Privacy statement

This is the Privacy statement compliant with the EU General Data Protection Regulation (GDPR) for the website of HigherEd Hub Finland Oy (HEHF).

Prepared on 14 January 2025.

1. Controller

HigherEd Hub Finland Oy (HEHF)

2. Contact information for matters concerning the file

3. File name

Personal data file for the website of HigherEd Hub Finland Oy (HEHF).

4. Purpose of and grounds for processing personal data

The purpose of personal data processing is technical maintenance of the site, tasks related to content and marketing, and development tasks. A user that lands on the website is informed of the cookies used on it. Strictly necessary cookies are used to ensure the site’s functionality, usability and information security.

The use of visitors’ IP addresses and strictly necessary cookies is based on legitimate interest relating to website maintenance, functionality, development and errors as well as investigation of abuses. Personal data processing related to optional cookies on the site is based on the data subject’s consent. HEHF undertakes to comply with the requirements of data protection legislation when processing personal data.

When a visitor arrives in HEHF’s website, consent for cookies is requested separately in a notification that appears on the screen. The visitor can reject all cookies except those strictly necessary for the functioning of the site.

The data will not be used for automated decision-making or profiling.

5. File data content

The following data concerning visitors to HEHF’s public website may be stored:

-The website from which the visitor came to the site

– Display resolution

– Number of visits to the site

– Browser used by the visitor

– Types of devices used to access the site (mobile or desktop devices)

– Length of time the visitor spent on the site

– Total traffic volume on the site  

No analytics data will be disclosed to third parties.

Pursuant to the Act on Electronic Communications Services (917/2014), cookies are used on this website without violating the service user’s privacy protection. Cookies are not used to link website visitors to personal data or contact details, nor to examine or copy the visitor’s terminal device data. The data collected by the cookies are sent on without personal data, and these anonymised data are used to monitor trends of site use.

The site uses Google Analytics to measure site traffic and to produce statistical data on it. Visit here for more information about data protection in Google Analytics. The visitor can reject Google Analytics cookies in the cookie settings.

The site also uses Google Tag Manager to facilitate the management of tags used on the site as well as to enable and facilitate visitor monitoring by Google Analytics. For more information on data protection in Google Tag Manager, visit here.

For more information on cookies and their retention periods, see the Cookie policy page.

6. Regular disclosures of data and transfer of data outside the EU or EEA

No regular disclosures of data are made to other parties.

The data are not processed outside the EU or EEA.

7. Principles for the protection of the file

The controller ensures that the data are processed carefully and that information security is appropriately provided for at both the physical and digital levels. By access rights management, access to the data has been limited to the persons who need it to perform their duties. 

8. Right of access and right to rectification

The data subject has the right to check their data stored in the file, as well as the right to rectification and complementation of inaccurate or incomplete personal data concerning them. 

If the data subject wishes to check the data concerning them that have been stored or demand their rectification, the request should be made to the controller in writing. If necessary, the controller may ask the person making the request to prove their identity. 

The controller responds to the customer within the time period laid down in the EU General Data Protection Regulation (usually one month). 

9. Other rights related to the processing of personal data

A person in the file has the right to request the erasure of their personal data from the file (‘right to be forgotten’). The data subjects also have the other rights laid down in the EU General Data Protection Regulation, such as the right to restrict the processing of personal data in certain circumstances. 

Any requests should be made to the controller in writing. If necessary, the controller may ask the person making a request to prove their identity. 

The controller responds to the customer within the time period laid down in the EU General Data Protection Regulation (usually one month).