PRIVACY POLICY

(Privacy Policy updated 31.5.2018)

 

Suomeksi

 

OBJECTIVE

Aalto University Executive Education Oy, a limited liability company incorporated in Finland, Business ID 0590964-3 (“Aalto EE Finland”) and its subsidiaries FINVA Finanssikoulutus Oy (”FINVA”), a limited liability company incorporated in Finland, Business ID 0291379-4, and Aalto Executive Education Academy Pte Ltd, a limited liability company incorporated in Singapore, UEN: 200000295R (“Aalto EE Singapore”) (Aalto EE Finland, FINVA and Aalto EE Singapore collectively “Aalto EE” or “We”) are committed to protect data privacy and to comply with all applicable privacy and data protection laws and regulations. In addition, when Aalto EE processes personal data on behalf of Aalto University, Aalto EE is also committed to comply with the privacy policy of Aalto University.

 

The purpose of this privacy policy (the “Privacy Policy”) is to describe principles and measures by which Aalto EE strives to ensure a high level personal data protection. Further, this Privacy Policy describes what personal data is collected, how Aalto EE collects, stores, uses and shares personal data and how lawful processing of personal data is secured. Ensuring sufficient data protection of personal data is vital to the continued conduct of Aalto EE’s business and the provision of its services. 

 

The Privacy Policy relates not only the employees of Aalto EE but also to its customers and co-operation partners. The Privacy Policy is applied in the processing of personal data whether automatically, in writing or any other format.

 

In this Privacy Policy the term “Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

The term “processing” shall have the meaning given thereto in the applicable legislation.

 

The Privacy Policy is published and announced internally to all employees as well as to other parties upon request.

WHAT PERSONAL DATA IS COLLECTED

Aalto EE may collect Personal Data of its employees, customers, potential customers, instructors (lecturers, trainers, faculty), partners and other interest groups and, inter alia, following Personal Data may be collected:

  • The name and title of the individual
  • Contact details (phone number and e-mail address)
  • Gender
  • The name, contact details and area of business of the enterprise
  • Information relating to any transaction carried out between Aalto EE and the Data Subject, including information relating to ordering and purchases of Aalto EE’s services
  • Information provided in the form of feedback
  • Information concerning internet behavior
  • Technical data and cookies which the registered have sent to the browser and information connected to this

Of customers Aalto EE may also collect:

  • Date of birth, nationality/nationalities
  • Personal identification number such as passport number; required by the local authority (concerning customers of the Aalto EE Singapore)

Of instructors Aalto EE may also collect:

  • Date of birth, personal identity number

Of employees Aalto EE may also collect:

  • Date of birth, personal identity number, nationality/nationalities

PURPOSES OF PROCESSING YOUR PERSONAL DATA

Processing of Personal Data is usually based on Data Subject’s customer relationship or consent or subject to any applicable law, the legitimate interests of Aalto EE or permitted activities under applicable legislation. We may process your Personal Data, inter alia, for the following purposes:

  1. for providing services to you and to fulfilling your requests and to communicating with you, for example in order to provide information about our services;
  2. in order to improve and develop our business and services;
  3. to customize our services to you;
  4. for marketing research purposes or to inform you about our new services or products or promotions we may offer;
  5. for collecting data for statistical purposes;
  6. managing or terminating an employment relationship during and after the employment relationship; or
  7. for compliance with mandatory legal requirement(s) or in connection with law enforcement or other legal proceedings or when needed in order to defend our legitimate interests.

In addition, date of birth is processed, inter alia, for the following purposes:

  1. for registers of studies and for providing qualifications, certificates and diplomas
  2. as an additional identification factor to ensure the customer’s identity
  3. for statistical purposes relating to Aalto EE events and training programs
  4. for statistical purposes relating to international ranking surveys and international accreditations (without connecting the individual person to the provided information)

Furthermore, nationality/nationalities is processed, inter alia, for the following purposes:

  1. for statistical purposes relating to Aalto EE events and training programs
  2. for statistical purposes relating to international ranking surveys and international accreditations (without connecting the individual person to the provided information)

PRINCIPLES FOR PROCESSING OF PERSONAL DATA

We are committed that our processing of Personal Data comply with all applicable privacy and data protection laws and regulations at any given time.

