Privacy Notice for Archives and Records Management Services

This privacy notice describes how your personal data is processed in Aalto University’s Records Management Services' information systems and in university's long-term and permanently archived collections.

Loading table of contents

Effective as of 16 November 2022
Updated 12 September 2025

This privacy notice describes how your personal data is processed in Aalto University’s

electronic document and records management system (SAHA)
digital preservation system (Aalto Repository)
electronic signature system (Aalto Sign)
and the university’s long-term or permanent archive collections.

Why and on what basis does Aalto University process your personal data?

The purpose of processing personal data is to process and register decision-making and other key matters, documents and records related to the duties of the university for monitoring purposes in accordance with Aalto University Records Management Plan.

The purpose of processing personal data for the signing service (Aalto Sign) is to sign documents electronically and to create and send requests for signature.

The university's long-term and permanently archived collections contain, in addition to the electronic case register, archive collections collected for research purposes, which are formed in accordance with the Aalto University Records Management Plan or have been archived to document the university’s operations.

The archived collections describe such university operations as research and teaching.

The legal grounds for processing personal data are based on the Act on the Openness of Government Activities (621/1999) and the Act on Information Management in Public Administration (906/2019), and the data is processed in compliance with the data protection legislation.

What personal data does Aalto University collect and process?

The personal data for processing is obtained from the following sources and may be grouped accordingly:

Data of the electronic document and records management system SAHA (or the Tweb system, by Triplan Oy) is mainly collected for processing of data from records received or created by the university as well as from customers, system users, and data received through integrations done to the system (described below).

The system's user information is automatically updated from the directory service used by Aalto (Microsoft Active Directory (AD)). The source registers are Aalto University’s Sisu system and the HR information system Workday.

Aalto University's digital preservation system Aalto Repository (Preservica Ltd) contains digital archive collections documenting Aalto operations. Aalto Repository contains collections for permanent storage, and they may include documents, records, multimedia materials or structural metadata.

The metadata of the collections includes: data on the creators of the material; the persons who saved it in the system; the names of any persons who are subjects in the material; and the users who logged on to the system. Data on the material, its creators and persons identified from images in the material is stored in the system based on the material’s descriptive metadata. Descriptive metadata, including personal data, is collected from the material itself, either through a digital archiving tool or from a paper archival deposit agreement upon transfer. This data includes at least the given names and family names of the individuals, depending on the material. Official records originating from Aalto University operations may include job titles, email addresses, Aalto IDs, student numbers and national learner IDs, and birthdates.

Data on users who logged on to the system (users who saved information in it and other users) is automatically retrieved from the university's AD system (given name, family name, email, IP address, Aalto ID). The use of Aalto Repository is gradually expanding to cover all the material retained permanently by the university, and the privacy notice is updated accordingly.

The signature service Aalto Sign (or Sign by Sarake Oy) is used for the university’s electronic signatures. Aalto Sign is used for document signing both directly and through integrations (described below). In connection with the signing process, the personal data collected as document metadata consists of given names and family names, phone numbers, email addresses and job titles.

During strong (two-factor) authentication, the signature service also processes the following personal data associated with the signing: the signer’s personal identity code, birthdate, gender, user ID, signature and IP address. The signed document and its associated metadata are automatically deleted from the system 90 days after the electronic signature is made.

Aalto Sign attaches the signer's given name and family name to the document in addition to the electronic signature certificate, in accordance with the Aalto University AD or phone operator’s certificate, or the Digital and Population Data Services Agency’s citizen certificate. The signed document is received by Frends (an integration platform) and transferred along with its metadata to the SAHA system, where it is stored in accordance with the Records Management Plan (TOS) or as an unregistered document for two years.

Records and items created and signed through integrations

Aalto University electronic degree certificates are created using the SisuSign workflow. The student's certificate and personal information comes from Sisu system, from where the information and the certificate with attachments are sent to the signature service SisuSign (or Sign by Sarake Oy). Through the service, the signer's personal information is attached to the certificate along with the digital signature. The document with its personal information is transferred from SisuSign via the integration platform (Frends) to the Aalto Repository for archiving.

Some Aalto University decisions are prepared using the Administrative Decisions Form, which saves the content of the decision and its metadata. The identifying personal data includes the given and family names of those preparing, presenting, signing and receiving information on the matter as well as possible job titles, email addresses, phone numbers and student numbers. The form details are transferred to the Frends integration platform, where the created PDF document is sent to the Aalto Sign service for electronic signing. Aalto Sign adds the signer’s given and family name to the record in addition to the electronic signature certificate, using Aalto University’s directory service (Microsoft Active Directory (AD)). Frends receives the signed record and transfers it along with its metadata to the SAHA system.

