Privacy Policy

GU Executive Education
Privacy Policy
GU Executive Education know that our customers care about how information about them is stored,
used and shared, and we appreciate their trust that we will do so carefully and sensibly. This notice
describes our privacy policy.
1. What Personal Data About Customers Does GU Executive
Education Gather?
From potential customers who actively show interest in contact with us about the programmes
delivered by GU Executive Education, through registration on our website, response to our email
campaigns or to our social media campaigns, we collect the following data:
• Full name
• Email address
• Phone number
• Company name
• Function or position within the company
This data will help us keep contact with the potential customers to provide further information regarding
our offers and our open information meetings, matching their stated or perceived needs. We use a cloudbased Customer Relationship Management (CRM) system ( to store the data we collect.
As participation to an Executive MBA programme is often a very long decision-making process, storing
data of potential customers for 3-5 years is necessary for us to provide potential customers with
information and updates.
From customers who participate in our Executive MBA programmes, beside the data mentioned above,
we record the following data throughout the application process and study period:
• Civic registration number
• Passport number
• Address
• Portfolio of qualifications including family’s background, education and training, competences
and skills
• Diploma and academic record
• Letter of nomination from employer
• Study result record
This data is essential for us to be able to assess to what extent our customers’ profiles and experiences
meet the admission requirements of the Executive MBA programme and to keep track of their
participation and performance during the delivery of the programme. As for potential customers, we use
a cloud-based Customer Relationship Management (CRM) system ( to store the data we
collect. All the programme-related data of customers is also stored in our internal file server managed
by the IT department at the University of Gothenburg.
For Alumni of GU Executive Education: After the customers have finished the Executive MBA
programme, they become alumni of GU Executive Education. We wish to maintain the storage of data
• Full name
• Email address
• Phone number
• Company name
• Function or position within the company
This data helps us provide the alumni regular information about our school and have opportunities in
maintaining, broadening social and professional contacts as well as developing business network
through annual events at our school and through co-hosted events at companies.
From customers who participate in our Custom programmes or Open-enrolment programmes, we
record the following data:
• Full name
• Email address
• Phone number
• Company name
• Function or position within the company
This data is necessary for us to be able to provide to the customers all necessary details regarding the
custom programs such as welcome letter, reading materials and course evaluations. We store the data
in our internal file server managed by the IT department at the University of Gothenburg.
2. Who Is Responsible for Processing Personal Data About
Any personal data provided to or gathered by GU Executive Education is controlled by GU Executive
Education and The University of Gothenburg. For the personal data used to maintain relationships and
communicate with customers, Pipedrive OÜ, located at Paldiski mnt 80, Tallinn, 10617, Estonia, acts as
data processor on behalf of the data controllers.
3. Grounds for Using Customers Personal Data of GU Executive
GU Executive Education primarily process customers’ personal data to fulfill the obligations under the
signed contract in providing the Executive MBA programme. For other purposes, GU Executive
Education rely on our legitimate interests in maintaining relationships and communicating with
customers about our operations and our events. We consider that our legitimate interests abide by the
law, the legal rights and freedoms of our business contacts.
Customers’ data is saved in GU Executive Education’s system as described above as long until a
request for the termination of the data storage is given by customers.
4. Does GU Executive Education Share The Data It Receives?
Data about our customers is an important prerequisite to successfully running our business. We are not
in the business of selling it to others. We share customers’ data only as described below:
• The Graduate School at the School of Business, Economics and Law, University of
Gothenburg (SBEL): We work closely with the Graduate School, as the Graduate School is
responsible for the academic dimension of the Executive MBA programme. Customers’ information
is shared with the Graduate School to register customers on the following platforms:
– Ladok: Ladok is the database common to all higher education entities in Sweden for documenting
study results and personal data. Name, civic registration number, address, admissions, course
registrations and study results are examples of personal information recorded in Ladok. In Ladok
online, the customers can for example, see and make changes to their contact information,
access course registrations, access and extract study results and certificates.
– Library: Upon admission to the programme, customers are registered to the library system of the
University of Gothenburg and get a “University Access Card” that gives them access to classroom
and library facilities.
– Canvas: Canvas is the University of Gothenburg’s file repository and learning platform. Upon
admission to the programme, customers are registered to Canvas to be able to actively participate
in a course and access all information regarding the studies, such as schedule and reading
– University of Gothenburg’s Alumni database: After the graduation from EMBA programme,
contact information of customers is shared with the Alumni organization of at SBEL, which works
for the benefit of all alumni. Alumni receive regular information about the School and have
opportunities in developing business network through annual events at the School and through
co-hosted events at companies.
• Zhejiang University, Fudan University Shanghai and Indian Institute of Management
Bangalore: As the customers will spend two modules abroad in China and India, customers’ contact
information will be shared with these three partner universities and their event agencies, to enable
the arrangements of the study trips, such as invitation letters for visa application, travel and
• Third-Party Service Providers: We engage other companies to perform functions on our behalf.
Examples include sending postal mail, running e-mail campaigns, analyzing data and providing
advertising or PR assistance. They have access to our personal information needed to perform their
functions, but may not use it for other purposes.
• Law Enforcement, Legal Process and Compliance: We may disclose Personal Data or other
information if required to do so by law or in the good-faith belief that such action is necessary to
comply with applicable laws, in response to a facially valid court order, judicial or other government
subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental
We also reserve the right to disclose Personal Data or other information that we believe, in good
faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others
from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against
any third-party claims or allegations, (iv) protect the security or integrity of the Service and any
facilities or equipment used to make the Service available, or (v) protect our property or other legal
rights, enforce our contracts, or protect the rights, property, or safety of others.
5. How Secure Is the Personal Data of Our Customers?
We follow the University of Gothenburg’s security standards to protect the information collected by us.
We maintain appropriate administrative, technical and physical safeguards to protect customers’
personal data against accidental or unlawful destruction, accidental loss, unauthorized alteration,
unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal
Data in our possession. This includes, for example, firewalls, password protection and other access and
authentication controls.
However, no method of transmission over the Internet, or method of electronic storage, is 100% secure.
If we learn of a security systems breach, we will inform our customers and the authorities of the
occurrence of the breach in accordance with applicable law and administrative routines.
6. What Rights Do Customers Have?
• The right in the scope of consent:
Our customers can always choose not to provide information from the beginning or not to concede
to our sharing of information with a third party. We always ask for consent from customers, through
our website, emails or privacy notice part of the Executive MBA contract, before collecting any
• The right to have information corrected:
Customers have the right to have their data updated if it is out of date, incomplete, or incorrect.
• The right to access to information:
GU Executive Education gives customers access to a broad range of information about their studies
and their interactions with the school. Examples include the transcript of record and any recorded
communication via email or letter.
• The right to data portability:
GU Executive Education supports our customers in transferring – on their demand – all information
regarding their studies such as transcript of records to other schools and universities.
• The right to be forgotten:
Customers who are no longer customers can withdraw their consent from GU Executive Education
to use their personal data, and have the right to have their data deleted.
• The right to be notified
If a data breach has occurred which compromises customers’ personal data, the customers will be
informed within 72 hours of first having become aware of the breach.