Aalto University (‘Aalto’) collects personal data that relates to the users of the Diving into Radical Creativity website (‘Website’). This privacy notice applies to the website divingintoradicalcreativity.aalto.fi. Aalto acts as the controller for personal data that users of the website provide when they visit the website and participate in the course, or that is collected automatically in conjunction with website browsing activity.  

Protecting your privacy and your personal data is of the utmost importance to us. Aalto is committed to complying with the requirements that data protection regulation places upon Aalto in the processing of your personal data. The means and purposes of processing your personal data are described in further detail in this privacy notice. 

This privacy notice is subject to change. This privacy notice will be updated when changes are implemented. You will always find the up-to-date version of this privacy notice on this website.  
Here you find the information on how we manage and use your information collected during the registration and the course.  

1. Why does Aalto process personal data?

Aalto collects and processes certain personal data in order  

  • To enable you to use Website 
  • To maintain and develop Website 
  • To enhance or improve your experience of Website by collecting details of your visit through cookies and standard weblogs 
  • To enable communication and marketing.  

Aalto uses personal data for tracking course progress, providing badges and certificates and for evaluation and feedback. In addition, Aalto will also process personal data for the purposes of data security and to prevent and resolve possible misconduct.  

Aalto sends users email notifications about the course, if they have consented.  
Aalto may send users marketing email about Aalto University content related to radical creativity and education, if a user has consented. 

Aalto may use data for scientific research purposes.

2. What personal data does Aalto process?

Aalto will only process personal data that is necessary for the processing purposes defined in this privacy notice. The personal data that Aalto collects can be grouped into the following categories: 

  • Personal details: First name, last name and user name. Personal website and biographical information 
  • Contact details: Email address 
  • Student number if applicable (of Aalto students) 
  • Courses 
  • The course performance grade (pass/fail) 
  • Assignment performance grades (pass/fail) 
  • Assignment and quiz answers 
  • Amount of badges, credits and certificates 
  • Information collected through observing the use of the website: E. g. time of visit to o/ur service, the page from which the system accessed our website, pages visited during the session, Internet Protocol address used (IP address), browser type, browser version, device type, operating system and similar technical information.  

Aalto uses cookies and other technologies to collect this data. More information about our practice regarding cookies and the use of online technologies is available here. 

3. Sources of information

Personal data is collected from the users themselves during their visits on Website or when they otherwise interact with Aalto. Website uses external service providers for Cookie Policy (cookiebot.com) and LearnDash for WordPress. When registered on Website, personal data is imported to Aalto’s CRM system Microsoft Dynamics. 

4. Lawful basis for processing personal data 

Public interest (students and resarchers) or performance of contract (employees): 

  • Diving into Radical Creativity account data 
  • Identification information 
  • Contact information 
     

Legimate interest to maintain and develop website and to to communicate with users:  

  • Personal data processed for communications purposes 
  • Information collected through observing use of website 
  • The processing of personal data for the purposes of data security and to prevent and resolve possible misconduct 

Consent: 

  • Aalto sends users email notifications about the course, if they have consented. 
  • Aalto may send users marketing email about Aalto University content related to radical creativity and education, if a user has consented.  
  • Consent is asked for the use of cookies

5. How does Aalto University protect your personal data?

Ensuring data security is important to Aalto University. Aalto University uses appropriate technical, organizational, and administrative security procedures to protect all personal data from loss, misuse, unauthorized use, disclosure, alteration, and destruction.  

You may amend this text with more detailed data on how the data is protected. Above is the minimum requirement. 

6. Processing of information by third parties

Aalto disclosures personal data only to the extent necessary for the purposes personal data is processed: 

  1. Service providers 

In the maintenance of its website and its service provision, Aalto uses partners to process data for the purposes detailed in this data protection policy. Aalto transfers your personal data that Aalto processes in order to be able to provide Aalto with services for the purposes specified in this data protection policy. 

You can find links to the data protection policies of the service providers on the cookie policy pages. 

Website makes use of the cookies of the service providers, such as cookies of Google Analytics, which enable the compilation of statistics and analysis on the use of Website. For more information on the cookies that Aalto uses and on how you can change the settings for cookies, see the cookie policy page.  

  1. Research use 

In some situations, Aalto may disclose your personal data for the purposes of scientific research. In these cases, all personal data is processed in accordance with the General Data Protection Regulation and national data protection legislation. 

  1. Statutory reasons 

Aalto may disclose your personal data to third parties if access to personal data or other processing of personal data is required to: 

  • Fulfill statutory responsibilities or a court order 
  • Detecting, preventing or handling misuses, security risks or technical issues.

7. International transfers of personal data

The server on which the Diving into Radical Creativity website is operated is located in the European Economic Area (EEA). We strive to carry out all services related to our website using operators and services located within the EU or the EEA. In some cases, however, services related to the use of Website may also be carried out by operators and on servers located in third countries. In such cases, your personal data may also be transferred outside the EU or EEA in accordance with applicable legislation. 