 

Data Subjects are appropriately informed of the processing at the time when the Personal Data is initially gathered. For each data register maintained by Aalto EE an appropriate privacy notice has been prepared and it is held available for the Data Subjects.

 

We process Personal Data only to the extent appropriate and necessary in order to fulfil the purpose(s) for which it has been collected and to the extent permitted by applicable data protection regulations. Aalto EE is committed to discard obsolete and unnecessary Personal Data in an appropriate manner. We only retain Personal Data as long as it is necessary for the purpose of processing. As required by law or competent authority, Personal Data may be stored for longer.

 

We limit access to our data, data bases and systems containing Personal Data to authorized persons having a justified need to access such information. As also strictly defined through the internal guidelines of Aalto EE, our employees are entitled to process Personal Data only for the purpose for which the data is intended and to the extent it is necessary. The access rights granted to an employee depends on the employee’s role within Aalto EE.

The governance and organization of data protection matters within Aalto EE encompasses the entire organization, as each and every employee is committed to through its own actions is responsible for maintaining and ensuring data protection.

SOURCE(S) FROM WHICH THE PERSONAL DATA ORIGINATE

Personal Data and other information may be collected from various sources e.g. when Data Subjects provide information to Aalto EE, visit Aalto EE’s websites (including social media accounts), participate research or campaigns, request services, sign up for newsletters, download guides or otherwise interact with Aalto EE.

 

Personal Data and other information may be updated also from Aalto EE’s other registers, partners’ registers or supervisory authorities’ and other authorities’ registers merely to the extent provided for by applicable law.

 

In the case the Personal Data consists of date of birth, personal identification number and/or nationality, the source of such Personal Data is always the Data Subject in question (customer, employee or instructor).

 

DISCLOSURE AND TRANSFER OF PERSONAL DATA

Personal Data may be disclosed to or transferred to third parties merely to the extent provided for by applicable law. In general, Aalto EE uses the Personal Data only for its internal business purposes and does not transfer the Personal Data to any external parties without your explicit consent unless stated otherwise below.

 

We reserve the right to provide your Personal Data to third-parties who work for us for the purposes for which the Personal Data was initially collected, e.g. by assisting Aalto EE in facilitating and providing its services as well as fulfilling its obligations towards employees, authorities, customer and co-operation partners. Any third party having or gaining access to Persona Data will have access to and may use such data only to the extent it is necessary for the performance of the tasks and activities agreed upon with Aalto EE and subject to written agreements including appropriate conditions to ensure the confidentiality and sufficient data protection. Such third-parties are not allowed to use Personal Data for other purposes or to transfer Personal Data onwards to other parties.

 

As required by law or competent authority, Personal Data may also be disclosed and transferred to supervisory authorities and other authorities.

Aalto EE Finland does not generally transfer your Personal Data to third-parties outside the EU or the European Economic Area (EEA), apart from disclosing or transferring Personal Data to Aalto EE Singapore. Further, Aalto EE Singapore does not generally transfer your Personal Data to third-parties outside Singapore, apart from disclosing or transferring Personal Data to Aalto EE Finland. To the extent Personal Data is disclosed to or transferred outside EU or EEA (by Aalto EE Finland) or outside Singapore (by Aalto EE Singapore), Aalto EE has ensured and safeguarded that there is a legal basis for such a transfer and that sufficient and appropriate level of data protection is provided as required by applicable legislation.

COOKIES

Aalto EE may use cookies and other similar technologies on its websites to collect data concerning the user’s computer and other terminal devices. Cookies are very small text files that are stored on computer or other device when user visits websites. These records typically include IP-address, access times, the sites linked from, pages visited, the links and features used, the content viewed or requested, browser or application type, language and other such information. Cookies improve the user experience by enhancing browsing and customizing the website and by saving you from having to log in repeatedly, for example.

 

We use website analytics, such as Google Analytics and Hotjar and information collected by means of cookies, browser identification and other similar technologies to gather statistics about the users of the Aalto EE’s website with the aim to e.g. improve the contents of the website, develop our services, customize the contents of our services and marketing communications. Generally, the information we collect using these website analytics does not identify any person by name. If, however, user e.g. signs up on a newsletter on Aalto EE’s website or purchases services or comes to the website through a link from any Aalto EE marketing email, Aalto EE may link the information Aalto EE collects using marketing automation to other information that identifies person.

