Privacy policy

Welcome to the Hanken & SSE website

At Hanken & SSE Executive Education, we care about your safety and respect your privacy. We comply with all relevant regulations and we want to be open and transparent with what information we collect and how we use it. We recognise the need to protect the information we collect or that you provide to us.

Please see our marketing and customer register privacy policy below, for our other privacy policies see the following links:

faculty privacy policy

participant privacy policy

supplier privacy policy

job applicant privacy policy

 

Customer and marketing privacy policy

Last updated 24.5.2018

 

1 Controller

Hanken & SSE Executive Education Ab
P. O. Box 479
00101 HELSINKI
FINLAND

(hereafter ”we” or ”Hanken & SSE”)

 

 

2 Contact point for register matters

team@hankensse.fi
+358 40 352 1515
P. O. Box 479
00101 HELSINKI
FINLAND

3 Name of register

CUSTOMER AND MARKETING REGISTER

 

4        What is the legal basis for and purpose of the processing of personal data?

The basis for processing personal data is the legitimate interest of the company based on direct marketing and service provision as well as the performance of a contract.

The purpose of the processing of personal data is:

  • delivery, management and development of our executive education programs and other consulting services,
  • management of customer relations,
  • organising events and alumni activities,
  • feedback, surveys and other information collection and processing,
  • donation collection and management,
  • collection of statistics,
  • analysing and profiling of customers,
  • electronic and other direct marketing,
  • targeting marketing within the networks of the company and other parties.

 

 

5        What data do we process?

We process the following personal data of the customer or other data subject in connection with the customer register:

  • basic information of the data subject such as name*, mother tongue;
  • contact information of the data subject such as email address, phone number, address;
  • information regarding the customer company and its contact persons, such as business names and contact information of the contact persons;
  • event participation details and possible information regarding event participation such as allergy and diet data (which is collected based on the consent of the participant);
  • information regarding the customership, such as information of past orders;
  • possible direct marketing prohibitions and consents;
  • Information related to the behavior of the data subject in the services and website, which is used for profiling purposes such us the sites and services visited, the duration of visits/use, actions taken on the sites and in services;
  • Technical information about the data subject’s end devices such as IP address, MAC address and operating system;
  • other possible information collected based on the consent of the data subject.

 

6        From where do we receive information?

We receive data primarily from the data subject him-/herself, for example by filling in  form on our website. In addition, we receive data from publicly available sources such as company websites, internet, news and professional networking services.

For the purposes described in this privacy notice, personal data may also be updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.

 

7         To whom do we disclose data and do we transfer data outside of EU or EEA?

We may disclose information to the following parties: Hanken School of Economics and Stockholm School of Economics.

We use subcontractors that process personal data on behalf of and for us (data transfer). We have outsourced the IT management and other information systems to external service providers, on whose servers the data is stored. The server is protected and managed by the external service provider.  We also transfer data to our program speakers, accommodation providers and other event partners.

We have ensured your privacy with our subcontractors by entering into the necessary data processing agreements. We cannot name all subcontractors and have thus listed the types of subcontractors.

We may transfer personal data outside of EU/EEA, including to the United States of America. We have taken care of suitable safeguards for the transfer, and use the EU Commission standard contractual clauses or another transfer mechanism approved by the privacy legislation.

 

8        How do we protect the data and how long do we store it?

Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use a system containing personal data. Each user has a personal username and password to the system. The information is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons.

We store the personal data for as long as is necessary considering the purpose of the processing. For customer data, this retention period is until the claim and reclamation period related to our services has elapsed. This period is by default five (5) years from collection. Personal data used for marketing purposes is deleted or updated when it is discovered to be outdated or the data subject is deemed unresponsive to the marketing.

We regularly assess the need for data retention in light of the applicable legislation. In addition, we take reasonable measures to ensure that the personal data in the register is not incompatible, obsolete or inaccurate considering the purpose of the processing. We rectify or delete such information without delay.

 

9        How do we use cookies for processing your data?

A cookie is a small text file that is placed on your device by a web server, this helps us to improve our website and to deliver a better and more personalised online experience to you. You have the ability to accept or decline cookies. By choosing to decline cookies you may not be able to have the full experience of the interactive features of our website. The cookies we use keep track of pages you visit and other website activity, in order to determine what portion of the website is most popular or most used. This data is used to deliver customised content and promotions within the website to visitors whose behavior indicates that they are interested in a particular subject area.

If you do not accept the use of these cookies you can change your browser settings so that cookies from this website can be deleted and cannot be placed on your computer or mobile device. More information about declining and controlling cookies may be found at www.youronlinechoices.eu.

 

10    What are your rights as a data subject?

As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of the data, provided that the request has a legal basis. You also have a right to withdraw or change your consent.

As a data subject, you have a right, according to EU’s General Data Protection Regulation to object to processing or request restricting the processing and lodge a complaint with a supervisory authority responsible for processing personal data.

For specific personal reasons, you also have the right to object to profiling and other processing operations, when the processing of your data is based on our customer relationship with you. In connection with your request, you will need to identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.

As a data subject you have the right to object to the processing of your personal data for direct marketing, including profiling for such purposes.

 

11      Who can you be in contact with?

All contacts and requests concerning this privacy notice must be submitted in writing or in person to the email address mentioned in section two (2).

 

12     Changes in the Privacy Notice

Should we make amendments to this privacy notice we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you regularly visit out webpage and notice possible amendments to this privacy notice. review these privacy protection principles from time to time to ensure you are aware of any amendments made.