Employment contracts are created in Workday, where the HR partner enters the incoming employee's information into the system. The data includes given and family name, home address, email, phone number, Workday ID, Aalto ID, student number (if applicable) and employee salary (sensitive personal data). The employment contract information is transferred to the Frends integration platform, where the created PDF document is sent to the Aalto Sign service for electronic signing. Aalto Sign attaches the contract signer's given name and family name to the record in addition to the electronic signature certificate, in accordance with the Aalto University AD or phone operator’s certificate, or the Digital and Population Data Services Agency’s citizen certificate. Frends receives the signed document and transfers it along with its metadata to the SAHA system as a secret record (Act on the Openness of Government Activities (621/1999), section 24(1), para. 23).

A compensation form, created on the Aalto Service Platform, is prepared for separately granted compensation; all metadata related to the granting of such remuneration is saved. Identifying personal data includes the given and family names of the compensation recipient and of the persons who prepared and granted the compensation, in addition to the recipient’s email address, birthdate, the amount of the compensation granted (which is sensitive personal data) and Aalto ID or student number, if applicable. The form data is transferred to the Frends integration platform, where the created PDF document is transferred along with its metadata to the SAHA system as a secret document (Act on the Openness of Government Activities (621/1999), section 24(1), para. 23).

Identifying personal data in research projects consists of the project name, project number, the researching party’s name and country, and the research project manager’s given and family name; the data is automatically updated in SAHA from CRM (the Aalto University's partnership and alumni system management system), in accordance with the Records Management Plan (TOS). Abacus (a financial system) and AD serve as the CRM source registers for some of the data.

The Aalto Project List (APL) has been implemented on Aalto University's service platform for the management of the university's research projects. A selected portion of the project documents and information is stored in SAHA via the FRENDS integration in accordance with TOS. The secret documents transferred in the integration (Act on the Openness of Government Activities (621/1999), section 24(1), para. 17, 20 and 21) may include the following personal data: the signer's given name and family name, email address, phone number, and title. The project manager's given name and family name are transferred with the project information.

The identifying personal and other data in Aalto Startup Center (ASUC) agreements consists of the name of the startup, and the given and family names of the signer and the ASUC contact person. The identifying personal and other data in invention disclosures consists of the given and family names of the contact person and the signer. The identifying personal data and other data in Design Factory agreements consists of the agreement signer's given and family name, phone number and email address.

The data is updated and transferred into SAHA from the agreement form in CRM. Agreement form data is transferred to the Frends integration platform, where the PDF document is created and sent to the Aalto Sign service for electronic signing. Aalto Sign attaches the signer's given name and family name to the document in addition to the electronic signature certificate, using the Digital and Population Data Services Agency’s Citizen Certificate or a certificate from the telecommunications provider. Frends receives the signed document and transfers it along with its metadata to SAHA in accordance with the Aalto University Records Management Plan (TOS).

Apart from SAHA data, personal register (data file) data for long-term or permanent storage in the Aalto University Archives is collected as mentioned in the privacy notices for each service category and in accordance with TOS.

Parties to whom Aalto University may disclose your personal data

Personal data is processed in the SAHA system only by Aalto employees or by contracted individuals working on behalf of Aalto who have a right to process the data.

The public and publishable documents in SAHA have been integrated to the intranet portion of the aalto.fi web pages, access to which is confined to the Aalto community. Selected public and publishable decisions and other documents are searchable though a link in SAHA. Access to content that is secret, partly secret, or otherwise non-publishable is not allowed through the interface. Such documents include the given and family names of persons preparing and making decisions, and in some cases the given and family name of persons concerned in the decision (e.g. decisions on professorial appointments).

SAHA is integrated with the partnership and alumni management system CRM, where a link to contractual documents is accessible by a limited number of user groups in connection with Aalto Startup Center (ASUC) agreements and invention disclosure forms. The contracts disclose the given and family name of the Aalto contact person and the signer.

In the digital preservation system (Aalto Repository), materials are processed only by Aalto University employees who have been granted access rights to the system. Data extracted (or ‘data scraped’) from published materials is transferred to the national Finna service (finna.fi) and to the Finna service as viewed via the Aalto University Archives (aaltoarkisto.finna.fi). Published materials are also available in the Aalto Repository portal at repo.aalto.fi.

In Aalto Sign, documents for signing and their information are visible only to the parties involved. Viewing the document requires logging in.

By default, personal data is not disclosed from the systems or the archives to anyone other than the involved parties.

However, personal data may be disclosed for official use by authorities or used for research purposes if necessary.

Personal data contained in the document and records management system SAHA, in Aalto Sign or in Aalto University’s Archives collections for long-term or permanent storage is usually not transferred.