The server on which the Diving into Radical Creativity website is operated is located in the European Economic Area (EEA). We strive to carry out all services related to our website using operators and services located within the EU or the EEA. In some cases, however, services related to the use of Website may also be carried out by operators and on servers located in third countries. In such cases, your personal data may also be transferred outside the EU or EEA.   

The data protection policy of the university is to exercise particular care if transferring personal data outside the EU and European Economic Area (EEA) to countries that do not offer the level of data protection required by the European General Data Protection Regulation (GDPR). Transfers of personal data outside the EU and EEA are done in accordance with the requirements of the Data Protection Regulation, for example, standard contractual clauses or other protective measures in accordance with the Data Protection Regulation. 

8. Retention period

Personal data is retained for as long as is necessary in relation to the purposes for which it was collected and processed or for as long as is required by law or regulation. The storage of data on Aalto University staff and students follows the applicable privacy notices as well as the university’s data management plan (TOS).  

Personal data of other users will be retained for a period of one year from their last login or other use of our website, after which the personal data will be deleted. 

9. Exercising the rights of the data subject

The General Data Protection Regulation grants the data subject a number of rights with which the data subject can govern the processing of their personal data. The data subject may use the following rights in relation to Aalto insofar as Aalto acts as the controller for the data subject’s personal data: 

  1. Right of access and right to rectification 

According to the GDPR, you have a right to know what information on yourself is stored in the personal data file. 

You have the right to request that any inaccurate or erroneous data on yourself be rectified without undue delay.  

If data you wish have rectified or erased is maintained by an Aalto partner, we will request that the partner take the appropriate measures. 

  1. Right to be forgotten, data erasure 

Barring certain exceptions, the GDPR guarantees your right to have your erased, or as it is termed, your right to be forgotten. However, this right does not obtain in cases where the university’s right as the controller to process personal data is based on the university’s obligation to perform tasks carried out in the public interest or in the exercise of official authority. 

If the processing of personal data is based on your consent, you may also withdraw your consent. In that case you may submit a request to us to erase data concerning yourself from our system. If there is not other legal grounds for processing your data, we will delete it. Personal data may not be deleted instantly from backup copies and other such data systems, but will be deleted through regular database retention practices. 

  1. Right to object 

You also have the right to object to the processing of your personal data if your personal data is processed for other purposes than the fulfillment of legal responsibilities or the provision of services. You may object to the processing of your personal data for purposes of direct marketing, even if the basis for such processing is consent given by you in the past. Objecting to the processing of your personal data may lead to limitation of the usage of Website. You have the right to prohibit direct marketing by following the instructions contained in all of our marketing messages. 

  1. Right to restriction of processing 

If you contest the correctness of the data which we have registered about you or the lawfulness of processing, or if you have objected to the processing of the data in accordance with your right to object, you may request us to restrict the processing of these data to only storage. The processing will only be restricted to storage, until the correctness of the data can be established, or until it is assured that our legitimate interests override your interests.

If you are not entitled to erasure of the data which we have registered about you, you may instead request that we restrict the processing of these data to only storage. If the processing of the data which we have registered about you is solely necessary to assert a legal claim, you may also demand that other processing of these data be restricted to storage. We may process your data for other purposes if this is necessary to assert a legal claim or if you have granted your consent to this. 

  1. Right to data portability 

You have the right to receive your personal data from Aalto in a structured, commonly used format so that you may transfer your personal data to another controller, provided that the processing of your personal data is based on consent or a contract between you and Aalto. 

Exercising the rights of the data subject and the data protection officer . 

Exercising the rights of the data subject: 

The extent of your rights is subject to the legal basis for processing, and exercising your rights requires identification. 

You can exercise the rights described above by submitting a request in accordance with the Data Protection Regulation through our personal data portal: https://datarequest.aalto.fi/en-US/ 

You can also use your rights by contacting Aalto’s Data Protection Officer at tietosuojavastaava@aalto.fi.  

10. Who is the controller of the information and who can I contact

If you have questions related to this privacy notice, please contact: 

The controller is Aalto University: 

Aalto-korkeakoulusäätiö sr, which functions as Aalto University 

Mailing address: PO BOX 11000, FI-00076 AALTO 

Phone number: +358 (9) 47001 

Visiting address: Otakaari 24, 02150 Espoo 

The register person-in-charge is Mikko Jalas  

Tel. (exchange): +358 40 353 8247 

Email: mikko.jalas(at)aalto.fi 

Aalto University’s Data Protection Officer:  

Sirpa Syrjälä  

Contact information: tietosuojavastaava@aalto.fi 

Right to lodge a complaint 

If the processing of your personal data is in breach of applicable legislation, you have the right to lodge a complaint with the national supervisory authority. You can lodge the complaint with a competent supervisory authority. In Finland, this is the Data Protection Ombudsman, and the complaint must be lodged in accordance with instructions provided by the Office of the Data Protection Ombudsman. Please, see https://tietosuoja.fi/en/home for more information. 

11. Data Protection Code of Conduct

Your personal data will be protected according to the Code of Conduct for Service Providers, a common standard for the research and higher education sector to protect your privacy.