Privacypolicy

Last revised: May 14th, 2018.

Introduction

Hyper Island wants all of its online visitors to be confident that we process information about you in accordance with applicable privacy legislation. Our Privacy Policy describes how Hyper Island handles and protects your personal data in our capacity as a data controller. It also describes your rights and how to proceed in case you wish to exercise them. Customers who subscribe to Hyper Island services, such as students to our courses, are contractually obligated to comply with the agreement, terms and conditions. Please see our general terms and conditions for more information about our data processing when you apply to a Hyper Island course.

Hyper Island is committed to respecting your privacy and protecting your personal data – any information that may identify you as an individual person (such as name, address, pictures, IP-number) and which is collected via our digital channels, such as our website, mobile apps and/or other future digital contact interfaces which links to this Privacy Policy.

It is important to us at Hyper Island that you feel safe in our processing of your personal data. Hyper Island would never knowingly sell or release your personal data to another party in other ways than as follows from this Privacy Policy and you are always welcome to contact Hyper Island if you have any questions.

You will find information about how to contact Hyper Island below.

We welcome you to visit all digital channels managed by Hyper Island and you do not need to provide any personal data to visit them. However, please be aware that if you do not provide some requested information, access to certain services or parts of our digital channels and certain social media channels may be restricted.

Personal Data Processing

What personal data does hyper island process about you and for what purposes?

Purpose Type of processing Categories of personal data
Application to one of our courses - Identification- Correspondence regarding the application procedure.- Handling of payment such as forward invoices (this may also include control of payment history and collection of credit information) and the use of third-party PCI-compliant service providers.- Internal record keeping and audits. Name, email, invoice address, phone number, resident country, credit card details, correspondence.

The legal ground for processing is the performance of the agreement with you. Data collection is required to fulfill our rights and obligations under the agreement with you (please see our Terms & Conditions). Should the requested information not be provided, Hyper Island may not be able to fulfill its obligations according to the agreement and may therefore deny your application.

The retention period is 36 months following collection of the data.

Purpose Type of processing Categories of personal data
Application to one of our programs - Identification- Correspondence regarding the application procedure.- Necessary program entry requirement control legally required and stipulated by Hyper Island.-Internal record keeping and audits. - Surveys, research and analysis exercises undertaken by governmental or other agencies. Name, email, phone number, address, nationality, resident country, visa requirements (including passport copy), gender, date of birth, certificate(s) to prove program-entry requirements, grades, photo, CV, publicly available information from social media and other online sources.

The legal ground for processing is the performance of the agreement with you. Data collection is required to fulfill our rights and obligations under the agreement with you (please see our Terms & Conditions). Should the requested information not be provided, Hyper Island may not be able to fulfill its obligations according to the agreement and may therefore deny your application.

The retention period lastuntil you have been accepted/declined entry to the course and as necessary to comply with any such legal obligation to which Hyper Island is subject.

Purpose Type of processing Categories of personal data
Compliance with legal obligations -Necessary administration for fulfillment of the company's legal obligations (e.g. laws and regulations related to bookkeeping, tax payments, school regulations, Statistics Sweden, Swedish Board of Student Finance). Name, email, personal identification number, address, phone number.

The legal ground for processing is compliance with legal obligations to which Hyper Island is subject. The processing is necessary to fulfill our legal obligations. In case data is not provided Hyper Island may not approve your application.

The retention period as legally required (e.g. 7 years under the Swedish Bookkeeping Act, 10 years under the UK Companies Act, 2 years following graduation from course/program under applicable school laws,).

Purpose Type of processing Categories of personal data
Customer and student service. -Questions regarding grades, courses, programs etc. via phone or digital channels (incl. social media). - Identification. - Claims and support (incl. technical support).- Download of syllabus. Name, contact info (phone number, email, address), personal identification number, your correspondence, info about your purchase and potential error/complaints.

The legal ground for processing this data is legitimate interest. The processing is necessary to administer yours and our need to process customer/student service matters. The secondary reason is consent where you have provided your consent to receive a requested syllabus and product related information.

The retention period is 36 months following collection of the data or the consent is revoked.

Purpose Type of processing Categories of personal data
Administration of invitations to events and newsletters. - Identification.- Correspondence, surveys and evaluation regarding the event such as confirmation of registration, requests and evaluations. Name, contact info (phone number, email, address), personal identification number, information from evaluations and other personal preferences.

The legal ground for processing this data is legitimate interest. The processing is necessary to adhere to our and our customers' legitimate interest to evaluate, develop and improve our services and systems. The secondary reason is consent where you have provided your consent to receive our invitations and newsletters.

The retention period is 36 months following collection of the data or consent is revoked.

