuoja@helsinki.fi.
The University of Helsinki processes the personal data of applicants to carry out procedures for admitting new students. When you apply for admission to the University, your personal data are processed for the following purposes:
Individual arrangements
We process the personal data you provide to us so as to make individual arrangements related to entrance examinations. This processing is based on the information you provide in your application for individual arrangements and its attachment(s), such as a doctor’s certificate and/or other expert statements. Based on your consent, your data can also be used to plan other study-related individual arrangements if you are offered a place and accept it.
The processing of personal data is based on the performance of a task carried out in the public interest or in the exercise of official authority, compliance with a legal obligation and, in certain cases, on consent.
Relevant regulations:
The University processes the following personal data:
Individual arrangements
If you apply for individual arrangements, we will process not only the data mentioned above, but also the personal data you provide in your application and its attachments:
In addition, the attachments may include a copy of a doctor’s certificate. Applications for, and decisions on, individual arrangements are confidential and handled at the University by a specific group of staff.
Information on applicants is collected from the following sources:
Information may also be derived or obtained through observations of the use of IT services and equipment provided by the University to the applicant, or information may be collected by the management and surveillance services used at the University (e.g., camera surveillance).
Storage periods are based on current legislation and the University of Helsinki’s archiving plan.
The following data are stored permanently:
In addition, other personal data concerning applicants may be stored permanently upon the decision of the National Archives of Finland.
Storage periods of personal data not stored permanently:
Personal data are disclosed to the following recipients:
In addition, the University may disclose the personal data of applicants
Information on individual arrangements is processed at the University only by those who implement individual arrangements for entrance examinations. We will not disclose your application data outside the University of Helsinki. In the case of cooperation related to entrance examinations with other universities, we may, if necessary, provide information on individual arrangements granted to you to the other universities involved in the cooperation.
Personal data may be transferred outside the EU, for example, when verifying the validity of certificates granted to an applicant outside the EU.
The University exercises particular care if personal data are transferred outside the EU and the European Economic Area (EEA) to countries that do not ensure data protection in line with the General Data Protection Regulation (GDPR). Personal data are transferred outside the EU and EEA only when necessary, and the transfers are made in accordance with the requirements of the GDPR, for example, using the standard contractual clauses approved by the European Commission.
The University of Helsinki must process your personal data for purposes including the following:
In addition, the University can process your personal data for the following purposes:
The use of personal data is primarily based on legislation concerning the University of Helsinki and the organisations operating in the University community. In specific cases, the basis for processing data is consent given by the student.
Therefore, the right of the University as the controller of the data file is based on
As a rule, the University has the right to process sensitive data as the controller of the data file in the following cases:
Relevant regulations
Universities Act (558/2009)
Government Decree on University Degrees (794/2004)
Act on national study and degree registers (Laki valtakunnallisista opinto- ja tutkintorekistereistä) (884/2017)
EU General Data Protection Regulation (2016/679) and supplementing national regulations
Personal Data Act (523/1999) and the Data Protection Act (XXX/2018), which will supersede the former
Act on the Openness of Government Activities (621/1999)
Regulations of the University of Helsinki
Regulations on Degrees and the Protection of Students’ Rights at the University of Helsinki
Decisions by the University and the rector concerning teaching and studying at the University of Helsinki
Standing regulations of the University of Helsinki faculties
The University of Helsinki processes personal data from which you can be identified directly or indirectly. Direct identifiers include the personal identity code and student number. We will also process your name and contact details, in addition to which the University processes other information related to your studies from which a third party may identify you by connecting the details.
The details most commonly processed in conjunction with studying and completed studies are the student’s name, student number and contact details, as well as details on the degrees pursued and the content of studies.
Here are examples of the data processed by the University of Helsinki:
Some required personal details come from yourself, which makes you responsible for their validity. A right to study is personal. Thus, your personal details must be valid.
Certain details have been collected from other parties, including:
The storage period for personal data stored in University of Helsinki systems and data processed manually is based on legislation in force and the archiving plan of the University of Helsinki.
In observance of the legislation concerning universities (Sections 25 and 27 of act 884/2017), the University of Helsinki stores the following personal details related to teaching permanently:
Information on storage periods for other data is available in the archiving plan of the University of Helsinki.
Personal data is primarily processed by the staff of Teaching and Learning Services and the teaching staff. In addition, personal data can be processed by the following units: IT Centre, HR Services, Financial Services, as well as Communications and Community Relations.
The University of Helsinki may also use external parties to process personal data, such as businesses that provide system services and process personal data on behalf of the University of Helsinki on the basis of a mandate.
The University of Helsinki discloses required student personal data to the following recipients, either through the national data warehouse for higher education or directly:
In addition, the University of Helsinki can disclose students’ personal data
The primary source of transferred data is the academic administration system Oodi and the Mobility Online mobility system. Student data to be permanently stored and the mobility periods of student exchange will be transferred to Virta, the national data warehouse for higher education.
According to its data protection policy, the University will exercise particular care if personal data is to be transferred outside the EU or the European Economic Area to countries where data protection regulations do not conform to the EU’s General Data Protection Regulation.
The transfer of personal data outside the EU or the EEA must be carried out in compliance with the requirements of the GDPR.
