Data protection statement
We process personal data relating to communications, marketing, donations, subscriptions, registrations and student applications on our public website and in systems connected to the website. This statement provides more information about how we process personal data.
The controller of the data file, or the party responsible for processing your data, is the University of Helsinki.
Controller of the data file:
University of Helsinki
PO Box 3
00014 University of Helsinki
Why do we process your personal data, or what is the purpose of the processing?
Your personal data are processed on the helsinki.fi website, because they are needed for the technical maintenance of the website, for communications and marketing as well as for analysing the use of the website and its further development.
Why do we have the right to process your personal data, or what is the legal basis for the processing?
The helsinki.fi website will process your personal data when they are relevant for communications, marketing or the provision of the service, or you have consented to the processing of your data. The personal data are processed in ways that are relevant to the provision of the service, and appropriate processes are in place for the processing of the personal data.
Data Protection Act
Act on the Openness of Government Activities (621/1999)
What kind of personal data are we processing?
We primarily process the kind of personal data from which you cannot be identified. Our page analytics collects information on visitors’ IP addresses. Whenever we process your contact details, we will ask for your permission. We will process your contact details when you
- Give feedback on the website
- Sign up for an event that requires registration in advance
- Subscribe to messages or publications from the University, e.g., a newsletter or Yliopisto magazine, or you join a mailing list
- Submit a student application
- Make an online donation
- Register as an alumnus/alumna
- Order University products
We do not process confidential personal information.
Cookies are used to monitor online behaviour, such as the paths visitors take to the University of Helsinki website, the most popular pages and how the website is navigated. In addition, technical details are collected on, for example, devices and browsers used, as well as whether visitors are internal or external users. Cookies are also used to recommend and personalise content, target and measure marketing and improve quality.
For content recommendations, we are employing an application called Leiki. In addition we use an application called Frosmo to target and personalise content.
In targeting and measuring advertising, services such as Facebook, Google, Instagram, Messenger, YouTube, LinkedIn and Twitter have the ability to link usage data pertaining to the University of Helsinki website to the data possessed by the services. You may edit your user settings in these services if you do not wish to receive advertising based on your online behaviour. The University of Helsinki also conducts similar cooperation with Sanoma Media Finland.
The University’s targeted marketing usually concerns job advertisements, degree programmes, events and science news.
Users can block targeted marketing by third parties either entirely or for individual businesses through the Your Online Choices website maintained by the European Interactive Digital Advertising Alliance (EDAA). Further information on targeted marketing based on browsing activity is available on the Your Online Choices website.
To improve quality, we are using the SiteImprove application, with which we assess the accessibility and search engine findability of our website in particular. Feedback on the website is collected through the Hotjar application, while Google Analytics collects data on visitor numbers, behaviour and location, as well as on the devices and browsers they use.
Cookie data also helps partners of the University of Helsinki monitor visitor numbers and usage of the service. Advertising agencies and other partners need user data primarily for producing targeted advertising based on visitors’ interests, as well as for assessing the productivity of communications and marketing.
The University of Helsinki’s public website uses third-party applications to maintain the site and to offer services to its users, clients and partners.
- The Drupal publication system is used to maintain the helsinki.fi website. Drupal only collects personal data in conjunction with accounts for the members of the University community who use and maintain the service.
- The University’s event calendar (eTaika) processes your personal data when you sign up for an event.
- The University of Helsinki’s client management system (Salesforce) processes stakeholder data, such as information on alumni and donors. The public website is linked to a client register in cases that relate to donating, alumni activities as well as communications and marketing.
- The University´s Helsinki Summer School is using electronic application and admission system called Dream Apply to process the personal data given by applicants and students admitted to courses given by Helsinki Summer School. Dream Apply electronic application and admission system´s Data Protection Statement (PDF).
- In the case of third-party applications, the terms and conditions of the third party will be followed.
You will not be added to subscriber lists or registers without explicit consent. You can withdraw your consent at any time by cancelling any newsletters or sending a request for removal to the University of Helsinki via the feedback page. This means that your data will no longer be collected.
How long will we store your personal data?
We do not store personal data permanently.
Transferring data outside the EU or EEA
The University’s data protection policy is to apply particular care to the processing of personal data if such data are to be transferred outside the EU and the EEA to countries which do not provide data protection that complies with the EU’s General Data Protection Regulation (GDPR).
On the website, IP addresses and personal data are processed outside the EU and the EEA by the following applications: social media extensions to track social media shares, MailChimp newsletters and Google Analytics. The transfer of personal data outside the EU and EEA must be carried out according to the requirements of the GDPR.
You have the right to know whether we are processing your personal data. If we are processing your personal data, you have the right to know which data we are processing.
1. The right to demand that information be rectified and removed
You have the right to demand that incorrect information be rectified by contacting us.
You may request us to remove your personal data from our systems. We will comply with your request if we have no justified reason to refrain from removing the data. The data may not be immediately removed from all of our backup and other equivalent systems.
2. The right to refuse direct marketing
You have the right to refuse direct digital marketing by following the instructions included in all of our marketing messages. We never send direct marketing messages without consent from the recipient.
3. The right to restrict the processing of data
You may request that we refrain from processing specific personal data. A request to restrict the processing of data may result in a limited experience of our webpages and services.
4. The right to know when data are transferred between systems
If we need to transfer your data from one system to another, we always request permission from you personally, and the processing of such data is based on consent.