Purpose Type of processing Categories of personal data
Direct marketing - Direct marketing (by Hyper Island or through our external partners). Name, email, phone number, address, navigational information such as information about your computer and your visits to this website including your IP address, geographical location, browser type, referral source, length of visit and pages viewed, correspondence and feedback regarding our services.

The legal ground for processing this data is legitimate interest. The processing is necessary to adhere to our and our customers' legitimate interest to evaluate, develop and improve our services and systems.

The retention period lasts for 36 months following the end of the course/program or consent is revoked

Purpose Type of processing Categories of personal data
Evaluate, develop and improve our services and systems for our customers in general. - Improve visitors' browsing experience by personalizing the website and improve our services.- Administration of our website and our relationship with you including to provide services to you which you may request from Hyper Island and/or to provide and monitor our services to you.- Conducting optional online surveys (e.g. to receive feedback regarding the quality of our service)-Establish material for improvement of our services such as courses and programs.- Provide our customers the possibility to improve our services. -Development of material to improve our IT systems with the purpose of raising the security for the company and our visitors. Based on the data Hyper Island collects (e.g., purchase history, age and gender) Hyper Island may carry out analysis that may include you being sorted into a customer segment. The analysis is however never carried out on an individual level. The result from the analysis is used for improving out services and developing our webpage. Age, residence, correspondence/feedback, purchase and user generating data (incl. click and visit history), technical data such as browser type, domain names, internet service provider (ISP) etc.), info about your interaction with Hyper Island(log data, how long different pages have been reviewed, answering times, download errors, how you reach and leave the service etc.) Navigational Information such as information about your computer and your visits to this website including your IP address, geographical location, browser type, referral source, length of visit and pages viewed. Correspondence and feedback regarding our services.

The legal ground for processing this data islegitimate interest. The processing is necessary to adhere to our and our customers' legitimate interest to evaluate, develop and improve our services and systems.

The retention period is 36 months following collection of the data.

Purpose Type of processing Categories of personal data
Prevent misuse of a service or prevention and investigation of a criminal offence against Hyper Island. - Prevent spam, phishing, harassment, incorrect logins to user accounts or similar activities etc. -Development and improvement of our IT systems with the purpose of raising the security forthe company and our visitors. Age, residence, correspondence/feedback, purchase and user generating data (incl. click and visit history), technical data (incl. IP number, web installments, operating system, screen resolutions, platform), info about your interaction with Hyper Island (log data, how long different pages have been reviewed, answering times, download errors, how you reach and leave the service etc.) Navigational Information such as information about your computer and your visits to this website including your IP address, geographical location, browser type, referral source, length of visit and pages viewed. Correspondence and feedback regarding our services.

The legal ground for processing is the legal obligation to which Hyper Island is subject or Legitimate Interest. Where no legal obligation exists, the processing is necessary to adhere to our legitimate interest of preventing misuse of a service or to prevent and investigate criminal offenses against Hyper Island.

The retention period lasts for 36 months following collection of the data.

Sensitive Personal Data and Personal Identification Numbers

Sensitive personal data includes any information that reveals your race or ethnicity, political views, religious or philosophical beliefs, membership in a trade union, as well as personal data regarding your health or private life.

Hyper Island may process the following sensitive personal data when carrying out our services:Personal identification number, copy of passport, emergency contact details, as stated above. Sensitive personal data may be collected from you if you purchase our services or choose to attend our courses, programs and/or events (or other sessions or events organised by Hyper Island or on our behalf). You may in such case choose to submit your sensitive personal data to Hyper Island about, for example, your special learning needs or dietary requirements.

Personal identification numbers are only processed when needed to ensure your identification or if strictly needed. Hyper Island limits the use of personal identification numbers.

Hyper Island has additional measures in place to protect sensitive personal data, personal identification numbers, and confidentiality. Hyper Island will use your sensitive personal data to deliver our services to you, meet your requirements, or deal with any requests made by you. Personal data and other sensitive information, such as credit card numbers and/or location data, collected on our website and/or transmitted to other websites is protected through the use of encryption such as the Secure Socket Layer (SSL) protocol.

Hyper Island will only disclose your sensitive personal data to the third parties as referred to in this Privacy Policy or where Hyper Island considers it absolutely necessary – such as to establish appropriate security or confidentiality obligations.

Sources of Information

Generally speaking, Hyper Island only processes data you have providedor that Hyper Island registers based on your purchases and the use of our services. In certain cases, Hyper Island may supplement this data with information from third parties for the purpose of evaluating and improving our digital channels and services.

The information that Hyper Island collect from third parties is as follows: 1) Address information from public registries to ensure we have the right address; 2) Information from social media for marketing or anti-fraud purposes.