Individual arrangements
We process your personal data to be able to provide a recommendation on individual arrangements and/or make individual arrangements related to teaching and examinations. The processing is based on the information you provide to the University (such as a doctor’s certificate and/or other statements from experts).
The processing of personal data is based on the performance of a task carried out in the public interest or in the exercise of official authority, compliance with a legal obligation and, in certain cases, on consent.
Relevant regulations:
What data are processed?
Individual arrangements
First name, last name, personal identity code, gender, faculty, degree programme, year of starting current studies, student number, address, phone number, email address, any information given by the student when booking an appointment, information on registration for the academic year
In addition, we process the following data:
Storage periods
Storage periods are based on current legislation and the University of Helsinki’s archiving plan.
Data related to individual arrangements are confidential and processed at the University only by those who need the data to plan and/or make individual arrangements.
Data can be disclosed with the student’s consent to officials with the statutory right to obtain data. In this case, the official must submit a written request, indicating the legislation on which the right to obtain data is based. Data may be disclosed without the consent of the student in cases with existing separate legislation on disclosing data or on the right to obtain data. Statistical data where an individual’s personal data are not identifiable can be forwarded and used, for example, in reports and presentations which discuss the nature and extent of individual arrangements.
Are data disclosed outside the EU?
Data regarding students who have been granted individual arrangements will not be transferred outside the European Union or the European Economic Area.
p. 02941 24140, email: hakijapalvelut@helsinki.fi
Personal data are processed in conjunction with the application procedure to the international master's degree programmes of the University and as part of completing the student admission process. The data file is used for the production of statistical data for the purposes of disseminating information about educational opportunities, as well as for planning, evaluating and developing education.
Documents attached to applications can be used also for training the Admissions Services staff in the application process. No documents are disclosed outside Admissions Services.
Data pertaining to an applicant:
Data obtained from the applicant and study right register of Finnish higher education institutions (Studyinfo):
Lawful basis for the processing of personal data:
Task carried out in the public interest and exercise of official authority vested in the controller
Compliance with a legal obligation to which the controller is subject
Applicants use the system user interface to independently store their application data.
Data on higher education studies completed after 1995 by applicants with a Finnish personal identity code are transferred from the VIRTA student information system by automated means. Data are verified directly from the relevant controllers of data files who have given their permission. From the VIRTA database, personal data and data on study rights as well as on completed degrees and studies required for the admissions process are transferred via a technical interface.
Data provided by the applicants in their application or its attachments pertaining to international studies and degrees completed outside Finland can be verified from the awarding institution or from another relevant party
Applications and their attachments submitted by the deadline are stored in the University of Helsinki archives for 10 years.
Applicants’ identification data and data pertaining to student admissions are transferred to the Studyinfo system. Data and documents are disclosed to experts who assess applications.
With the applicant’s consent, data pertaining to them can be transferred to other third parties.
Address details can be disclosed to be used for marketing purposes by the University of Helsinki only with the consent of the data subject.
If the applicant has employed an official education agency partner of the University of Helsinki in the application process, data pertaining to the processing of the application can be disclosed to that partner.
Data on applicants are not regularly disclosed outside the European Union or the European Economic Area. However, the disclosure of data may be necessary, for example, for the verification of studies completed outside Finland when making decisions related to student admissions. We observe special care in conjunction with any disclosure of data. Data can be transferred to third parties outside the EU or EEA also with the express consent of the applicant.
opintopsykologi@helsinki.fi, anu.lehtinen@helsinki.fi
Data stored in the University of Helsinki counselling psychologists’ client data file are processed for the purpose of maintaining the counselling psychologists’ client relationships. In addition, contact details and anonymised statistical data stored in the data file will be used to monitor the quality of the counselling psychologists’ services and to develop them further.
The pieces of personal data collected from the student are first name, last name, personal identity code, gender, faculty, degree programme, first year of current studies, student number, address, phone number, email address, details provided by the student when booking an appointment, appointments made with counselling psychologists and cancellations, consultation records made by counselling psychologists on sessions as well as on related events and tasks, summaries, recommendations and statements. The IP address of the device used by the student is also collected during the booking of an appointment.
Counselling psychologists of the University of Helsinki maintain a client data file on individual consultations and comparable work, in addition to which they draw up consultation records on consultation sessions as well as related events and tasks. The counselling psychologists do this in their role as healthcare professionals, and in their work as psychologists they observe the following laws: the Act on Health Care Professionals (559/1994), the Act on the Status and Rights of Patients (785/1992) and the decree of the Ministry of Social Affairs and Health on patient records (298/2009). These records often contain information related to clients’ health.
For individual counselling, the basis for processing personal data is a legal obligation. As healthcare professionals, psychologists are obliged to observe the following legislation when providing consultation to individuals: the Act on Health Care Professionals (559/1994), the Act on the Status and Rights of Patients (785/1992) and the decree of the Ministry of Social Affairs and Health on patient records (298/2009).
Consultation records related to group sessions outside individual counselling are based on students’ consent.
From the data subject themself, the psychologist also makes records of counselling and related events and tasks, such as summaries, recommendations and statements.
Data created in individual consultation sessions are stored in accordance with the laws concerning patient data. Booking data collected through the booking system are erased every academic year except the IP address which is stored for the time being. Details relevant to the counselling provided by the counselling psychologists, such as students’ personal data and other preliminary information provided by students, are transferred from the booking system (called Vihta, provided by Netorek Oy) associated with individual consultations to the Diarium booking system provided by Nordhealth Finland Oy.
