Privacy notice of student admissions

Why do we process personal data?

The University of Turku processes the personal data of the applicants in order to carry out student admissions. Some student admissions are carried out jointly with other universities, in which case the universities are jointly responsible for the processing of personal data. For jointly organised entrance examinations, student admissions and appeals, the universities process personal data as joint controllers.

When you apply to become a student, your personal data will be processed for the following purposes:

  • notifying about studies and student admissions
  • organising tasks related to student admissions
  • scientific research
  • marketing communications related to education selection
  • handling possible appeals and cases of administrative law
  • for any other purpose related to student admissions.

Individual arrangements

We process the personal data you provide us in order to make individual arrangements for the entrance examinations. The data processing is based on the information you provide in your application for individual arrangements and its attachments (such as a medical certificate and/or other expert statements). Your data may also be used to plan individual study arrangements when you accept your student place.

What is the legal basis for processing personal data?

The processing of personal data is based on a task carried out in the public interest or in the exercise of official authority, the fulfilment of a legal obligation and, in certain cases, consent.

Primary statutes:

  • The Universities Act 558/2009 and the decrees issued on the basis of it
  • The Government Decree on University Degrees 794/2004 including amendments
  • The Act on National Study and Degree Registers 884/2017 (chapter 5)
  • The General Data Protection Regulation (EU) 2016/679 and supplementary national regulations
  • The Act on the Openness of Government Activities 621/1999
  • Administrative Procedure Act 434/2003
  • Non-discrimination Act 2014/1325
  • Act on Health Care Professionals 559/1994

What data are processed?

The University processes the following personal data:

  • Personal identification data (name, social security number, date of birth, application/applicant number)
  • background information (nationality, gender, first language)
  • contact information (email address, phone number, postal address)
  • application preferences
  • information on applying for degree studies
  • information in accordance with the admissions criteria
  • information on the applicant's education, qualifications and professional experience
  • information on any medical conditions affecting the applicant's admission (yes/no information), including, in the case of specialist training in medicine, the number of sick leave days (if this has an impact on the calculation of professional experience)
  • answers in entrance exams
  • any motivation letters or tests and recorded video interviews that may be part of the student admissions process
  • information on the outcome of the student admissions (entrance exam results and other information related to the admission, including the admission points)
  • information relating to appeals
  • information on accepting a student place
  • the applicant's consent or refusal to the publication of the student admissions results
  • any other information related to student admissions

Individual arrangements

If you apply for individual arrangements, in addition to the above mentioned data, we will process the personal data you provide in the application and its attachments:

  • the details of the applicant,
  • a description of the necessary arrangements and justifications, and
  • other observations.

In addition, the attachments may include, for example, a copy of a medical certificate. Applications and decisions on individual arrangements are confidential and are processed by a limited number of personnel at the University. Information on individual arrangements is processed at the university where the applicant will take the entrance exam. Individual arrangements granted to an applicant may, if necessary, be processed within the context of an appeal in the collaborating universities.

From which sources is the personal data collected, i.e. what is the origin of the data?

Information on applicants is collected from the following sources:

  • From the applicant themselves
  • Studyinfo, Finnish study register SURE, VIRTA study information service, and Finnish Population Information System
  • International application and qualification systems or services that provide educational background documents
  • National and international language test organisers
  • National and foreign higher education institutions
  • Online payment and registration services
  • Handlers of applications, entrance examinations and appeals
  • Registers of social welfare and healthcare professionals JulkiTerhikki

The data may also be derived from the use of IT services and equipment provided by the University to the applicant or collected by administrative and monitoring services used by the University (e.g. camera surveillance).

Data processing systems

  • Studyinfo
  • International application processing system
  • University’s internal network drives

The University of Turku uses an international application processing system developed at the University, to which the applicant's application data is transferred from Studyinfo. The processing system will be used in the first joint application round to support the processing of applications for education in a foreign language.

Retention period

The retention periods are based on current legislation and the University's information management plan.

The permanently stored data include:

  • accepted applicants: the student number and the social security number or other equivalent unique identifier;
  • accepted applicants: information on the person's right to study in a programme leading to a degree and information on the acceptance of a student place
  • Decisions given on appeals to student admissions

In addition, other personal data of the applicant may be stored permanently by the decision of the National Archives.

Retention periods for personal data not stored permanently:

  • Entrance exam answers 6 months
  • Lists of admission points for at least 1 year
  • List of participants in entrance examinations 2 years
  • Appeals against student admissions 10 years
  • Data transferred to the international application processing system 1 year

To whom do we disclose your data?

Personal data will be disclosed to the following recipients:

  • Registers of higher education institutions in national and international joint programmes
  • The Ministry of Education and Culture KOTA database
  • Internationalisation services of the Finnish National Agency for Education
  • Social Insurance Institution of Finland
  • through the national information repository of higher education institutions to the National Supervisory Authority for Welfare and Health Valvira
  • Employment Authority
  • Finnish Immigration Service’s register of foreigners
  • Studyinfo of the Finnish National Agency for Education
  • E-services (enquiries)
  • Data related to jointly organised entrance examinations and related appeals are processed together with other participating universities.

In addition, the University may disclose personal data of applicants

  • for scientific research in the public interest
  • to fulfil obligations under the Act on the Openness of Government Activities (621/1999) or other legislation.
  • when certifying educational background and/or language skills to language test organisers or organisations responsible for issuing educational background documents.
  • with the applicant's consent, their contact information outside the University for marketing communications and other specific purposes.

Will data be transferred outside the EU?

Personal data may be transferred outside the EU, for example, to verify the validity of the applicant’s certificates issued outside the EU.

The University pays special attention when personal data is to be transferred outside the EU and European Economic Area (EEA) to any country that does not provide the level of data protection mandated by the EU’s General Data Protection Regulation. Transfers of personal data outside the EU and EEA will only take place where necessary and will be made in accordance with the requirements of the GDPR, for example, by using standard contractual clauses approved by the European Commission.

Contact details for inquiries about data processing

hakijapalvelut@utu.fi