Information to Other Parties

DATA PROCESSORS

Other than as provided in this Privacy Policy, Hyper Island will not knowingly share personal datayou provide with any third party. In cases where it is necessary for Hyper Island to carry out our services, we may retain external suppliers (processors) for services in connection to our digital channels or the services. These suppliers may process personal data and sometimes require limited access to personal data collected via our digital channels or services. Hyper Island uses the following types of suppliers:

  1. Payment solutions (banks, other payment service providers);
  2. Marketing (social media, media agencies, advertising services, CRM providers);
  3. IT (companies that handle necessary operations, technical support and maintenance of our IT solutions such as Google);
  4. Events, statistics and surveys (companies that handle evaluations, statistics and surveys of our services).

Hyper Island endeavors to limit third-party access and only share information that is necessary to enable suppliers to carry out their work. Hyper Island always checks that our suppliers can meet our high standards and provide sufficient safeguards and require them toprotect your personal data in accordance with this Privacy Policy and refrain from using or disclosing your personal data for any purpose other than providing Hyper Island with the agreed product or services.

OTHER DATA CONTROLLERS

Hyper Island may also share your personal data with companies that are independent data controllers. This may include:

  1. Government agencies (Swedish National Agency for Higher Vocational Education, the Swedish Board of Student Finance, the Legal, Financial and Administrative Services Agency, Statistic Sweden, Teesside University, YH, tax authorities, or other authorities) if Hyper Island is required to do so by law;
  2. Companies offering payment solutions and student benefits (banks and other payment service providers).

When personal data is shared with an independent data controller, this Privacy Policy is no longer applicable.

Transfers to Third Countries

Hyper Island strives at all times to keep personal data within the European Economic Area (EEA) but engage suppliers located outside of the EEA such as Google and Hubspot.

During support and maintenance, Hyper Island may have to transfer the information outside of EEA, also when Hyper Island shares data with our group companies in order to carry out our services.

Any such data will always be kept to a minimum relevant for the purpose. No matter where your personal data is transferred Hyper Island always take appropriate technical and organizational measures to ensure that the security level is the same as in the EEA and at an adequate security level, for example by using the EU Commission's Standard Clauses or ensure that the supplier is Privacy-Shield registered.

Amendments to the Privacy Policy

Hyper Island reserves the right to change this Privacy Policy. Changes to the terms of the policy will be notified on hyperisland.com, one month before the change of terms enters into force. The current terms and conditions are available at https://www.hyperisland.com/privacy-policy

You should not supply Hyper Island with any personal data if you do not accept changes which are made to this Privacy Policy.

Deletion of Data

Personal data will not be stored for longer than is necessary in light of the purposes of the processing and, in general, Hyper Island will delete personal data in the manner which follows from applicable legislation and in accordance with our Retention Policy. Where information is known to be unreliable, irrelevant or excessive, it will be securely deleted or access will be removed, as soon as is reasonably possible.

Your Rights

You are entitled once each year and free of charge to request information regarding the personal data, if any, about you which Hyper Island processes and to have any erroneous information corrected. Please note that Hyper Island may request additional details about you in order to ensure secure and effective handling of your request and to ensure that the information is provided to the correct person.

Should you have reason to believe that any personal data that Hyper Island holds about you is inaccurate, please let us know and we will update the information.

You may request us to delete personal data we hold about you. For example, if the information is no longer necessary to fulfill the purpose they were collected for, they are processed in an illegal way, or you opt out from direct marketing. Please note that, when legally required, Hyper Island could decline your request, for example if the data is needed for tax or bookkeeping purposes, or are necessary to defend legal claims.

You also have the right to request limitations of the processing of your personal data. In such cases, Hyper Island may need to investigate the situation further prior to reaching a decision. Please be aware that you always have a right to opt out from direct marketing activities and request limitation of processing based on legitimate interest – including potential profiling for direct marketing purposes.

When you provide Hyper Island either with your consent, or the processing is based on fulfillment of an agreement with you, you have, during certain circumstances a right to have your data transferred to another data controller. This requires that the transfer is technically possible and may be carried out automatically.

If you would like to know how Hyper Island processes personal data, send a written and signed request to Hyper Island. You will find our contact information below.

Links

Our digital channels may include links to websites which are provided by other group companies or companies which do not belong to the Hyper Island group. This Privacy Policy shall not apply to such websites. You should therefore review the privacy policy of any such website before you provide personal data.

Security

Hyper Island takes all appropriate technical and organizational security measures which are necessary to the safeguard personal data against unauthorized access, modification, or destruction. However, providing personal data over digital channels always entails a risk since it is not possible to completely protect technical systems from unauthorized access.

