Privacy Policy

Updated 1 September 2017

Aalto University (”Aalto”) collects personal data from the users of its website. Aalto is committed to processing personal data in accordance with the legislation on the protection of personal data.

This privacy policy may be updated; this page contains the up-to-date version.

Purpose of processing the personal data

We process your personal data for the purposes of technical maintenance and development of the Aalto website as well as for communicating and marketing, analysing and developing the website contents.

What information do we collect?

The Aalto website collects such information on its users as is relevant for the purposes defined in the privacy policy.

Information you supply to Aalto

The website asks for your name and email address when you give feedback or when you subscribe to a mailing list.

Information collected through observing service use

Aalto collects information about the Aalto website users with the help of cookies, for instance. A cookie is a small text file sent to the browser of the website user, usually containing an anonymous identification number; the cookie is not harmful to the device used. 

We collect statistics on, for example, the number of visitors, country of visitor, length of visit, browser used and contents visited by the user. Additionally, we keep statistics on whether the visitors are internal or external to Aalto University. The data collected is not personally identifiable.

We collect data from emails in accordance with the terms and conditions of MailChimp. For details, see

Random browsing sessions are recorded to analyse user experience and behaviour. Form input information is not stored in recordings.

Feedback form email addresses and recordings are stored in HotJar servers. To get to know their privacy policy and terms of service, visit

How do we use the information collected?

The website stores and compiles statistics of the data submitted by the user through feedback forms, mailing list subscriptions, and cookies, for instance. We analyse this data using tools such as Google Analytics. For more information on Google Analytics, visit You can prevent Google Analytics from collecting data by downloading an browser add-on at:

Recordings and heatmaps are analyzed from user experience and behaviour point of view. 

For service requests, we use the eSupport system, which saves the data supplied by the users when they give feedback. For details on the system, go to

If you wish to subscribe to a mailing list, your e-mail address will be stored. Since we use MailChimp for mailing lists, data from e-mails is collected in accordance with their terms and conditions. For details on MailChimp go to

Additionally, the Aalto website contains third-party components related to social media services like Twitter and YouTube. The third-party plugins on the Aalto website are loaded from the servers of the service providers. The Aalto website does not submit any client data through social plugins.

The third-party services or applications on the Aalto website are subject to the terms and conditions of the third-party service providers.

Do we disclose personal data?

We transfer personal data only within the Aalto organisation and to the extent necessary for the technical administration and development of the website and for maintaining, analysing and developing the communication and marketing of the website contents.

Aalto discloses personal data to third parties only in the following circumstances:

Your consent

Your personal data may be disclosed with your express consent for uses related to a third-party services, e.g. to the mailing list service provider MailChimp when you subscribe to a mailing list. You can withdraw your consent at any point, after which your data will no longer be collected.

Service providers

We disclose personal data only to the extent necessary for third parties, such as Google Analytics, to offer services to Aalto for the purposes defined in this privacy policy.

We have taken the appropriate steps to ensure that your personal data will be processed only for the purposes mentioned in this privacy policy and in compliance with the relevant legislation. This means that Aalto is responsible for the protection of the data processed on its behalf. 

For research purposes

In some cases, we may disclose data for scientific or other research purposes, such as student projects, in compliance with the legislation on personal data protection.

For legal reasons

Aalto may disclose your personal data to third parties where access to or processing personal data is necessary to i) satisfy any applicable law and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues. Aalto will inform those concerned of this type of use of personal data when possible.

Disclosure of information outside the EU/EEA countries

Aalto aims to provide its services and to process personal data in collaboration with actors and services in the EU/EEA countries. In some cases, however, the Aalto services may be provided with the help of actors, services or servers located in other countries, in which case your personal data may be transferred between countries. Such transfers may involve disclosing personal data to non-EU/EEA countries where legislation on personal data processing differs from that of Finland, such as the United States. In such cases, Aalto will ensure that personal data is duly protected.

Protection of data

The data is collected into databases contained in locked and supervised facilities that are accessible only by designated staff.

Modifying the privacy policy

Aalto University reserves the right to modify this privacy policy. Any changes made by Aalto University to this policy will always be noted in this privacy policy document.

Your rights

Right to request rectification of error

You have the right to request the rectification of any erroneous, inaccurate, incomplete, obsolete or unnecessary data by contacting us.

Right to request erasure of data

You have the right to request that your personal data be erased from our systems. We will take the measures requested unless we have a justified reason for not erasing the data. Your data may not be erased immediately from all our backup systems or other similar systems.

Right to prohibit processing

You have the right to request restrictions to us processing your data for other purposes than providing our services or fulfilling our legal obligations. You can also prohibit the processing of your data even if processing was based on your prior consent. Such a prohibition may limit your possibilities to use the Aalto website. You have a right to prohibit any direct email marketing by following the instructions included in all our marketing emails. 

The right to restrict processing of data

You have the right to restrict our rights in processing certain personal data, but such restrictions may restrict your possibilities to use the Aalto website and services.

Right to transfer data between systems

You have a right to obtain the personal data we have collected of you in an organised and generally accepted form so you can submit them to another controller of a personal data file.

Right of access

You have a right to check the data we have saved on you into the contact details register.

Who is the controller of this personal data file and who can I contact?

The controller is:

Aalto University Foundation

P.O. BOX 11000

FI-00076 AALTO

tel: (09) 47001 (exchange)

The contact person in matters regarding the personal data file (i.e. the personal data collected from Aalto website users) is Elina Kuuluvainen, Senior Communications Specialist, Content Strategy

You can exercise your above-mentioned rights by sending a letter to the address below or emailing to viestinta [at] aalto [dot] fi.

Communications Services / Aalto University

P.O. BOX 17800

FI-00076 AALTO

If your request relates to personal data contained in a cookie, you must attach a copy of the cookie to your letter or e-mail. We may ask for additional information to verify your identity. We can reject requests that are unreasonably frequent, excessive or unjustified.

Page content by: | Last updated: 09.08.2018.