Group consultation data that are not considered patient data are stored for four years. In the case of groups, data obtained through the booking system are erased, with the relevant information stored in the counselling psychologists’ digital archive.
The client’s data can be disclosed to the client at their request. Information can also be disclosed, with the consent of the client, to officials with the statutory right to obtain information. In this case, the official must submit a written request, indicating the legislation on which the right to obtain information is based. Information may be disclosed without the consent of the client in cases with existing separate legislation on disclosing information or on the right to obtain information.
Statistical data where an individual’s personal data are not identifiable can be forwarded and used, for example, in reports and presentations which discuss the nature and extent of students' psychological counselling. In addition, information on clients who have provided a written consent for research use can be used in scientific studies and publications in unidentifiable form.
The data in the University of Helsinki counselling psychologists’ client data file will not be transferred outside the European Union or the European Economic Area. Connect platform which is used for remote appointments uses the US Twilio system. This platform does not store any information that identifies the student.
The teacher training schools of the University of Helsinki need your personal data for the following purposes:
BASIC EDUCATION
GENERAL UPPER SECONDARY EDUCATION
We store data pertaining to pupils’ and students’ school attendance, teaching arrangements and learning outcomes. The University of Helsinki teacher training schools are part of the University, and the schools conduct research with participation based on consent given by parents/carers and/or pupils and students.
BASIC EDUCATION
GENERAL UPPER SECONDARY EDUCATION
Data processed in special categories of personal data:
The processing of personal data is necessary to carry out the statutory duties of the controller of the data file. The teacher training schools are part of the University of Helsinki, and personal data can also be processed for the purposes of scientific research in the public interest. Pupils and students or their parents and carers are always asked to give their consent for participating in a study.
Legislation pertaining to the operations of the teacher training schools:
For basic education:
For general upper secondary education:
Personal data are collected from pupils and students themselves and their parents and carers. Other key sources of data include the following:
We comply with the archiving plan of the University of Helsinki. Examples of stored data and storage periods:
Regular disclosure of data includes
We do not transfer or disclose personal data outside the EU.
The mission of the University of Helsinki is to promote independent academic research and interact with the surrounding society. In fulfilling its mission, the University processes the personal data of researchers and specialists active in the University community.
You can contact the unit that served you about data processing related to the services.
The University of Helsinki processes your personal data for purposes including the following:
In the case of the special responsibility area of the Helsinki University Central Hospital, we will process your publication data for the purposes of national publication data collection.
We process information that describes your activities as a university researcher or expert, research resources and outputs, and societal interactions. Directly identifiable information includes personal identifiers in the university's information systems and international researcher identifiers. We also process your name, unit, discipline (subject) and contact information.
Primarily, the basis for processing your personal data is legislation concerning the University of Helsinki, processing is necessary for the performance of a task carried out in the public interest: university's task is to promote free research and scientific and artistic culture. In certain special cases you have given your consent for the processing.
Some of the personal data are collected from you.
Certain details have been collected from other parties, including certain details pertaining to publications and social activity.
We follow the archiving plan of the University of Helsinki. We retain information about our researchers permanently for archival purposes. Retention times are described in more detail in other data protection notices (e.g. Personnel administration)
Information on research activities are public, excluding e.g. confidential research plans or information separately agreed with the funder.
All data are normally stored within the European Economic Area (EEA).
The transfer of personal data outside the EU or the EEA must be carried out in compliance with the requirements of the GDPR, which means that we for example use EU Commission standard contractual clauses. We may also ask your consent, which may occur in conjunction with submitting a research funding application to a funding party located outside the EEA.
helsinkiunievents@helsinki.fi. If you wish to exercise your rights, please submit a written request to the contact person for the event.
Purpose of processing personal data
The personal data of participants are collected to help organise events and communicate information about them. We collect only personal data necessary for specific purposes.
Personal data are processed only for the following pre-determined purposes:
What data are processed?
The data are collected from people registering for an event and include their name, common contact details and participation information. The data requested may vary according to the event, but we only collect necessary data. The data are collected directly in connection with registration through event-specific forms. Data provided by email or phone or in person can also be stored if they are relevant for the arrangements.
In addition, information related to payments and payment methods will be stored if a participation fee is charged.
Regular sources of data include event participants, our customer information system and invoice database, and public sources.
Photography at events
The University of Helsinki may use still and/or video photography at events. The photographs or videos may be published on the University’s website or social media accounts or in other publications related to the University. The material will not be used for commercial purposes.
What are the legal grounds for processing?
Personal data are processed in the legitimate interests of the controller and based on registration for an event.
Storage periods
Data associated with a specific event will be deleted once they are unnecessary for its organisation or follow-up. Contact details may be used after the event to send out information on upcoming events in the same field, after which the details collected may be stored anonymously for the purposes of statistics. Accounting material is stored as required under the Accounting Act.
To whom are your data disclosed?
We can also outsource the processing of personal data to a third party, such as an event organiser, in which case we will make contractual arrangements to ensure that personal data are processed in accordance with data protection legislation and otherwise appropriately. A third party may also be responsible for the event facilities, safety and security, or catering.
Are data disclosed outside the EU?
Personal data is not transferred outside the EU or the European Economic Area.
