Privacy and data protection

hands on laptop
Here you find more information on the privacy policy of Hanken School of Economics and its handling of personal data. 

In the Privacy Policy we describe how we collect, handle, and disclose personal data. On this page you will also find information about the Steering Group for Data Protection and the Data Protection Officer.

If you have questions regarding your personal data, please contact

Specific guidelines on privacy and data protection can be found here (behind login):

Privacy Policy

The scope of this Privacy Policy covers Hanken’s Data Controller on web sites, in education, research, study office, communication, IT services, office of budgeting and accounting, library, and in HR.  

The main principle is personal data is to be processed lawfully, fairly and in a transparent manner to protect the rights of the data subject.

How do we process personal data?

All processing of personal data is to comply with current and applicable law including the European Data Protection Regulation.

In case we use a provider or partner to process personal data, we will sign a data processing agreement to ensure that the processing complies the requirements of this policy.

We protect the personal data we process with data security based on data protection impact assements. Processing is also protected by following best practices based on guidelines and descriptions.

We aim to protect the rights of the data subjects by applying privacy by design when we deploy IT services and procedures. We will meet the requirement of privacy by default by minimising processing of personal data.

We will document handling of personal data by descriptions according to legal requirements.

In case of a data breach, we will report it to the Data Protection Officer.  We will also inform you about an incident if it would cause a big risk for you. Contact the Data Protection Officer at Hanken,, in case of a personal data breach or in case of a suspected or high risk on inappropriate leaks of personal data.

What personal data do we collect?

On our web sites we generally collect data about your IP address and other information about your session, but this information will not be connected to your person. We do use cookies to adapt your session. Read more about our cookies.

If you log in as a user, logs will be generated on what you read and write.

We collect your postal address and e-mail in order to communicate with you.

We collect logs in IT and library services on how you use the services. To ensure physical security we have installed access control and logging enabled for some facilities.  The access to logs is restricted.

If you are studying at Hanken we will collect information about your studies and your presence.

We protect personal data in research by best practices and code of conducts.

If you are employed at Hanken we will collect and process your personal data according to requirements regarding employers.

For what purposes do we process personal data?

We process personal data on our web sites to adapt the service for you based on your choices.

We need your contact information to be able to communicate with you.

We register your contact information, your presence and your study results to make it possible for to study at Hanken.

If you are employed at Hanken we will collect such information about you which is required by the law.

When do we erase personal data?

We can erase your personal data upon request in case of marketing or alumni activities.

We have legal requirements to preserve information about your study results. Information about tasks related to a course will be erased according to our information management plan.

If you are employed by Hanken, we have a legal obligation to preserve information about you.

The information management plan of Hanken will define in detail when personal data is to be erased.

Disclosure of personal data

We will not disclose your personal data to third parties if the party is not our data processor.

We will not disclose your personal data to third countries if compliant data protection cannot be ensured.

Right to object and right to rectification

You have the right to obtain information and obtain rectification on processing of your personal data.

Contact primarily the contact person in the unit who handles your personal data in question.
If it is unclear who to contact of if you want to file a complaint, contact our Data Protection Officer,

Steering Group for Data Protection

The Rector has appointed a steering group to lead and supervise implementation of data protection compliance requirements and adequate processing of personal data.

The Steering Group will

  • Supervise that effective technical an organisation measures can be shown to meet the compliance criteria and coordinates operations to ensure implementation of the measures
  • Supervise that records of processing activities meet the requirements
  • Supervise Implementation of data protection impact assessments
  • Process reports from the data protection officer
  • Adhere to the supervision of a chairperson who allocates resources and responsibilities.

The Steering Group consists of a Dean, Directors for the administration and support units, the lawyer for the School, Head of Research Funding Services and the information security manager. The Data Protection Officer will act as the secretary for the Steering Group.

Data Protection Officer

The School has appointed a Data Protection Officer with the following tasks:

  • Monitor compliance with data protection requirements in all functions of the School and reports on issues of non-compliance
  • Informs and provides advise to management, staff, and students processing personal data on data protection compliance requirements
  • Advises on request on implementing data protection impact assessment and supervise the assessments.
  • Is a point of contact for data subjects on questions on processing of personal data.
  • Is the contact person for the data protection supervising authority and cooperates with the authority