Customer and marketing privacy policy
Last updated 11 March 2022
At Hanken & SSE Executive Education, we respect your privacy. We comply with all relevant regulations, and we want to be open and transparent with what information we collect and how we use it. We recognise the need to protect the information we collect or that you provide to us.
1 Controller
Hanken & SSE Executive Education Ab
P. O. Box 479
00101 Helsinki
Finland
dataprotection@hankensse.fi
(hereafter ”we” or ”Hanken & SSE”)
2 Who can you be in contact with?
All contacts and requests concerning this privacy policy must be submitted in writing to the email address mentioned in section one (1).
3 What is the legal basis for and purpose of the processing of personal data?
The basis for processing personal data is the legitimate interest of the company based on direct marketing and service provision as well as the performance of a contract.
The purpose of the processing of personal data is:
- delivery, management and development of our executive education programmes and other consulting services,
- management of customer relations,
- organising events and alumni activities,
- feedback, surveys and other information collection and processing,
- donation collection and management,
- collection of statistics,
- analysing and profiling of customers,
- electronic and other direct marketing,
- targeting marketing within the networks of the company and other parties.
4 What data do we process?
We process the following personal data of the customer or other data subject in connection with the customer register:
- basic information of the data subject such as name*, mother tongue;
- contact information of the data subject such as email address, phone number, social media addresses, address;
- information regarding the customer company and its contact persons, such as business names and contact information of the contact persons;
- event participation details and possible information regarding event participation such as allergy and diet data (which is collected based on the consent of the participant);
- information regarding the customership and contract, such as information of past and existing contracts and orders, other transaction information;
- possible direct marketing prohibitions and consents;
- information related to the behavior of the data subject in the services and website, which is used for profiling purposes such us the sites and services visited, the duration of visits/use, actions taken on the sites and in services;
- technical information about the person’s devices such as online identifiers, and operating system;
- other possible information collected based on the consent of the data subject.
5 From where do we receive information?
We receive data primarily from publicly available sources such as company websites, internet, news and professional networking services.
For the purposes described in this privacy policy, personal data may also be collected and updated based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.
6 To whom do we disclose data, and do we transfer data outside of EU or EEA?
We use subcontractors that process personal data on behalf of and for us (data transfer). We have outsourced the IT management and other information systems to external service providers, on whose servers the data is stored. The server is protected and managed by the external service provider. We also transfer data to event partners.
We have ensured your privacy with our subcontractors by entering into the necessary data processing agreements. We cannot name all subcontractors and have thus listed the types of subcontractors.
We may transfer personal data outside of EU/EEA, including to the United States of America. We have taken care of suitable safeguards for the transfer and use the EU Commission standard contractual clauses, or another transfer mechanism approved by the privacy legislation.
7 How do we protect the data and how long do we store it?
Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use a system containing personal data. Each user has a personal username and password to the system. The information is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons.
We store the personal data for as long as is necessary considering the purpose of the processing. For customer data, this retention period is until the claim and reclamation period related to our services has elapsed. Personal data used for marketing purposes is deleted or updated when it is discovered to be outdated or the data subject is deemed unresponsive to the marketing.
We regularly assess the need for data retention in light of the applicable legislation. In addition, we take reasonable measures to ensure that the personal data in the register is not incompatible, obsolete or inaccurate considering the purpose of the processing. We rectify or delete such information without delay.
8 What are your rights as a data subject?
As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of the data, provided that the request has a legal basis. You also have a right to withdraw or change your consent.
As a data subject, you have a right, according to EU’s General Data Protection Regulation to object to processing or request restricting the processing and lodge a complaint with a supervisory authority responsible for processing personal data.
For specific personal reasons, you also have the right to object to profiling and other processing operations, when the processing of your data is based on our customer relationship with you. In connection with your request, you will need to identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.
As a data subject you have the right to object to the processing of your personal data for direct marketing, including profiling for such purposes. You can unsubscribe either via a link at the end of marketing emails or in writing to the email address mentioned in section one (1).
9 Changes in the Privacy Policy
Should we make amendments to this privacy policy we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you regularly visit our webpage and policy possible amendments to this privacy policy. review these privacy protection principles from time to time to ensure you are aware of any amendments made.