The processing of the data of our graduates, exchange students and former and current staff members (alumni) is related to the mission of the University according to the Universities Act: Societal interaction.
We process the personal data of our alumni for the following purposes:
The processing of personal data is necessary for the performance of any task carried out in the public interest as referred to in the Universities Act (Section 2 of the Universities Act; Point 1e, Article 6 of the General Data Protection Regulation). Individuals join the alumni community of their own will.
The data of those who have given their consent are transferred from the student register to the alumni community. The alumni also provide personal data. (Address) information may be checked from public sources.
We retain the data of those who have joined the alumni community for the time being, i.e., the data will be deleted upon request or after we have been informed of the death of the person in question.
We do not disclose data to parties outside the University of Helsinki, excluding potential partners in the implementation of events or communication campaigns.
We use the following service providers for data processing:
We use MailChimp to send newsletters. The service provider is based in the United States and the data are also processed in the United States. MailChimp is committed to complying with the standard contractual clauses approved by the European Commission. More information is available on theMailChimp website.
For personal data management, we use the customer relationship management system provided by Salesforce. The service provider is based in the United States and Salesforce also has subsidiaries in other countries outside the EU. In addition, Salesforce uses subcontractors that are also partly established outside the EU. These non-EU countries may not offer the same level of data protection as within the EU. As a safeguard, Salesforce offers what are known as binding corporate rules approved by supervisory authorities (meaning legally binding rules for the transfer of personal data to third countries within the group). For non-group subcontractors, standard contractual clauses approved by the European Commission are used as a safeguard. More information is available on the Salesforce website.
yhteiskuntasuhteet@helsinki.fi
We process your personal data to understand the needs of current and prospective donors, enhance our customer service and other operations, develop new services and communicate about our activities. This enables the University to maximise its social impact.
For donations made, we process your data for the purposes of accounting, communications, official reporting and archiving.
We process your name, contact details and other data which third parties may combine and use to identify you. Such data may include:
Primarily, the basis for processing data is legislation applying to the University of Helsinki and, in certain special cases, consent given by you (e.g., for communications or newsletter subscriptions).
The processing of donor data occurs in compliance with a legal obligation.
In addition, collaboration partner data are processed in the legitimate interests of the controller.
Some required personal details come from you. For increased customer insight, the University of Helsinki can search for information from public sources. The data sources we use include online search engine services, the Digital and Population Data Services Agency, the University of Helsinki student and alumni records, the University event management system, and contact detail providers.
We preserve information permanently on donations made. We store other data for the period necessary to establish or maintain University of Helsinki collaboration partnerships.
As a rule, we do not disclose data outside the University of Helsinki, except when responding to data requests under the Act on Openness of Government Activities or submitting official reports (including reports to the Ministry of Education and Culture, the Tax Administration and the National Police Board of Finland). Data can also be published as part of University communications, as agreed with each donor.
We use the following service providers for data processing:
We use MailChimp to send newsletters. The service provider is based in the United States and the data are also processed in the United States. MailChimp is committed to complying with the standard contractual clauses approved by the European Commission. More information is available on the MailChimp website.
For personal data management, we use the customer relationship management system provided by Salesforce. The service provider is based in the United States and Salesforce also has subsidiaries in other countries outside the EU. In addition, Salesforce uses subcontractors that are also partly established outside the EU. These non-EU countries may not offer the same level of data protection as within the EU. As a safeguard, Salesforce offers what are known as binding corporate rules approved by supervisory authorities (meaning legally binding rules for the transfer of personal data to third countries within the group). For non-group subcontractors, standard contractual clauses approved by the European Commission are used as a safeguard. More information is available on the Salesforce website.
While performing activities related to the University’s advocacy and lobbying efforts, we process the data of decision-makers and the members of the University community who have participated in these efforts.
We process personal data to understand the needs of society, to look after the best interests of the University and develop our engagement with decision-makers, as well as to improve the quality of these operations and to communicate thereof. This enables the University to maximise its social impact.
In addition, we process your personal data for the purposes of official reporting (Finnish Transparency Register).
The processing of personal data is necessary for the performance of any task carried out in the public interest as referred to in the Universities Act (Section 2 of the Universities Act; Point e, Paragraph 1, Article 6 of the General Data Protection Regulation) and for compliance with a legal obligation (Finnish Transparency Register).
The University processes the following personal data related to decision-makers:
We process the following data related to individuals participating in the University’s lobbying efforts
Data are collected from the following sources:
We store the data permanently or, at minimum, for the period necessary to establish or maintain University of Helsinki’s public affairs.
We report our data to the Finnish Transparency Register: https://www.avoimuusrekisteri.fi/en
We use the following service providers for processing of personal data:
For personal data management, we use the customer relationship management system provided by Salesforce. The service provider is based in the United States, and Salesforce also has subsidiaries in other countries outside the EU. In addition, Salesforce uses subcontractors that are also partly established outside the EU. These non-EU countries may not offer the same level of data protection as within the EU. As a safeguard, Salesforce offers what are known as binding corporate rules approved by supervisory authorities (meaning legally binding rules for the transfer of personal data to third countries within the group). For non-group subcontractors, standard contractual clauses approved by the European Commission are used as a safeguard. More information is available on the Salesforce website.
