Last modified: May 2026

1. What this notice is

This notice describes how personal data is processed in the research project Research on Learning and Teaching in CS Courses at the Aalto CS Department. This is a project-specific research privacy notice for scientific research carried out in connection with selected courses offered on the Aalto OpenCS learning platform. It supplements the general Aalto OpenCS Platform Privacy Notice and, where applicable, Aalto University’s general Privacy Notice for Students.

This notice concerns the research use of data. The same underlying course and platform data may also be processed separately for ordinary teaching-related and platform-operation-related purposes, as described in the Aalto OpenCS Platform Privacy Notice.

2. Controller

Aalto University Foundation sr
Otakaari 24
02150 Espoo
Finland

3. Contact information

For questions about this research project or this notice, please contact:

Arto Hellas
arto.hellas@aalto.fi

Juho Leinonen
juho.2.leinonen@aalto.fi

You may also contact the responsible teacher of your course through the ordinary course contact channels. Arto Hellas is the contact for questions about the Platform and its privacy notice.

For information about Aalto University’s Data Protection Officer and general privacy practices, please see Aalto University’s general Privacy Notice for Students.

4. Name and purpose of the research project

The project is Research on Learning and Teaching in CS Courses at the Aalto CS Department. The research examines learning and teaching in higher education using naturally accumulating data from courses offered on the Aalto OpenCS learning platform. The purpose is to understand how course structures, learning tasks, support tools, automated and human feedback, and learning-environment design shape learning, learner experience, teaching practices, and longer-term success in subsequent studies.

The research focuses on four broad themes:

• learning environments and the design of learning;
• learner experience;
• supporting teaching in learning environments; and
• future competencies and the impacts of teaching developments on subsequent courses.

Research findings are reported in a way that does not identify individual learners in publications or public presentations. Publications report only aggregate findings or sufficiently modified qualitative examples that do not permit identification of individuals.

5. Study period

The period covered by this research project is:

2026-04-01 to 2027-12-31

If the project continues beyond this period, an extension or renewed ethics application will be submitted before the end of the approved period.

6. Courses covered by this notice

This notice applies to following courses offered, or to be offered during the study period, on the Aalto OpenCS learning platform by the research contact teachers.

7. Who this notice applies to

This notice applies to persons whose data is used in this research project through participation in the included courses on Aalto OpenCS. This includes two main groups:

• Aalto University students participating in the listed courses as part of degree studies or other formal study rights, including, where applicable, degree students, exchange students, Open University students, and students with the right to complete individual courses; and
• lifelong learners and other non-degree participants who use the listed courses for personal or professional development and who may not have a formal student-institution relationship with Aalto University or receive degree credit.

The courses are university-level courses, and minors are not expected to be a target group. However, the learning environments do not normally collect age data for the purpose of identifying minors.

8. Legal basis for processing

The legal basis for the research processing described in this notice is that the processing is necessary for scientific research carried out as part of Aalto University’s public task and mission. The research use of data is distinguished from ordinary teaching-related and platform-operation-related processing, even where the same underlying course and platform data may also be processed for those separate purposes.

Consent is not the legal basis for the research processing described in this notice. Information about the opt-out mechanism is provided on the platform and research page.

9. What data is used in the research

The study uses personal data arising from participation in the included courses and the use of the Aalto OpenCS learning platform. The research uses data categories that are already generated in authentic course and platform use and that are relevant to the research questions.

Depending on the course and platform features in use, such personal data may include, for example:

• account and participation data;
• course enrolment or participation information;
• exercise and assignment submissions;
• timestamps and logs of learning activity;
• progress data;
• assessment- and feedback-related data;
• process data concerning task completion where such data is collected; and
• limited background information voluntarily provided in the course context where relevant to pedagogical analysis.

More generally, the Aalto OpenCS Platform Privacy Notice explains that the Platform may process categories such as account data, submission and assessment data, learning activity and usage data, support and recommendation data, and technical and security data. This project uses only the data necessary for the relevant research question, and data minimisation is applied at extraction and analysis stages.

10. Where the data comes from

The research data comes from participation in the included courses and use of the Aalto OpenCS learning platform. Depending on the situation, the data may originate from:

• the participant directly, for example through submissions, activity in the Platform, or information voluntarily provided in the course context;
• Aalto University systems providing account, identity, enrolment, or course-related information;
• the operation of the Platform itself, including automatically generated logs, progress information, and similar course-operation data; and
• derived information such as progress indicators or summaries of learning activity relevant to the research questions.

