Last modified: 2 August 2018
Helsinki Institute for Information Technology HIIT collects personal data from the users of its website. HIIT is committed to processing personal data in accordance with the legislation on the protection of personal data.
Third-party services offered through the HIIT website fall under the terms and conditions issued by the third party.
Why do we process personal data?
We process your personal data for the purposes of technical maintenance and development, for communications and marketing as well as analysing the use of the website content for further improvement.
What personal data do we process?
We primarily process the kind of personal data from which you cannot be identified. We collect information about the HIIT website users with the help of cookies, for instance. A cookie is a small text file sent to the browser of the website user, usually containing an anonymous identification number; the cookie is not harmful to the device used.
We collect statistics on, for example, the number of visitors, country of visitor, length of visit, browser used and contents visited by the user. Additionally, we keep statistics on whether the visitors are internal or external to HIIT. This data is not personally identifiable.
We process your contact details when you:
- give feedback on the website
- sign up for an event that requires registration in advance
- subscribe to messages or publications
- submit an application
We do not process confidential personal information.
Do we disclose personal data?
We transfer personal data only within our own organisation and to the extent necessary for the technical administration and development of the website and for maintaining, analysing and developing the communication and marketing of the website contents.
In some cases, we may disclose data for scientific or other research purposes in compliance with the legislation on personal data protection.
We may disclose your personal data to third parties where access to or processing personal data is necessary to i) satisfy any applicable law and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues. We will inform those concerned of this type of use of personal data when possible.
Disclosure of information outside the EU/EEA countries
Our data protection policy is to apply particular care to the processing of personal data if such data are to be transferred outside the EU and the EEA to countries which do not provide data protection that complies with the EU’s General Data Protection Regulation (GDPR).
On the website, IP addresses and personal data may be processed outside the EU and the EEA by the following applications: social media extensions to track social media shares and Google Analytics. The transfer of personal data outside the EU and EEA must be carried out according to the requirements of the GDPR.
- Right to request rectification of error. You have the right to request the rectification of any erroneous, inaccurate, incomplete, obsolete or unnecessary data by contacting us.
- Right to request erasure of data. You have the right to request that your personal data be erased from our systems. We will take the measures requested unless we have a justified reason for not erasing the data. Your data may not be erased immediately from all our backup systems or other similar systems.
- Right to prohibit processing. You have the right to request restrictions to us processing your data for other purposes than providing our services or fulfilling our legal obligations. You can also prohibit the processing of your data even if processing was based on your prior consent. Such a prohibition may limit your possibilities to use the website. You have a right to prohibit any direct email marketing by following the instructions included in all our marketing emails.
- The right to restrict processing of data. You have the right to restrict our rights in processing certain personal data, but such restrictions may restrict your possibilities to use our website and services.
- Right to transfer data between systems. You have a right to obtain the personal data we have collected of you in an organised and generally accepted form so you can submit them to another controller of a personal data file.
- Right of access. You have a right to check the data we have saved on you into the contact details register.
Who is the controller of this personal data file and who can I contact?
The controller is:
Aalto University Foundation
P.O. BOX 11000
tel: (09) 47001 (exchange)
You can exercise your above-mentioned rights by sending a letter to the address below or emailing to firstname.lastname@example.org.
Communications Services / Aalto University
P.O. BOX 17800
If your request relates to personal data contained in a cookie, you must attach a copy of the cookie to your letter or e-mail. We may ask for additional information to verify your identity. We can reject requests that are unreasonably frequent, excessive or unjustified.