The IT Centre is an independent institute of the University of Helsinki that provides IT services for the University community.
To be able to provide IT services, we need to process various types of information that can be used to identify you. Such services include but are not limited to: login service, network connections, software, computers, storage facilities, email, Microsoft 365, Wiki, Unitube, Moodle, Examinarium facilities and consultation. See all our centralised services in the IT Centre's service catalogue.
The purposes of processing include:
The processing of personal data is necessary to enable the completion of the University’s duties under section 2 of the Universities Act (558/2009) and the implementation of agreements between you and the University (employment contract, right to study or other agreement). The processing of personal data is also necessary for compliance with our legal obligations (such as the obligation to provide a sufficient level of information security on the basis of data protection legislation and Act on Information Management in Public Administration).
To be able to provide IT services, the University needs to process personal data from which you can be identified directly or indirectly. Direct identifiers include the personal identity code and student number. The data processed depends on the service used.
Some required personal details come from you. Examples:
Some personal data are connected to the identifiers the University of Helsinki has assigned you either directly or indirectly. Examples:
Some personal data are related directly to your studies or work. Examples:
Further information can be found in the IT Centre's privacy policies.
Data retention needs vary from system to system and according to the purpose for which the data are used.
For more details, see the IT Centre's privacy policies.
At the University of Helsinki, data is processed only by those employees of the University or those individuals mandated by the University or working on behalf of the University who need the data in their duties. Access to the data systems is restricted by user accounts.
The University of Helsinki may also use external parties to process personal data, such as businesses that provide system services and process personal data on behalf of the University of Helsinki on the basis of a mandate.
Personal data will only be disclosed outside the University of Helsinki or processed by the University in lawful situations.
In principle, personal data processed in the centralised services of the IT Centre will not be transferred outside the EU. If, exceptionally, personal data is transferred, it will only be transferred to countries that have been recognised by the European Commission as providing an adequate level of data protection. Alternatively, the transfer of data may be carried out using standard contractual clauses approved by the Commission.
kirjasto@helsinki.fi, nicola.nykopp@helsinki.fi
The Helka libraries use a customer register to monitor library loans, including debt collection and communication relating to loan monitoring as well as statistics. Loan monitoring also includes handling cases of errors. The contact details may also be used to request feedback on the service provided.
Types of customer data in the data file:
The processing is based on an agreement between the customer and the library (loans) or customer consent (the customer discloses the information or indicates that they consent to information being transferred from the University’s backend systems). Based on our legitimate interest in our contractual relationship, we may also send you requests for feedback.
New customers: Data is received directly from the customer or through an update from the University’s backend systems (see detailed description below).
Updating existing customer data: If the customer has outstanding obligations (loans which have not been returned or unpaid fees), erroneous contact details can be updated from University systems, data provided by a debt collection agency or data from the Digital and Population Data Services Agency. The grounds for the processing is the agreement between the library and the customer.
Data for members of the University community are updated from the University’s backend systems (consent given in conjunction with first login). When the customer logs in to the library customer interface for the first time using their University credentials and gives their consent for data transfer, the following data will be stored in the library system:
Within the next 24 hours, the following data are transferred from University systems (Oodi, Sisu, SAP):
All of these data are maintained in other University systems and cannot be altered in the library management system. Any changes made to the data are updated once a day in the library management system.
Once a year, the data of any customers without outstanding obligations or loans or reservations in the previous three years are removed from the system.
Customers whose data is updated from the University’s backend systems are removed from the data file one year after the expiration of their University username, unless they have by that time given notification of wishing to continue as a customer or if they have outstanding obligations (loans which have not been returned, unpaid fees).
Data are not disclosed outside systems required to provide library services.
Helka services are produced on the Alma (backend system) and Primo (customer interface) platforms, which are provided by a company called Ex Libris.
Data on loans that have not been returned and unpaid fees as well as related customer data can be transferred to a debt collection agency.
Data is disclosed to Finnish officials according to existing legislation.
No data is transferred outside the EU or the European
Helsinki University Museum Flame, Observatory and Art Room: liekki@helsinki.fi
At the Helsinki University Museum, personal data are processed for the following purposes:
Customers and collaboration partners
Museum collections
Museum staff
Customers and collaboration partners
Museum collections
Data relating to collections, including
Data on donors and lenders:
User data in the collection management system:
Museum staff
The processing of personal data relating to customers and collaboration partners is based on consent, a contractual relationship or legitimate interests.
In the case of collections, the processing of personal data is necessary for archiving purposes in the public interest.
In the case of staff, the processing of personal data is based on consent or a contractual relationship.
Museum customers, collaboration partners or donors provide their data independently (e.g., by filling a form or by email).
Data relating to the collections can be obtained from other archives, customers, collaboration partners or public sources. Donors provide information on the person whose property the donated material originally was.
Contact details relating to on-demand employees as well as events, prize drawings, feedback, communication, facility booking and invoicing are stored for as long as they are necessary for the planning and organisation of operations.
Data relating to collections are stored permanently.
As a rule, data on customers and collaboration partners are not disclosed outside the Museum. Data can be disclosed to collaboration partners, for example, for the purpose of organising joint events.
Data relating to the collections and donor data are disclosed in accordance with the general practices of museum operations. With the consent of donors, their contact details can be disclosed for research use or to another party requesting further information.