I) Recipients who process your personal data:
Records management service system suppliers: Triplan Oy, Preservica Ltd and Sarake Oy

II) Recipients who independently define the purpose of processing your personal data:
The Aalto University Registry and Aalto University Archives disclose data, in compliance with the Act on the Openness of Government Activities (621/1999), to the authorities (for the carrying out of official duties), to journalists (for journalistic purposes) and to others who use the archives (for research or personal use).

Transfer of personal data to third countries

The data protection policy of the university specifies that particular care is to be exercised if personal data is transferred outside the EU and the EEA to countries that lack the same level of data protection as is required by the European General Data Protection Regulation (GDPR). Transfers of personal data to locations outside the EU and EEA are done in accordance with GDPR requirements using e.g. standard agreement clauses or other GDPR-compliant data protection measures.

How does Aalto University protect your personal data?

Protecting personal data is important ��ʵ�� University. Aalto has implemented appropriate technical, organisational and administrative measures to ensure data security and to protect all personal data against loss, abuse, unauthorised use, disclosure, and alteration or destruction.

Manual materials are stored primarily in the Aalto University Archives, which can be accessed only by those entitled to the information. Prior to the final transfer to the archives, some materials are stored by the Aalto University unit responsible for compiling the material, and only those with the right to access the information may do so.
Electronically stored information and records are stored in Aalto's SAHA system (product name Tweb), which is provided by Triplan Oy. Access to this material is confined to those with a right to the information. The servers are located in Aalto's data centre in Finland. Access to the servers is restricted to the IT experts who maintain the service and servers on behalf of Aalto and other suppliers of the data. Access is restricted by network security safeguards and the requirement for personal IDs and passwords.
Aalto University materials archived on a long-term or permanent basis are stored in the university's digital preservation system, Aalto Repository, which operates on a SaaS (software as a service) model. These materials are public, but only those with a right to access the information may do so. The service is maintained by Preservica Ltd, and both the service and servers are administrated within the EU.

How long is your personal data stored?

Your personal data is retained for as long as needed for the purposes of the processing or for as long as required by law or regulation.

For personal data and for manual materials, the system retention periods are based on the law and on Aalto’s Records Management Plan.

In the electronic document and records management system SAHA, the retention periods are as follows:

Permanently retained information:

Metadata on all opened items, including the given name and family names of commissioning parties (customers), is retained permanently.
Data (given name and family name) on parties that have opened, processed or registered a case is retained permanently.
Personal data from the metadata of permanently stored documents includes the given name and family name of document preparers, presenters and signers as well as parties who stored the documents and any customers involved.
The processing of a document or handling of a matter concerning a student's academic performance or certificate(s) may require that the given name, family name, birthdate and/or student number of a person referenced in the document is registered in order to verify their identity.

Transaction processes with documents that have fixed-time retention periods and that may contain personal data:

Agreements on contractual employment relationships (retention period 50 years, partly secret, Act on the Openness of Government Activities, section 24(1), para. 23).
Occupational safety representative notifications (retention period 50 years, public)
Equality reports (retention period 50 years, public)
Handling of criminal cases (retention period 15 years, partly secret, Act on the Openness of Government Activities, section 24(1), para. 19)
Disputes (retention period 15 years, partly secret, ibid.)
Matters concerning administrative law (retention period 15 years, partly secret, ibid.)
Hearing procedures related to labour law (retention period 6 years, partly secret, Act on the Openness of Government Activities, section 24(1), para. 32)
Complaints (retention period 15 years, documents become public usually at the end of the process)
Disciplinary proceedings, students (retention period 10 years, documents become public usually at the end of the process)
Inspection of a personal data file (retention period 6 years, public)
Decision-making related to requests for information (retention period 15 years, public)
Processes concerning suspected data breaches (retention period 10 years, public, related documents may be partly secret, Act on the Openness of Government Activities, section 24(1), para. 7)
Appeals: student admissions (retention period 10 years, public)
Appeals: changes in the right to study (retention period 10 years, partly secret, Act on the Openness of Government Activities, section 24(1), para. 23, 25)
Appeals: study attainments (retention period 10 years, partly secret, Act on the Openness of Government Activities, section 24(1), para. 30)
Appeals: transfer of credits (appeals to the Aalto University Academic Appeals Board); thesis evaluation (retention period 10 years, partly secret, Act on the Openness of Government Activities, section 24(1), para. 25, 30)
Changes to the right to study (retention period 10 years, public)
Suspected breaches of research integrity (retention period 10 years, decision is public but other documents partly secret, Act on the Openness of Government Activities, section 24(1), para. 21)
Jointly funded research, research collaboration and contract research (retention period 20 years, secret, Act on the Openness of Government Activities, section 5, para. 3, 4). Agreements on assignment of rights (retention period 150 years, secret, Act on the Openness of Government Activities, section 24(1), para. 17)
Startup agreements (retention period 150 years, public)
Invention disclosures (retention period 150 years, secret, Act on the Openness of Government Activities, section 24(1), para. 17, Act on the Right in Inventions made at Higher Education Institutions, section 11)
Agreements on assignment of rights, licensing agreements, technology-transfer agreements (retention period 150 years, secret, Act on the Openness of Government Activities, section 24(1), para. 17, 20)