11. How the data is used in the research

The data is used to investigate learning and teaching in higher education in the context of the included CS courses. Depending on the research question, this may include analysis of, for example:

• how learners engage with exercises, materials, and feedback;
• how misconceptions, errors, or challenging topics appear in learner work;
• how digital tools, assignments, and course designs support learning and progress;
• how learners use support tools such as feedback, hints, analytics, recommendations, or AI-assisted features; and
• how teachers and courses can be supported through information naturally collected in the learning environment.

The research uses existing data arising in authentic course settings. Where future work would involve separate data collection specifically for research beyond what is normally collected in the course or platform context, such work will be evaluated separately and, where necessary, submitted for separate ethics review.

12. Who can access the data

Access to personal data and research datasets is limited according to role and need. Course teachers and authorised research personnel may access the data necessary for their tasks. Where pseudonymised data is made available to other authorised course staff or researchers for analysis, access is limited in time and scope, recorded where appropriate, and removed after the relevant analysis or according to the research data management plan.

The principal investigator and the responsible teachers for their own courses are responsible for data security. Authorised research personnel and authorised course staff may access data only according to role, need, and the access controls described in this notice.

13. Sharing of data

Personal data used in this research project will not be shared outside Aalto University. Publications arising from the study will report only aggregate findings or sufficiently modified qualitative examples that do not permit identification of individuals. The research dataset itself will not be published.

14. Storage, protection, and safeguards

Research data is stored in Aalto-backed systems and processed on Aalto-managed infrastructure. Where possible, research datasets are pseudonymised before analysis. Only data necessary for the specific research task is retained in working datasets.

The main risks related to the data are the possibility of re-identification from combinations of variables, small cohorts, or rare patterns in the data; the possibility that qualitative examples derived from learner work could be identifying if reported carelessly; and the general risk of unauthorised access during extraction, storage, or analysis. These risks are mitigated through data minimisation, pseudonymisation where possible, role-based access control, limitation of access to authorised persons only, suppression of small cells in reporting, aggregate reporting, and the modification, generalisation, or synthesis of qualitative examples so that individual participants cannot be identified.

A minimum cell-size threshold is applied in publications, and smaller cells are suppressed or merged. Examples derived from student work are sufficiently modified, generalised, or synthesised so that neither the original submission nor its author can be identified.

15. Retention of research data

Data extracts and working datasets are retained only for the duration necessary for the relevant analysis, in accordance with the research plan and applicable university procedures. More generally, where Platform data is used for scientific research, research data is retained in accordance with the relevant research plan, applicable university procedures, and legal requirements. Where possible, research data may later be pseudonymised further or anonymised.

The Aalto OpenCS Platform Privacy Notice separately describes the general retention periods applied in the Platform to user account data, submissions, logs, and other platform data categories.

16. Your rights

According to the General Data Protection Regulation (GDPR), a data subject has the right to:

• receive information on the processing of their personal data;
• right to access the personal data collected and processed;
• right to rectification of inaccurate personal data;
• request that the processing of personal data be restricted;
• object the processing of personal data; and
• right to erasure of personal data if the conditions of Article 17(1) of the Data Protection Regulation are met and processing is no longer necessary for archiving purposes in the public interest or for scientific research or statistical purposes in accordance with Article 89(1).

If the research purpose does not require, or no longer requires, the identification of the data subject, the controller shall not be obliged to obtain further information so that the data or the data subject may be identified only for purposes to enable the data subject to exercise his/her rights. If the controller is unable to link the data to a particular data subject, the data subject does not have the right to access or correct the personal data, object the processing, or delete the personal data. However, if the data subject provides additional information that allows their identification from the research data, the rights will not be restricted.

17. Further information

For general information about personal data processing on the Aalto OpenCS platform, please see the Platform Privacy Notice. For users covered by Aalto University’s general Privacy Notice for Students, more information is also available there. This research privacy notice describes only the research processing for the project identified above.

18. Data Protection Officer and supervisory authority

If the research participant has questions or requests related to data protection or the processing of personal data, the research participant should contact the Data Protection Officer of Aalto University: tel. +358 9 47001 (exchange), dpo@aalto.fi.

In this data request service, you can request the exercise of your rights under GDPR from Aalto University as the controller: https://datarequest.aalto.fi/en-US/.

If a participant of the research study feels that his or her personal data has been processed in violation of data protection legislation, the participant has the right to lodge a complaint with the supervisory authority, the Data Protection Ombudsman’s office. Read more: http://www.tietosuoja.fi.