Information About Children

The Hyper Island website is not intended for, or targeted at, children under the age of 13 years old and Hyper Island never knowingly or intentionally collect information about children under this age. If you believe that Hyper Island has collected information about a child, please contact us at: privacyofficer@hyperisland.com to request deletion of the information.

Social Media and External Websites

The Hyper Island website includes social media features, such as a Facebook 'Like' button and also widgets, such as the 'Share this' button, or interactive mini-programs that run on our website. These features may collect your IP address, which pages you visit on our website, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by third parties or directly on our website. This Privacy Policy does not apply to these features. Your interactions with these features are governed by their privacy policies and other routines of the companies providing them.

Our website may provide hyperlinks to other websites. Hyper Island does not control, and is not responsible for, the content or practices of other websites.

Cookies & Technologies

Cookies are a small text file consisting of letters and numbers sent from our web server and stored on your browser or device.

They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The cookies Hyper Island uses usually improve the services Hyper Island offers you. Some of the Hyper Island services need cookies to work properly, while others improve the services for you. Hyper Island uses cookies for overall analytical information regarding your use of Hyper Island services. Hyper Island uses cookies to save functional settings such as language and other tasks. Hyper Island also uses cookies that allow Hyper Island to target relevant marketing to you. Cookies allow Hyper Island to understand who has seen which pages, and to determine the most popular areas of our web site.

Hyper Island uses cookies or similar technologies to analyze trends, administer the website, track users' movements around the website, and to gather demographic information about our user base as a whole.

Hyper Island uses different cookies: Session cookies are a temporary cookie that ends when you close your browser or device. Permanent cookies are cookies that remain on your computer until you delete them or expire. Prebook cookies are set by the site you visit. Third party cookies are cookies set by a third party site. At Hyper Island, these are primarily used for analysis (such as Google Analytics) Similar techniques are techniques that store information in your browser or device in a manner similar to cookies.

Use of Google Analytics

As part of Hyper Island's marketing, Hyper Island analyzes information about the use of hyperisland.com and activity on Hyper Island's pages on social media. For example, using Google Analytics, we will analyze behavior for creating more relevant ads and offers, as well as for developing Hyper Island's products and services. In addition, Google Analytics helps to evaluate the use of hyperisland.com for services related to website activities and internet usage.

How to Control Cookies

You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Hyper Island subscription service or websites you visit.

Your browser or device enables you to change the settings for usage and extent of cookies. Go to the settings of your browser or device to learn more how to adjust cookies settings. For example you may block all cookies, only accept first-party cookies or delete cookies when you close your browser. Please note that some of our services may not be working if blocking or reading cookies. You can read more about cookies on the Swedish Post and Telecom Authority website, www.pts.se (https://e-tjanster.pts.se/internet/kakor/).

You can opt out of interest based advertisements by visiting www.networkadvertising.org and www.youronlinechoices.com.

Clear Gifs (Web Beacons / Web Bugs)

Hyper Island uses software called clear gifs (also known asweb beacons or web bugs), that helps us better manage the website and subscription service by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, used to track the online movements of online users. Unlike cookies which are stored on users' computer hard drives, clear gifs are embedded invisibly on web pages or in emails and are about the size of the period at the end of this sentence. Hyper Island uses clear gifs in our HTML-based emails to let Hyper Island know which emails have been opened by recipients. This allows Hyper Island to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns. Hyper Island ties the information gathered by clear gifs in emails to our customers' personal data. If you would like to opt-out of these emails, please see the section 'Opting Out and Unsubscribing.'

Advertising

Hyper Island partners with a third party advertising network to either display advertising on our website or to manage our advertising on other websites. Our advertising network partner uses cookies and clear gifs to collect non-personal information about your activities on this and other websites to provide you targeted advertising based upon your interests. If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out by clicking here: http://preferences.truste.com/or, if located in the European Union, by clicking here: http://www.youronlinechoices.eu/. Please note this act does not opt you out of being served advertising. You will continue to receive generic ads.

The use of cookies and web beacons by any tracking utility company is not covered by our Privacy Policy. Hyper Island does not have access to or control over these third party tracking technologies.

Contact Information

If you have any questions regarding our Privacy Policy or any other question regarding our processing, please contact us:

Hyper Island Capital AB (Reg. no. 556691-6739) Telefonvägen 30 126 26 Hägersten Sweden

privacyofficer@hyperisland.com

In case your personal data is not being processed in accordance with this Privacy Policy or with the General Data Protection Regulation (EU) 2016/679, you have the right to file a complaint with Integritetsskyddsmyndigheten (former Datainspektionen) in Sweden, Information Commissioner's Office (ICO) in the UK or any other European Supervisory Authority.