Faculty privacy policy
Last updated 14.10.2021
At Hanken & SSE Executive Education, we respect your privacy. We comply with all relevant regulations, and we want to be open and transparent with what information we collect and how we use it. We recognise the need to protect the information we collect or that you provide to us.
1 Controller
Hanken & SSE Executive Education Ab
PL 479
00101 Helsinki
Finland
dataprotection@hankensse.fi
(hereafter ”we” or ”Hanken & SSE”)
2 Who can you be in contact with?
All contacts and requests concerning this privacy policy must be submitted in writing to the email address mentioned in section one (1).
3 What is the legal basis for and purpose of the processing of personal data?
The basis for processing personal data is legal requirement, the performance of a contract and the legitimate interest of the company based on faculty member relationship.
The purpose of the processing of personal data is:
- delivery, management and development of our executive education programmes and other services,
- proposal creation and programme sales as well as other marketing purposes,
- career and development counselling,
- feedback collection and processing,
- organizing events and alumni activities,
- management of faculty relations,
- fulfilment of contractual obligations and other undertakings of Hanken & SSE,
- disclosures to tax and other authorities.
4 What data do we process?
We process the following personal data of the faculty member or other data subject in connection with the faculty register:
- basic information of the faculty member such as name*, date of birth, username and/or other identifier, password, gender, mother tongue*;
- contact information of the faculty member such as email address, phone number, home address;
- payment information of the faculty member such as bank account number and tax card information;
- information of company and company’s contact persons (if the faculty member works via a company) such as Business ID, address, names and contact details of the contact persons, bank account and invoicing information of the company;
- information regarding the qualifications and profession of the faculty member such as education*, degrees, institution or employer*, certificates or other special training, prior Hanken & SSE programme participation, field of specialty, photograph;
- event participation details and possible information regarding the event, such as accommodation and travel data, allergy and diet data (which is collected based on the content of the faculty member);
- material prepared and produced by the faculty member in connection with the programme such as presentations, materials, handouts, feedback,
- possible direct marketing prohibitions and consents;
- other possible information collected based on the consent of the data subject.
Providing the information marked with an asterisk is a prerequisite for our contractual relationship. We cannot enter into the relationship without the necessary information.
5 From where do we receive information?
We receive data primarily from the data subject him-/herself.
For the purposes described in this privacy policy, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.
6 To whom do we disclose data, and do we transfer data outside of EU or EEA?
We disclose information to the following parties: Hanken and Stockholm School of Economics. We also disclose information to prospective and existing customers, tax and other authorities.
We use subcontractors that process personal data on behalf of and for us (data transfer). We have outsourced the IT management, bookkeeping and education information systems to external service providers, on whose servers the data is stored. The server is protected and managed by the external service provider. We also transfer data to our programme speakers, accommodation providers and other event partners.
We have ensured your privacy with our subcontractors by entering into the necessary data processing agreements. We cannot name all subcontractors and have thus listed the types of subcontractors.
We may transfer personal data outside of EU/EEA, including to the United States of America. We have taken care of suitable safeguards for the transfer and use the EU Commission standard contractual clauses, or another transfer mechanism approved by the privacy legislation.
7 How do we protect the data and how long do we store them?
Only those of our employees, who on behalf of their work are entitled to process faculty data, are entitled to use a system containing personal data. Each user has a personal username and password to the system. The information is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons.
We store the personal data for as long as is necessary considering the purpose of the processing. For the faculty’s personal data, this retention period is based on legal requirements (e.g., taxation) or a claim or reclamation period. By default, the data is kept for ten (10) years after the programme or event in which the faculty member participated has ended.
We regularly assess the need for data retention in light of the applicable legislation. In addition, we take reasonable measures to ensure that the personal data in the register is not incompatible, obsolete or inaccurate considering the purpose of the processing. We rectify or delete such information without delay.
8 What are your rights as a data subject?
As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of the data, provided that the request has a legal basis. You also have a right to withdraw or change your consent.
As a data subject, you have a right, according to EU’s General Data Protection Regulation to object to processing or request restricting the processing and lodge a complaint with a supervisory authority responsible for processing personal data.
For specific personal reasons, you also have the right to object to profiling and other processing operations, when the processing of your data is based on our legitimate interest. In connection with your request, you will need to identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.
As a data subject you have the right to object to the processing of your personal data for direct marketing, including profiling for such purposes.
