Privacy statement

Drafted April 21, 2023

  1. Controllers

The Aarresaari network is a nationwide Finnish university cooperative network for work and career services. Because Aarresaari is not an organization in itself, each university is responsible for its own processing of personal data. Click here to read the data protection policies of the universities in the Aarresaari network.

Aalto University

Otaniemi, Espoo

https://www.aalto.fi/en/aalto-handbook/privacy-notice-for-aaltofi

University of Eastern Finland

Joensuu, Kuopio

https://www.uef.fi/en/data-protection

LUT University

Lappeenranta, Lahti

https://www.lut.fi/en/data-protection

Tampere University and Tampere University of Applied Sciences

Tampere, Pori

https://www.tuni.fi/en/about-us/data-protection

Åbo Akademi University

Turku, Vaasa

https://www.abo.fi/en/processing-of-personal-data-at-abo-akademi-university/

Hanken School of Economics

Helsinki, Vaasa

https://www.hanken.fi/en/about/privacy-and-data-protection

University of Jyväskylä

Jyväskylä, Kokkola

https://www.jyu.fi/en/university/privacy-notice

University of Oulu

Oulu

https://www.oulu.fi/en/data-privacy-notice

University of Turku

Turku, Rauma, Pori

https://sites.utu.fi/en/privacy-notice/

University of Helsinki

Helsinki

https://www.helsinki.fi/en/about-us/processing-data-university/data-protection

University of Lapland

Rovaniemi

https://www.ulapland.fi/EN/About-us/Our-principles/Data-protection

University of the Arts Helsinki (Uniarts Helsinki)

Helsinki, Seinäjoki

https://www.uniarts.fi/en/general-info/data-protection-at-uniarts-helsinki/

University of Vaasa

Vaasa, Kokkola, Seinäjoki

https://www.uwasa.fi/en/data-protection

  1. Contacts in matters concerning the register

If you have any questions about the aarresaari.net website, please contact our coordinator by email: koordinaattori@aarresaari.net. For other matters relating to the processing of personal data by universities, please contact the university in question directly in accordance with the instructions in the university’s privacy policy.

  1. Register name and data subjects

Aarresaari.net website visitor register

We process the personal data of visitors to the aarresaari.net website in the register.

  1. How do we use your personal data?

The sole purpose of the processing of personal data contained in the visitor register is to provide information through our website.

The register is not used for direct marketing. We collect, store and process personal data only for predefined purposes.

  1. What personal data do we collect?

In principle, we do not collect any data about visitors other than the data collected by cookies.

On the aarresaari.net website, information such as the following may be stored about the data subject, collected through cookies with the data subject’s consent:

However, if a visitor sends an email to the site administrators, the messages sent will be saved either in the Jobteaser email account (Outlook 365 account), the ValoJobs service email account, or the email account of the coordinating university. This applies to the following email addresses:

You can read about processing of personal data by Valojobs here: https://www.valojobs.fi/index.php?192

  1. From what sources do we collect personal data?

We collect personal data about you mainly from you yourself when you contact us or when you use our services at some later point.

We do not actively collect visitor data other than for the purpose of analyzing website visitor numbers.

  1. On what basis do we process your data?

We make sure that we always have a legal basis for processing personal data.

We process personal data stored in the visitor register based on your consent.

  1. Will your information be transferred or disclosed?

As a rule, your personal data is processed by our network’s staff in the course of their work.

In some cases, your data may be transferred confidentially to our partners or subcontractors who process personal data based on a written assignment agreement. These include, for example, data center and cloud services for data storage, suppliers of the IT systems we use, and external services purchased to support sales and marketing.

Our subcontractors and partners process personal data in the agreed manner, in accordance with our written instructions, and only for the agreed, lawful purposes.

  1. Will your data be transferred outside the EU or EEA?

As a general rule, we do not transfer personal data outside the European Union or European Economic Area. However, data can be transferred outside the EU or EEA within the limits permitted by the General Data Protection Regulation (GDPR).