The names and contact details (phone number) of on-demand employees can be disclosed to other on-demand employees.
As a rule, personal data are not disclosed outside the EU. Personal data may be disclosed outside the EU when using an external service provider, for example, for surveys or registration. In such cases, the applicable safeguards are implemented (e.g., standard contractual clauses approved by the European Commission).
Copies of material included in the collections and data relating to the collections can be disclosed outside the EU as well.
The National Library is a separate institution of the University of Helsinki. You can read more about the processing of personal data at the National Library on their own pages: Link to the National Library's privacy policy page.
rekrytointi@helsinki.fi, you can modify and erase data by yourself on our recruitment portal: https://jobs.helsinki.fi/
Processing of applications, assessment of aptitude, and communication related to appointee selection.
We also wish to promote equality in our recruitment as well as ensure smooth integration into Finnish society for employees arriving from abroad.
Personal data will also be processed for statistical purposes and, in the case of professor recruitment, the personal data of the top applicanrs will be stored permanently for archiving purposes in the public interests.
Other details the applicant considers relevant to the position
Certain data are required for related processes and communication. The rest, provided voluntarily by the applicant, help us assess the applicant’s aptitude for the position in question.
For external assessors involved in University of Helsinki recruitment processes, names and email addresses are stored in the system.
The applicant submits his/her personal data and application voluntarily. The legal basis for processing the data are the following:
Data are collected from the data subject.
In the case of persons employed by the University of Helsinki, their name, date of birth and contact details are transferred to the recruitment system from the University of Helsinki’s SAP HR human resources information system.
In certain recruitment processes, data are also collected with the applicant’s consent from separate external assessors in, for example, aptitude assessments or, in professor recruitment, external academic assessments.
We will retain position-specific application data for approximately two years from the date of the recruitment decision, after which the applicant's direct identification data and application attachments will be deleted, with the exception of the selected candidates and top applicants for the assistant professor and professor positions, which are permanently stored for archiving purposes. The applicants' general information, e.g., date of birth, gender, nationality, graduation date and degree data, will be permanently retained and used in reporting only.
In the case of recruitment processes including an aptitude assessment or another assessment by experts, personal data can be disclosed to the assessors involved in the process. In such cases, data can be processed by the assessors within or outside the European Union.
As an institution under public law, all recruitments made by the University are public. This means that, when requesting data from applicants, the Act on the Openness of Government Activities (621/1999) requires the University to disclose application documents and any data pertaining to the recruitment process.
The data contained in the data file are stored within the European Union, and they are not transferred outside the EU or the European Economic Area. As an exception, personal data can be processed by external assessors outside the EU in conjunction with assessments associated with recruitment. When disclosing data outside the EU, we employ the protective measures required by law, such as the standard contractual clauses provided by the European Commission.
HR lawyer: tuuli.siren-niskanen@helsinki.fi
The University of Helsinki processes your personal data to carry out activities related to human resources administration and employment affairs, as well as to fulfil its duties and obligations as an employer. The University of Helsinki utilises the data included in the data file when performing duties concerning data subjects required by legislation, collective agreements and separate decisions and regulations. Such duties include:
Data subjects employed by the University of Helsinki
Fee and grant recipients, researchers, docents, visiting professors and professors emeriti
Persons performing non-military service and agency contract workers
External parties attending training
Sensitive personal data: Health data and trade union membership data are processed in the HR systems.
Data subjects employed by the University of Helsinki:
Data subjects not employed by the University of Helsinki, such as grant-funded researchers, docents and fee recipients:
Personal data originate from the following sources:
The storage periods are based on the Archives Act (831/1994) and other relevant legislation, as well as the University of Helsinki's guidelines and archiving plan. Personal data are only stored for as long as they are needed. Most common storage periods: Employees’ employment contract data are stored for at least 10 years after the termination of employment and payroll data for 50 years. However, working hour monitoring data are only stored for two years. In the case of applicants to professorships for whom assessor statements have been requested, application documents are stored permanently for scientific research purposes.
Data may be disclosed to other university units when needed. At the university, personal data can be collected and processed by those whose job duties require it, eg supervisors and HR personnel, IT Center.
Data is also disclosed to authorities, employer and employee organisations, insurance companies, banks, subcontracted companies and consultants within the limits set by valid legislation and to the extent required by the provision of services, f.ex. Kela, providers of occupational health and travel agency services and the Finnish Education Employers association.
Data will only be transferred outside the EU or the EEA in cases where legislation, tax treaties or social security agreements stipulate that employer obligations pertaining to the employee are to be implemented outside the EU or the EEA.
The University’s Financial Services processes personal data for the following purposes:
Our partner in travel management is CWT. For further information on how CWT processes personal data, please click here: CWT global privacy policy and notice.
The processing of personal data is necessary to fulfil obligations arising from legislation (management of sales and purchase invoices, including reminders; accounting). In addition, the processing of personal data may be necessary to implement a contract or an agreement to which you are a party (travel management, management of external funding, and allocation of working hours).
The following personal data of employees are processed:
The following personal data of non-employees are processed:
Personal data are collected from individuals themselves and, in the case of employees, from HR management systems.
Data are stored in accordance with accounting legislation and other obligations, such as funder requirements.
We disclose data to the Finnish Tax Administration, auditors and funders.