 

The use of cookies can be adjusted in your browser settings. If you do not want us to use any cookies, you need to change your browser settings on your computer or other device you are using for accessing Aalto EE’s website. Otherwise we assume you are willing to receive all cookies on the Aalto EE site.

 

OTHER SITES

We may have links to third-party websites or resources that are not owned or controlled by Aalto EE and that have their own privacy policies. You note and agree that we do not control or review their privacy policies nor are we responsible for their policies in regard of data privacy and protection of Personal Data. You agree that clicking these links or using the third party sites or services is at your own risk. Therefore you are recommended to familiarize yourself with their privacy policies before accessing or using any third party links, sites and applications.

Aalto EE has adopted third-party services to carry out advertising and marketing.

 

RIGHTS OF DATA SUBJECT

Right of access

Data Subject has the right to obtain a confirmation from the Personal Data controller (Aalto EE) as to whether or not Personal Data concerning him or her are being processed in the register, and, where that is the case, access to the Personal Data.

Right of correction

Data Subject has the right to request that corrections be made to his or her Personal Data where necessary to correct an error or omission in the Personal Data. Such correction shall, subject to any applicable law, be made as soon as practicable if there are reasonable grounds for the request.

Right to restriction of processing

Data Subject has the right to obtain from the controller restriction of processing Personal Data, if the controller is restricted processing of Personal Data under applicable law. However, the right shall not apply if there is other legal grounds that permit the controller to process of Personal Data.

Right to erasure (‘right to be forgotten’)

Subject to applicable legislation, Data Subject has the right to obtain from the controller the rectification of inaccurate personal data, incomplete personal data completed and the erasure of personal data concerning him or her. However, the right shall not apply if there is other legal ground that permits controller processing of personal data.

Right to data portability

Data Subject has the right to receive the Personal Data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller.

Right to lodge complaint

Data Subject has right to lodge a complaint with the relevant supervisory authority in the event the Data Subjects have concerns or remarks regarding Aalto EE’s processing activities.

Other rights

Should the processing of Personal Data be based on the Data Subject’s consent, the Data Subject may at any time revoke consent by contacting Aalto EE.

 

Data Subject has the right to object at any time to processing of Personal Data concerning him or her for direct marketing or any other purpose if there is no other legal ground that permits controller processing of Personal Data.

This Privacy Policy will not limit your rights granted by the applicable law.

 

***

 

Our contact details are provided below. Note that, in order to be able to answer your privacy related questions we may need to identify you before processing any requests. Aalto EE may not necessarily be able to fully meet the Data Subject’s request, if there is legal grounds that prevents Aalto EE from adhering to the Data Subject’s request. In this case, the Data Subject will be duly notified thereof.

Furthermore, please note that, if you wish to delete Personal Data or cease the processing of it, we may not be able to continue providing the services for you.

 

THE CONTROLLER OF YOUR PERSONAL DATA

Your Personal Data is controlled by Aalto University Executive Education Oy (Business ID 0590964-3), Mechelininkatu 3 C, 00100 Helsinki or by Aalto Executive Education Academy Pte Ltd (UEN: 200000295R), 25 North Bridge Road, EFG Bank Building, Unit 02-01 Singapore 179104.

In any queries or questions relating to this Privacy Policy, you can also contact us via e-mail to dpo@aaltoee.fi (Aalto EE Finland and FINVA) or dpo@aaltoee.sg (Aalto EE Singapore) give us feedback on our website.

AUTOMATED DECISION-MAKING AND PROFILING

In general, Aalto EE is not using Personal Data for automated decision-making and profiling. In case automated decision-making or profiling is used the Data Subject has the right to object to it at any time.

 

Important information to our website visitors and email newsletter subscribers

 

CHANGES TO THIS PRIVACY POLICY

Aalto EE reserves the right to modify this Privacy Policy from time to time. Because of this, Aalto EE encourages you to regularly review the latest privacy policy. The date of the latest update will be presented in the beginning of the Privacy Policy.