Data protection statement
We process personal data relating to communications, marketing, donations, subscriptions, registrations and student applications on our public website and in systems connected to the website. This statement provides more information about how we process personal data.
The controller of the data file, or the party responsible for processing your data, is the University of Helsinki.
Controller of the data file:
University of Helsinki
PO Box 3
00014 University of Helsinki
Why do we process your personal data, or what is the purpose of the processing?
Your personal data are processed on the helsinki.fi website, because they are needed for the technical maintenance of the website, for communications and marketing as well as for analysing the use of the website and its further development.
Why do we have the right to process your personal data, or what is the legal basis for the processing?
The helsinki.fi website will process your personal data when they are relevant for communications, marketing or the provision of the service, or you have consented to the processing of your data. The personal data are processed in ways that are relevant to the provision of the service, and appropriate processes are in place for the processing of the personal data.
Data Protection Act
Act on the Openness of Government Activities (621/1999)
What kind of personal data are we processing?
We primarily process the kind of personal data from which you cannot be identified. Our page analytics collects information on visitors’ IP addresses. Whenever we process your contact details, we will ask for your permission. We will process your contact details when you
- Give feedback on the website
- Sign up for an event that requires registration in advance
- Subscribe to messages or publications from the University, e.g., a newsletter or Yliopisto magazine, or you join a mailing list
- Submit a student application
- Make an online donation
- Register as an alumnus/alumna
- Order University products
We do not process confidential personal information.
Cookies and third-party applications
Third-party services offered through the helsinki.fi website, or applications with third-party vendors, will fall under the terms and conditions issued by the third party.
Cookies are used to track online behaviour, e.g., how users navigate to the website or what the most popular pages and user paths are, as well as to collect use-related technical data, such as the device and browser, whether the user is a University of Helsinki internal or external user as well as the number of shares on social media with the help of social media extensions. Cookies are also used to recommend content, target marketing and improve quality.
The information will not be used to identify individual users.
Google Analytics and Google Tag Manager
User monitoring to analyse the use of webpages and their components, not to be connected with other types of cookies. These enable us to improve the user experience of our pages and applications as well as user reporting.
A content recommendation application
This application records visual information on the use of the website and enables users to send feedback on their use of the website.
Used to improve the accessibility, quality and search engine findability of the website. The application can be used to find and remove personal data from the website.
YouTube, Facebook,Twitter, LinkedIn
Social media applications to track shares on social media
With the help of information from cookies, the University of Helsinki’s partners can also track the user numbers and use of the service. Our partners typically need user data to create targeted marketing based on user interests as well as to monitor the effectiveness of their communications and marketing.
The University of Helsinki’s public website uses third-party applications to maintain the site and to offer services to its users, clients and partners.
- The Drupal publication system is used to maintain the helsinki.fi website. Drupal only collects personal data in conjunction with accounts for the members of the University community who use and maintain the service.
- The University’s event calendar (eTaika) processes your personal data when you sign up for an event.
- The University of Helsinki’s client management system (Salesforce) processes stakeholder data, such as information on alumni and donors. The public website is linked to a client register in cases that relate to donating, alumni activities as well as communications and marketing.
- In the case of third-party applications, the terms and conditions of the third party will be followed.
You will not be added to subscriber lists or registers without explicit consent. You can withdraw your consent at any time by cancelling any newsletters or sending a request for removal to the University of Helsinki via the feedback page. This means that your data will no longer be collected.
How long will we store your personal data?
We do not store personal data permanently.
Transferring data outside the EU or EEA
The University’s data protection policy is to apply particular care to the processing of personal data if such data are to be transferred outside the EU and the EEA to countries which do not provide data protection that complies with the EU’s General Data Protection Regulation (GDPR).
On the website, IP addresses and personal data are processed outside the EU and the EEA by the following applications: social media extensions to track social media shares, MailChimp newsletters and Google Analytics. The transfer of personal data outside the EU and EEA must be carried out according to the requirements of the GDPR.
You have the right to know whether we are processing your personal data. If we are processing your personal data, you have the right to know which data we are processing.
1. The right to demand that information be rectified and removed
You have the right to demand that incorrect information be rectified by contacting us.
You may request us to remove your personal data from our systems. We will comply with your request if we have no justified reason to refrain from removing the data. The data may not be immediately removed from all of our backup and other equivalent systems.
2. The right to refuse direct marketing
You have the right to refuse direct digital marketing by following the instructions included in all of our marketing messages. We never send direct marketing messages without consent from the recipient.
3. The right to restrict the processing of data
You may request that we refrain from processing specific personal data. A request to restrict the processing of data may result in a limited experience of our webpages and services.
4. The right to know when data are transferred between systems
If we need to transfer your data from one system to another, we always request permission from you personally, and the processing of such data is based on consent.