Terms of use for Microsoft 365 cloud services

These terms of use apply to the University of Helsinki’s staff, students and other persons who have been granted user rights to the Internet-based Microsoft 365 cloud services by the university. Taking cloud services into use requires that the user indicates that they have read these terms of use and accepted them.
  • The university is responsible for employer risk and for ensuring that the use of Microsoft 365 services complies with applicable legislation and the guidelines issued by the Data Protection Ombudsman.
  • As before, employees are responsible for using Microsoft 365 services appropriately and responsibly.
Näihin sitoudut

When you use the cloud services, you agree that you do not:

  • cause impediment or damage to the University of Helsinki, other users of the service or the information systems;
  • produce or distribute junk mail;
  • intentionally and knowingly store handle or share in the service the following data in unencrypted form:
    • performance level information,
    • personal identity codes,
    • personal aptitude or personal evaluation data of applicants or employees,
    • labour agreements or confirmed salary and performance data,
    • information concerning health or illness (such as doctor’s certificates),
    • information concerning drug tests,
    • patient information,
    • non-public biobank and genome data,
    • information on the customers of social welfare services,
    • other sensitive personal information (Act on the Openness of Government Activities (1050/2018)


  • passwords or other information related to the technical security of information systems,
  • tenders for public procurements or other confidential materials related to requests to tender before such materials have become public based on the Act on the Openness of Government Activities (621/1999),
  • a third party’s copyrighted or licensed material if such a third party has prohibited the processing of such materials in cloud services,
  • trade secrets,
  • illegal material.

Processing information concerning unpatented inventions or research data that can be utilized commercially in the service is not recommended. The agreement conditions of external partners or financers may restrict the processing of agreement documents and trade secrets, materials protected by IPRs (intangible rights, such as copyright and patents) and unpublished research data in a cloud service. In case of such information, you should check the applicable rules from the agreement or the partner.


The University of Helsinki and the service provider are entitled to cancel your user rights if you abuse the service. Your right to use the service ends at the end of your employment or studies, as well as when other justifications for use cease to exist. When your right to use the service ceases to exist, you shall, as soon as possible, transfer the e-mails and files which you have stored in the service and which are related to the University of Helsinki to a storage location agreed with your supervisor or other contact person.

The University of Helsinki is not responsible for the functioning of the cloud services provided by Microsoft, or for any possible malfunctions or outages in the cloud service. Files stored in the service are stored on several servers at the same time. The University of Helsinki does not make backup copies of materials stored in the service, and administration is not able to restore any Microsoft 365 services or other materials deleted by the user.

The University of Helsinki is entitled to monitor the use of services by means of technical methods. The university follows the applicable legislation in all its operations. This includes, among other things, the Act on the Protection of Privacy in Working Life (759/2004) and the Act on the Openness of Government Activities (1050/2018). The personal data of the users of the service are processed according to the legislation with due care and following good practices for data processing.

Microsoft 365 services contents, attachments and calendar entries are only processed within the EU. Microsoft complies with the European Commission’s model contractual clauses for the transfer of personal data to third countries. This commitment by Microsoft ensures that user information and data are adequately protected even outside the EU.

Microsoft may use third party contractors only for specific restricted operations (service maintenance, resolution of technical software or server problems, technical user support), and also the contractor may process cloud service user data for these purposes. Microsoft requires that all contractors comply with, at a minimum, the privacy protection and information security standards which Microsoft complies.

The University of Helsinki reserves the right to alter these terms and conditions. Users are notified of any changes on the university’s intranet site Flamma.