1. Data
    controller

Hanken & SSE Executive Education Ab

PL 479 (Hietaniemenkatu 7 A)

00101 Helsinki

+358 40 352 1515

team@hankensse.fi


  1. Data
    processor

Mediamaisteri Oy

PL 82 (Uimalankatu 1)

33101 Tampere

+358
10 281 8000

info@mediamaisteri.com


  1. Name
    of the register

Learning management system’s user register.


  1. The
    purpose of the processing

Offering learning management services.


  1. The
    personal data processed in the register

Registry
consists of user’s basic information such as name, email address,
username, password, and photo. Additionally, user can submit
information him-/herself.


  1. Regular
    sources of information

Personal data is received from the data subject
him-/herself and/or his/her employer.


  1. Transfers
    of personal data

Name of the user is accessible by other users if
the programme contains interactive parts. Personal data will not be
transferred outside EU/EEA.


  1. Personal
    data storage time

We store the personal data for as long as is
necessary considering the purpose of the processing.


  1. General
    description of the technical and organizational security measures

Records are secured with usernames, passwords, and
firewalls. The required network traffic of the service is protected.
Records are available only to specifically selected personnel. Data
processing personnel are under formal obligation of professional
secrecy.


  1. Data
    subject’s rights

As a data subject you have a right to inspect the
personal data concerning yourself, which is stored in the register,
and a right to require rectification or erasure of the data, provided
that the request has a legal basis. You also have a right to withdraw
or change your consent.

As a data subject, you have a right, according to
EU’s General Data Protection Regulation to object to processing or
request restricting the processing and lodge a complaint with a
supervisory authority responsible for processing personal data.

Enquiries regarding subject’s rights should be
addressed to the data controller.