Data are processed within the EU and are not, as a rule, disclosed outside the EU. However, if you travel to a country outside the EU, your personal data will be disclosed if necessary to arrange the trip. Data may also be disclosed to funders outside the EU if you are involved in a project that receives funding from outside the EU.
Personal data are processed to investigate and process notifications received through the whistleblower channel.
The University of Helsinki has a statutory responsibility to process notifications related to possible misconduct or illegal activities received through the whistleblower channel.
To the degree that special categories of personal data (such as health, religious beliefs, political opinions) need to be processed, the processing is necessary for the establishment, exercise or defence of legal claims, or reasons of substantial public interest based on legislation on whistleblower channels.
Legislation related to whistleblower protection:
For the whistleblower: Name and contact information (if the whistleblower has enclosed/provided them). Whistleblowers can submit their notifications either using their own name or anonymously.
Object of the notification: Information related to illegal or unethical activities given in the notification or that have surfaced while investigating the notification.
Notification data irrelevant to investigating the notification will not be processed.
The data is received from notifications submitted through the whistleblower channel and from individuals participating in the investigation of the notification, as well as other parties necessary for the investigation of the notification.
As a rule, data received through the whistleblower channel will be stored for five (5) years at maximum.
Data can be stored for longer if it is necessary for the implementation of rights and obligations provided for in legislation or necessary for the establishment, exercise or defence of legal claims.
Data are processed among a predetermined processing group at the University of Helsinki. Information on suspected misconduct is disclosed to the specialist group handling the matter as well as the director of administration and the rector.
Depending on the case, data may be disclosed outside the University, if handling the matter requires contacting authorities, for example, reporting criminal activities with the police.
Data are not disclosed outside the EU.
lakipalvelut-yleishallinto@helsinki.fi, tel. 0294140855
The purpose of processing your personal data is election of members for the administrative bodies of the University of Helsinki.
The lawful basis for processing is that the processing is necessary to comply with a legal obligation. We process sensitive data if the data subject has manifestly made the data public.
The Universities Act, chapter 3 prescribes on the administrative bodies of the university and electing members for them. The regulations and electoral regulations for the University of Helsinki, decreed on the basis of the Universities Act, sections 13, 15, 27, 28 and 29, give more detailed instructions on elections. In addition the University organizes elections on the basis of the Act on Occupational Safety and Health Enforcement and Cooperation on Occupational Safety and Health at Workplaces.
The University of Helsinki processes the following data:
The following sensitive data may be processed, as candidates may make this data public in their presentations should they so wish:
The list is not exhaustive, even other data will be processed if processing is necessary for organizing elections.
The persons themselves:
The University staff data system
Electoral roll
Minutes of the University Elections Committee
The University elections data system Vakka
Retention times for data are determined in the University Archiving plan (AMS). The archives institution orders which data or documents are retained permanently. In accordance with an order of the archives institution the University Archiving plan determines that elections documents are retained permanently.
Data on members elected to administrative bodies (name, staff group) is published on the University external webpages. Results of elections (name, staff group, number of votes) and data on members elected to administrative bodies is published on the University internal webpages. Publishing of the data is based on
The University of Helsinki is responsible for publishing Finland’s Official Government Directory and has the right, under the Universities Act, to obtain the information required for this purpose from government authorities. The Official Government Directory provides an overview of the structure of Finnish public administration and the individuals exercising public power or otherwise making decisions relevant to the public.
The directory has been published as a book since 1811. It is used as a reference work in the public and private sectors in Finland and abroad. Editing the directory requires taking into account its role in announcing foreign honours and decorations.
The legal grounds for processing personal data are compliance with a legal obligation and performance of a task in the public interest (Universities Act 558/2009, section 73; Data Protection Act 1050/2018, section 4).
The directory contains information on the senior public officials of government agencies and institutes and on contractually employed staff holding senior positions. For private companies and organisations, only senior management is presented.
Your following personal data are published in the directory:
Data are collected from government agencies and institutes, municipalities, and key associations. Individuals updating information on their organisations submit the relevant personal data to the Official Government Directory via its online service once a year.
The data are published in print and electronically on the Official Government Directory website. They are updated annually for the latest version of the directory.
Alma Talent collects data annually for the Official Government Directory. If necessary, Alma Talent can disclose data for the layout of the book to the company responsible for it.
In producing the publication, personal data are not transferred outside the EU or EEA.
turvallisuusvalvomo@helsinki.fi
The University of Helsinki uses access control and closed-circuit television (CCTV) to protect its assets, prevent criminal activity and misconduct, investigate criminal activity and misconduct that has already occurred, and provide a safe, secure and peaceful environment for staff and students.
The University’s access control systems collect and store data about the opening of doors with access control tags that are registered in the systems. This prevents and minimises unauthorised access to University premises, enables appropriate access and accessibility to authorised individuals, and helps maintain safe, secure and comfortable facilities for work, study and research.
The processing of personal data is based on legislation concerning the University of Helsinki and on legitimate interests. The University of Helsinki is obliged by law to provide its students with a safe learning environment (Universities Act, 559/2009, section 41a) and its staff with a safe working environment (Occupational Safety and Health Act, 738/2002).
For access control, the personal data of staff are derived from the University’s HR Services or from key application forms completed by the staff or their supervisors. Student data are obtained from the Sisu student information system. For CCTV, data are derived from the digital images recorded by cameras that are installed in the University’s premises or their immediate vicinity.
