Data protection in EUR-ACE accreditations of the engineering degree programmes in higher education

for information to persons whose personal data is processed in accreditations of engineering degree programmes

Controller’s contact details

Finnish Education Evaluation Centre (FINEEC)
PB 380 (Hakaniemenranta 6)

+358 29 533 5500

Data protection officer’s contact details 

Tietosuojavastaava Jyrki Tuohela,

Why is your personal data processed in the accreditations?

The Finnish Education Evaluation Centre (FINEEC) conducts accreditations of engineering degree programmes as part of its fee-paid services. The accreditations are based on the HEI’s self-assessment, the other material submitted by the HEI, materials presented in the electronic evidence room and the audit team’s visit to the HEI. Representatives of the HEI’s staff, students and interest groups are interviewed during the visit. To be able to make reliable conclusions based on the interviews, the team needs sufficient background details on the participants. The HEI may also find it necessary to include personal data in the self-assessment material and other material.


  • the purpose of the processing of personal data is to enable the reliable implementation of the accreditation
  • the processing of personal data is necessary for the implementation of FINEEC’s operation agreed on the agreement between the HEI and FINEEC.

In case of the review team, FINEEC needs personal data for arranging the travels of the team members fr the site-visit and paying the expert fees after the review.

From where do we get your personal data and what data is it? 

FINEEC receives the personal data required for the accreditation from the contact person of the degree programme accredited. The contact person must tell you what data he or she discloses to FINEEC. Data related to staff and the HEI’s interest groups typically includes the name, the job title and the organisation. Data related to students typically includes the name, the degree programme and the year of beginning their studies.

In case of the review team, FINEEC receives the personal data directly from the team members.

Who receives your personal data?

The accreditation is conducted by a revoew team consisting of external experts appointed by FINEEC and by project managers belonging FINEEC’s personnel. If the HEI appeals the outcome of the review, the review material including the personal data will be made available also to the expert group engaged in FINEEC’s appeals procedure.

In case of the review team, data is handled by the FINEEC project managers as well as FINEEC´s administrative staff in charge of the travel arrangements and experts fees.

For how long is your personal data stored?

The personal data are available to the review team and the project managers of the audit until the review has ended. Similarly, if the HEI appeals the outcome of the accreditation, the data will be stored so that it is available to the expert group in the appeals procedure until the group has issued its opinion. After the accreditation and the possible appeals procedure have ended, the accreditation material will be saved permanently.

In case of the review team, personal data is stored by the end of the review process.

The use of accreditation data for other evaluation activities of FINEEC

FINEEC may use its data from accreditations for other evaluation activities such as thematic analyses covering all higher education institutions in Finland, however ensuring the confidentiality of the data. The results of such analyses will be published at an aggregated level, and results cannot be linked to individual higher education institutions or individuals.

What rights do you have regarding your personal data?

You have the right to request FINEEC to give you access to the personal data on you and the right to demand that the data is rectified if there is an error. You also have the right to make a complaint regarding the processing of personal data to the Data Protection Ombudsman if you think that the processing of your personal data breaches the EU’s General Data Protection Regulation.