The digital preservation system Aalto Repository, stores archived collections on a long-term or permanent basis. Currently, the material stored in the system consists of permanently archived audiovisual (AV) materials, where information on the creator and names of any other individuals involved are retained permanently. In addition, Aalto University electronic degree certificates will be permanently archived via an automated SisuSign workflow in the Aalto Repository starting in September 2025.Information on logged-in users that is saved in the log data is available within the Aalto Repository User Interface and is retained indefinitely. The Aalto IDs and the given and family names of the logged-in users is retained permanently as part of the material’s metadata.

Signed documents in Aalto Sign are stored in SAHA according to the abovementioned retention periods. Signed documents are stored in Aalto Sign for 90 days after the signing.

Material is collected in accordance with Records Management Plan (TOS) unless collected from SAHA for long-term or permanent storage in the archive collections.

Updates to the privacy notice

As Aalto University's operations follow a continual improvement process, service processes are also being integrated into the records management services' systems, leading to updates of the privacy notice. The date of the latest update is noted in the privacy notice.

Rights of the data subject concerning personal data

You have rights relating to the processing of your personal data at Aalto. The extent of the rights depends on the legal basis for processing the personal data and the current data protection legislation.

You have the right to acquaint yourself with personal data on yourself that is in the possession of Aalto University.

You have the right to correct inaccurate or incomplete data.

In the following cases, you have the right to request that personal data be removed:

If you withdraw the consent you gave for the processing of your personal data, and there are no legitimate grounds for the processing.
If you are opposed to the processing of your personal data for direct marketing.

In many cases, however, Aalto University has a responsibility to retain personal data for reasons of legal obligation.

If you contest the accuracy of the information we have collected on you in a personal data file or the lawfulness of the processing, or if you are otherwise exercising your right to object to the processing of personal data, you may request that we restrict the processing of the data to that required for its retention only. The processing of the data is then confined to its retention for a period lasting only until the accuracy of the data is verified or until a review is conducted of whether our legitimate interests override your interests. If you do not have the right to request erasure of the data, you may request instead that Aalto University limit its processing to only that needed for its retention.

You are always entitled to refuse any processing of your personal data that is done for direct marketing purposes.

You have the right to receive in machine-readable form any personal data that you give to us. This applies to personal data when the data is processed only by automated means and when the processing is based on consent or is necessary for the performance of a contract.

If you wish to exercise your above-mentioned rights, your request will be evaluated according to the circumstances and the case. Please be aware that we may also retain and use your personal data when necessary for compliance with legal obligations, dispute resolution or the performance of contracts.

How to exercise your rights

The controller of the data file is Aalto University. In preparing this document, we have aimed to provide a clear description of how we process personal data. We have not succeeded in that endeavour if part of the document is unclear about that processing. In that is the case, you may send us a request concerning the processing or ask for further details about it, as described below.

You may exercise your rights, as described in previous section Rights of the applicant concerning personal data, by submitting a General Data Protection Regulation (GDPR) request via Aalto’s personal data portal:

If you have questions concerning the service or about changing your contact information or other routine changes, you may contact us at kirjaamo@aalto.fi.

Controller, person responsible and contact details
The controller of the data file is Aalto University.
The person in charge of the data file is Susanna Kokkinen.
Tel. (switchboard): +358 9 47001
Email: kirjaamo@aalto.fi

You may also contact the university’s data protection officer if you have questions about requirements or other matters involving the processing of personal data:
Data protection officer: Sirpa Syrjälä
Tel. (switchboard): +358 9 47001
Email: tietosuojavastaava@aalto.fi

If, as a data subject, you feel that your personal data has been processed in violation of data protection legislation, you have the right to lodge a complaint with the supervisory authority, the Office of the Data Protection Ombudsman (for details, see: https://tietosuoja.fi/en/home).

Other privacy notices

Aalto University maintains a number of privacy notices. If for example you have a university user ID, participate in university events or visit our campus, you can obtain information from the university's privacy notices page about how your personal data is processed for carrying out other services: Privacy Notices | Aalto University.

Updated: 8.10.2025
Published: 8.10.2025

���ʵ���