We transfer personal data outside the EU and EEA countries only to entities for which we have ensured an adequate level of data protection through contracts or otherwise, as required by legislation. Data can be transferred in different situations, for example in connection with system development.

  1. How long will your personal data be kept?

We only keep your personal data for the period necessary to fulfill the purposes described in this statement. Unnecessary information is deleted regularly.

  1. How is your data secured?

We respect the confidentiality of your personal data.

Personal data is protected from unauthorized access by means of firewalls, antivirus software, personal usernames and passwords. Access to personal data is only available to persons authorized by us, whose work duties require the processing of personal data. We disclose personal data only confidentially and in a limited way based on agreements with our contractual partners, such as our subcontractors. Our contractual partners must commit to implementing adequate information security and to processing personal data in accordance with the law in all respects. Personal data processors are bound by an obligation of secrecy.

As our website uses a TLS-encrypted HTTPS connection, all personal data is protected in electronic form. In the browser, you can see this by the lock on the left side of the address bar. If the data is in a manual format, it is stored in a room locked to outsiders and it is destroyed securely.

  1. What rights do you have?

  1. Right to prohibit direct marketing

Aarresaari does not engage in direct marketing.

  1. Right to access data (right to inspect)

You have the right to know what information is stored about you in the personal register. You can ask us to send your data for your review, as described in section 13 of this privacy statement.

  1. Right to demand correction or deletion of information (right to be forgotten)

We will delete, correct or supplement information that is incorrect, unnecessary, incomplete or outdated in terms of processing on our own initiative or at the request of the data subject.

  1. Right to restriction of processing

Data subjects have the right to demand the restriction of the active processing of their personal data, for example when they dispute the accuracy of their personal data and demand that their personal data be corrected or deleted. In this case, the personal data in question may only be stored, not processed in any other way. Limitation of processing is ensured by technical measures.

We will notify the data subject before the processing restriction is removed.

  1. Right to object to the processing of personal data

You have the right to object to the processing of your personal data to the extent that there is no substantial reason for the processing that overrides your rights or the processing is not necessary to handle a legal claim.

  1. Right to transfer data from one system to another

To the extent that the data subjects have themselves submitted information to the customer register, which is processed based on the consent or mandate given by the data subjects, the data subjects have the right to receive such information for themselves, as a rule, in machine-readable form, and the right to transfer this information to another controller.

  1. Withdrawal of consent

If personal data is processed based on the data subjects’ consent, they have the right to withdraw their consent by notifying us. You can withdraw your consent as described in the “Requests regarding rights” section of this privacy statement.

  1. Right to file a complaint with the supervisory authority

The data subject has the right to file a complaint with a competent supervisory authority if the controller has not complied with applicable data protection regulations in its operations.

  1. Where can I submit rights requests?

Enquiries and requests relating to the register can be submitted either in person by presenting an identity document or by sending an email to  koordinaattori@aarresaari.net. We may then contact you by phone if necessary in order to verify your identity.

You can collect the information you need from the nearest university in our network at a time agreed in advance. We will check your identity upon collection.

We will respond to a request within one month of you making the request, unless there are special reasons to extend the response time. We may also refuse to fulfill your request on the basis provided by applicable law.

Using the rights is basically free of charge.

  1. Where can I find the latest privacy statement?

We always update the privacy statement at this address.

  1. How do we use cookies?

Cookies are small text files that are automatically saved on the computer/terminal when the user visits different websites. Our online service uses cookies to help us provide you with the best possible user experience and quality of service.

We may use cookies to improve our services and our website, and to analyze how the website is used. This is done using Google Analytics. By tracking website traffic, we develop our website to make it even better and to be able to provide users with a better visiting experience.

If you do not want the web service to receive information through cookies installed in your browser, you can refuse the installation of cookies. In this way, you prevent Google Analytics from collecting information about you.