9 Changes in the Privacy Policy
Should we make amendments to this privacy policy we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you regularly visit our webpage and policy possible amendments to this privacy policy. Review these privacy protection principles from time to time to ensure you are aware of any amendments made.
Participant privacy policy
Last updated 3.11.2022
At Hanken & SSE Executive Education, we respect your privacy. We comply with all relevant regulations, and we want to be open and transparent with what information we collect and how we use it. We recognise the need to protect the information we collect or that you provide to us.
1 Controller/processor
Hanken & SSE Executive Education Ab
PL 479
00101 Helsinki
Finland
dataprotection@hankensse.fi
(hereafter ”we” or ”Hanken & SSE”)
Hanken & SSE functions as a controller in outplacement programmes, and programmes into which the participant enrols him-/herself.
Hanken & SSE functions as a processor in multi-company programmes, and programmes that are tailored and held for the customer company only.
2 Who can you be in contact with?
All contacts and requests concerning this privacy policy must be submitted in writing to the email address mentioned in section one (1).
3 What is the legal basis for and purpose of the processing of personal data?
The basis for processing personal data is providing the service or agreement which is ordered by the participant or the customer company.
The purpose of the processing of personal data is:
- delivery, management and development of our services,
- career and development counselling,
- analyzing and profiling of participants,
- feedback, surveys and other information collection and processing,
- requests for referrals and future speaking opportunities,
- organizing events and alumni activities,
- collection of statistics,
- fulfilment of contractual obligations and other undertakings of Hanken & SSE.
4 What data do we process?
We generally process the following personal data of the data subject, depending on the programme:
- basic information such as name*, date of birth, citizenship, country of residence, gender, mother tongue, photograph, personal identity code (for certain purposes to be agreed separately);
- contact information such as email address*, phone number, social media addresses, home address;
- event participation details and possible information regarding the event, such as allergy and diet data (which is collected based on the consent of the participant);
- technical information about the participant’s devices such as online identifiers, and operating system;
- meeting / coaching session notes, survey and profiling results;
- other possible information collected based on the consent of the data subject;
- for EMBA programme application/participation we also process:
a) current employer, job title, duties of work, international experience, degrees or other professional studies, language skills, possible referrers, extra-curricular activities, goals and aims for the programme as well as reasons for applying, and information about where the data subject heard of the programme;
b) information regarding the executive education programmes the person has taken part in such as programme name, programme’s date and duration, content of the programme, assignments, project work, thesis, videos and other materials produced in the programme, certificates and diplomas awarded, MBA scores;
The information marked with an asterisk is a prerequisite to providing the service.
5 From where do we receive information?
We receive data primarily from the data subject him-/herself and/or his/her employer.
6 To whom do we disclose data, and do we transfer data outside of EU or EEA?
We primarily store personal data within EU/EEA.
We use subcontractors that process personal data on behalf of and for us (data transfer). We have outsourced the IT management and other education information systems to external service providers, on whose servers the data is stored. The server is protected and managed by the external service provider. We also transfer data to our programme speakers, accommodation providers and other event partners. Your name and employer organisation might be visible in name tags or participant lists in meeting rooms or virtual environments.
Some subcontractors may transfer personal data outside of EU/EEA, including to the United States of America. We have taken care of suitable safeguards for the transfer, and use the EU Commission standard contractual clauses or another transfer mechanism approved by the privacy legislation.
We have ensured your privacy with our subcontractors by entering into the necessary data processing agreements. We cannot name all subcontractors and have thus listed the types of subcontractors.
EMBA participants: We disclose information to the following parties: Hanken Svenska handelshögskolan and Stockholm School of Economics, statistical and other authorities as required.
7 How do we protect the data and how long do we store them?
Only those of our employees, who on behalf of their work are entitled to process participant data, are entitled to use systems containing personal data. Each user has a personal username and password to the system. The information is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons.
We store the personal data for as long as is necessary considering the purpose of the processing. For personal data used for participant purposes, this retention period is until the claim and reclamation period related to our services has elapsed, or as long as we need to provide the customer with programme participation information or certificates or authorities with programme participation statistics. This period is by default five (5) years from the end of the programme. Personal data used for marketing purposes is deleted or updated when it is discovered to be outdated or the data subject is deemed unresponsive to the marketing.