For access control, personal data are deleted at the earliest when the relevant individual has returned the keys that have provided them with access to University facilities. Access control data (log data) are stored in the relevant systems for an average of approximately one year.
CCTV recordings are stored depending on the capacity of the systems. Well-grounded suspicions of criminal activity or misconduct may lead to the storage of data for a longer period.
Data are not disclosed regularly to parties outside the University of Helsinki or University of Helsinki Property Services Ltd.
Data from the systems can be disclosed to the authorities, for example, for the purpose of criminal investigations.
We store all data within the European Economic Area (EEA).
Teaching facilities: tilavaraus@helsinki.fi
Ceremonial and other bookable event facilities:
Why do we process your personal data?
Data needed to organise events are collected from event organisers and processed for the following purposes:
What is the lawful basis for processing?
The legal ground for the processing is the contractual relationship. The personal data are needed for us to book the agreed facility for the desired purpose and to provide other services related to the booking.
What kind of personal data do we process?
The data requested may vary according to the event, but we only collect necessary data. The data to be processed include
Photography and filming in rented facilities
Upon agreement, still and/or video photography is permitted in events held at University of Helsinki facilities. Upon separate agreement, the photographs or videos may be published on the University’s website or social media accounts or in other publications related to the University. The material will not be used for commercial purposes.
What are the sources for personal data?
The data are collected directly from the individual or event organiser in conjunction with a written enquiry concerning the event facility. Data provided by email or phone or in person can also be stored if they are relevant for the arrangements. The booker of the facility will provide the details of the person responsible for the event arrangements, for example, in the booking form or by email.
Retention times
Contact details relating to facility booking, events and invoicing are stored for as long as they are necessary for the planning and organisation of operations.
Accounting material is stored as required under the Accounting Act.
Do we disclose your personal data to third parties?
We can outsource the processing of personal data to a third party, such as a provider of event services, in which case we will make contractual arrangements to ensure that personal data are processed in accordance with data protection legislation and otherwise appropriately. A third party may also be responsible for the event facilities, safety and security, or catering.
Do we transfer your data outside the EU/European Economic Area?
As a rule, the data of bookers of facilities at the University of Helsinki are processed in the EU.
According to its data protection policy, the University will exercise particular care if personal data are to be transferred outside the EU or the European Economic Area (EEA) to countries where data protection regulations do not conform to the EU’s General Data Protection Regulation.
If personal data are transferred outside the EU or the EEA, and the European Commission has not deemed the level of data protection in the target country to be sufficient, data protection will be ensured under the relevant legislation using the standard contractual clauses approved by the European Commission.
You can make a request for information about your personal data to tietosuoja@helsinki.fi
As for the exercise of other rights, practices vary depending on the context in which your data are processed and you can deal directly with the unit processing your data or, in certain cases, for example, delete, add or edit your data yourself. In case of doubt, you can contact the above address.
If the processing of personal data is based on your consent, you have the right to withdraw your consent. Withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal.
You have the right to know whether your personal data is being processed and what data is processed. You may also request us to give you a copy of your personal data.
If there are inaccuracies or the personal data processed about you are incomplete you have the right to request us to rectify or complete your personal data.
You have the right to request the deletion of your personal data in the following cases:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
b) You withdraw your consent on which the processing was based and there is no other legal ground for the processing
c) You object for the processing and there are no overriding legitimate grounds for the processing
d) The personal data have been unlawfully processed
e) The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject
You do not have the right to erasure, if the processing is necessary:
a) For compliance with a legal obligation which requires processing by law
b) For the performance of a task carried out in the public interest or in the exercise of official authority
c) For archiving purposes in the public interest, scientific of historical research purposes or statistical purposes if the erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing
d) For the establishment, exercise or defense of legal claims
You have the right to restrict the processing of your personal data. This means that we retain your information but do not process it in any other way.
You have this right in the following cases:
a) The accuracy of the personal data is contested by you. Then the processing will be restricted until the accuracy of the data is verified.
b) The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead
c) The university no longer need the data for the purposes of the processing, but you need the data for the establishment, exercise or defense of legal claims
d) You have objected to processing that is based on legitimate interest. Then the processing will be restricted for the time it is verified whether the legitimate ground for the controller override those of the data subject
When the processing is done by automatically means and the processing is based on your consent or a contract between you and the University, you have the right to have your data that you have provided, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller.
When it is technically feasible, you have the right to have the data transmitted directly to the other controller.
You have the right to object for the processing of your personal data. Then we shall no longer process the data unless we demonstrate compelling legitimate grounds for the processing which overrides the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. University can also continue to process your personal data if it is necessary for the performance of a task carried out in the public interest.
You have the right to lodge a complaint with the Data Protection Ombudsman’s Office if you think your personal data has been processed in violation of applicable data protection laws.
Contact details:
Office of the Data Protection Ombudsman
Visiting address: Ratapihantie 9, 6th floor, 00520 Helsinki
Postal address: PL 800, 00521 Helsinki
Switchboard: 029 56 66700
E-mail: tietosuoja@om.fi
Do you want information about documents or data held by the university? You can submit a request for information to the university in accordance with the Act on the Openness of Government Activities. Please refer to the description of document publicity and make a request for information according to the guidelines.