This page describes the processing of personal data on the helsinki.fi website. Other data protection statements are available here.
Data protection statement
We process personal data relating to communications, marketing, donations, subscriptions, registrations and student applications on our public website and in systems connected to the website. This statement provides more information about how we process personal data.
The controller of the data file, or the party responsible for processing your data, is the University of Helsinki.
Controller of the data file:
University of Helsinki
PO Box 3
00014 University of Helsinki
Why do we process your personal data, or what is the purpose of the processing?
Your personal data are processed on the helsinki.fi website, because they are needed for the technical maintenance of the website, for communications and marketing as well as for analysing the use of the website and its further development.
Why do we have the right to process your personal data, or what is the legal basis for the processing?
The helsinki.fi website will process your personal data when they are relevant for communications, marketing or the provision of the service, or you have consented to the processing of your data.
What kind of personal data are we processing?
We primarily process the kind of personal data from which you cannot be identified. Our page analytics collects information on visitors’ IP addresses. Whenever we process your contact details, we will ask for your permission. We will process your contact details when you
- Give feedback on the website
- Sign up for an event that requires registration in advance
- Subscribe to messages or publications from the University, e.g., a newsletter or Yliopisto magazine, or you join a mailing list
- Submit a student application
- Make an online donation
- Register as an alumnus/alumna
- Order University products
We do not process confidential personal information.
Cookies and third-party applications
Cookies are used to monitor online behaviour, such as the paths visitors take to the University of Helsinki website, the most popular pages and how the website is navigated. In addition, technical details are collected on, for example, devices and browsers used, as well as whether visitors are internal or external users. Cookies are also used to recommend and personalise content, target and measure marketing and improve quality.
In addition we use an application called Frosmo to target and personalise content.
In targeting and measuring advertising, services such as Facebook, Google, Instagram, Messenger, YouTube, LinkedIn and Twitter have the ability to link usage data pertaining to the University of Helsinki website to the data possessed by the services. You may edit your user settings in these services if you do not wish to receive advertising based on your online behaviour. The University of Helsinki also conducts similar cooperation with Sanoma Media Finland.
The University’s targeted marketing usually concerns job advertisements, degree programmes, events and science news.
Users can block targeted marketing by third parties either entirely or for individual businesses through the Your Online Choices website maintained by the European Interactive Digital Advertising Alliance (EDAA). Further information on targeted marketing based on browsing activity is available on the Your Online Choices website.
To improve quality, we are using the SiteImprove application, with which we assess the accessibility and search engine findability of our website in particular. Feedback on the website is collected through the Hotjar application, while Google Analytics collects data on visitor numbers, behaviour and location, as well as on the devices and browsers they use.
Cookies can be blocked from the settings of your browser. If your browser does not allow cookies, you should note that blocking cookies may affect the functionality of certain services. Cookies can be blocked from the settings of your browser.
Cookie data also helps partners of the University of Helsinki monitor visitor numbers and usage of the service. Advertising agencies and other partners need user data primarily for producing targeted advertising based on visitors’ interests, as well as for assessing the productivity of communications and marketing.
The University of Helsinki’s public website uses third-party applications to maintain the site and to offer services to its users, clients and partners.
- The Drupal publication system is used to maintain the helsinki.fi website. Drupal only collects personal data in conjunction with accounts for the members of the University community who use and maintain the service.
- The University’s event calendar (eTaika) processes your personal data when you sign up for an event.
- The University of Helsinki’s client management system (Salesforce) processes stakeholder data, such as information on alumni and donors. The public website is linked to a client register in cases that relate to donating, alumni activities as well as communications and marketing.
- The University's Helsinki Summer School is using electronic application and admission system called Dream Apply to process the personal data given by applicants and students admitted to courses given by Helsinki Summer School. Dream Apply electronic application and admission system´s Data Protection Statement (PDF).
- In the case of third-party applications, the terms and conditions of the third party will be followed.
You will not be added to subscriber lists or registers without explicit consent. You can withdraw your consent at any time by cancelling any newsletters or sending a request for removal to the University of Helsinki via the feedback page. This means that your data will no longer be collected.
How long will we store your personal data?
The duration of storage of personal data depends on the purpose of the processing. We comply with the University’s archiving plan.
Transferring data outside the EU or EEA
The University’s data protection policy is to apply particular care to the processing of personal data if such data are to be transferred outside the EU and the EEA to countries which do not provide data protection that complies with the EU’s General Data Protection Regulation (GDPR). When transferring data, we employ appropriate safeguards, such as the standard contractual clauses provided by the European Commission.
On the website, IP addresses and personal data are processed outside the EU and the EEA by the following applications: social media extensions to track social media shares, MailChimp newsletters and Google Analytics.
You have the right to know whether we are processing your personal data. If we are processing your personal data, you have the right to know which data we are processing.
1. Right to access
You have the right to know whether we process your personal data and what data we process about you. You have also the right to request for the access to that data.
2. The right to demand the information to be rectified or removed
You have the right to demand that incorrect information be rectified by contacting us.
You may request us to remove your personal data from our systems. We will comply with your request if we have no justified reason to refrain from removing the data. The data may not be immediately removed from all of our backup and other equivalent systems.
3. The right to refuse direct marketing
You have the right to refuse direct digital marketing by following the instructions included in all of our marketing messages. We never send direct marketing messages without consent from the recipient.
4. The right to withdraw your consent
When the processing is based on your consent, you have the right to withdraw your consent any time.
5. Right to object
You have the right to object for the processing of your personal data when the processing is based on legitimate or public interest. Then we shall no longer process the data unless we demonstrate compelling legitimate grounds for the processing which overrides the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. University can also continue to process the data if it is necessary for the performance of a task carried out in the public interest.
6. The right to restrict the processing of your data
You have the right to request for the restriction of processing. This means that we store the data but do not process it in any other way.
You have this right when:
a) The accuracy of the personal data is contested by you. Then the processing will be restricted until the accuracy of the data is verified.
b) The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead
c) We no longer need the data for the purposes of the processing, but you need the data for the establishment, exercise or defense of legal claims
d) You have objected to processing that is based on legitimate interest. Then the processing will be restricted for the time it is verified whether the legitimate ground for the controller override those of the data subject.
7. The right to data portability
When the processing is done by automatically means and the processing is based on your consent, you have the right to have your data that you have provided and have the right to transmit this data to another controller.
8. Right to lodge a complaint
You can always contact us if you have any questions or concerns about the processing of your personal data. However, you have also the right to lodge a complaint with the Data Protection Ombudsman’s Office if you think your personal data has been processed in violation of applicable data protection laws.