We regularly assess the need for data retention in light of the applicable legislation. In addition, we take reasonable measures to ensure that the personal data in the register is not incompatible, obsolete or inaccurate considering the purpose of the processing. We rectify or delete such information without delay.
8 What are your rights as a data subject?
As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of the data, provided that the request has a legal basis. You also have a right to withdraw or change your consent.
As a data subject, you have a right, according to EU’s General Data Protection Regulation to object to processing or request restricting the processing and lodge a complaint with a supervisory authority responsible for processing personal data.
For specific personal reasons, you also have the right to object to profiling and other processing operations, when the processing of your data is based on our legitimate interest. In connection with your request, you will need to identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.
As a data subject you have the right to object to the processing of your personal data for direct marketing, including profiling for such purposes.
9 Changes in the Privacy Policy
Should we make amendments to this privacy policy we will place the amended statement on our website or in another appropriate channel, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you regularly visit our webpage and review this privacy policy to ensure you are aware of any amendments made.
Supplier privacy policy
Last updated 14.10.2021
At Hanken & SSE Executive Education, we respect your privacy. We comply with all relevant regulations and we want to be open and transparent with what information we collect and how we use it. We recognise the need to protect the information we collect or that you provide to us.
1 Controller
Hanken & SSE Executive Education Ab
PL 479
00101 Helsinki
Finland
dataprotection@hankensse.fi
(hereafter ”we” or ”Hanken & SSE”)
2 Who can you be in contact with?
All contacts and requests concerning this privacy policy must be submitted in writing to the email address mentioned in section one (1).
3 What is the legal basis for and purpose of the processing of personal data?
The basis for processing personal data is legal requirement, the performance of a contract and the legitimate interest of the company based on supplier and subcontractor relationship.
The purpose of the processing of personal data is:
- management of ICT, HR and healthcare, financial and other company support services and systems,
- management of sales and sales support services and systems,
- management of programme support systems such as participant registration systems, learning management systems, feedback processes and systems,
- fulfilment of contractual obligations and other undertakings of Hanken & SSE,
- disclosures to tax and other authorities,
- management of supplier relations.
4 What data do we process?
We process the following personal data of the supplier or other data subject in connection with the supplier register:
- information regarding the supplier company and its contact persons, such as names and contact information of the contact persons*;
- information regarding the suppliership and contract, such as information of past and excisting contracts and orders, other transaction information.
Providing the information marked with an asterisk is a prerequisite for our contractual relationship and/or supplier relationship. We cannot enter into the relationship without the necessary information.
5 From where do we receive information?
We receive data primarily from the data subject him-/herself and/or his/her employer (supplier).
For the purposes described in this privacy policy, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.
6 To whom do we disclose data and do we transfer data outside of EU or EEA?
We disclose information to subcontractors that process personal data on behalf of and for us (data transfer). We have outsourced the IT-management to an external service provider, to whose server the data is stored. The server is protected and managed by the external service provider.
We may transfer personal data outside of EU/EEA, including to the United States of America. We have taken care of suitable safeguards for the transfer, and use the EU Commission standard contractual clauses or another transfer mechanism approved by the privacy legislation.
7 How do we protect the data and how long do we store them?
Only those of our employees, who on behalf of their work are entitled to process supplier data, are entitled to use a system containing personal data. Each user has a personal username and password to the system. The information is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons.
We store the personal data for as long as is necessary considering the purpose of the processing. For suppliers’ personal data, this retention period is until the claim and reclamation period related to the supplier’s products or services has elapsed.
We regularly assess the need for data retention in light of the applicable legislation. In addition, we take reasonable measures to ensure that the personal data in the register is not incompatible, obsolete or inaccurate considering the purpose of the processing. We rectify or delete such information without delay.
8 What are your rights as a data subject?
As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of the data, provided that the request has a legal basis. You also have a right to withdraw or change your consent.
As a data subject, you have a right, according to EU’s General Data Protection Regulation to object to processing or request restricting the processing and lodge a complaint with a supervisory authority responsible for processing personal data.
For specific personal reasons, you also have the right to object to profiling and other processing operations, when the processing of your data is based on our customer relationship with you. In connection with your request, you will need to identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.
9 Changes in the Privacy Policy
Should we make amendments to this privacy policy we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you regularly visit out webpage and policy possible amendments to this privacy policy. review these privacy protection principles from time to time to ensure you are aware of any amendments made.