Kestora College
Legal Documentation

Privacy Policy

How Kestora College handles personal data in accordance with the GDPR and Finnish data protection legislation.

1. Introduction

Kestora College is committed to protecting the privacy and personal data of its students, applicants, staff, partners, alumni, and website users. This Privacy Policy explains how Kestora College collects, uses, stores, shares, and protects personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and relevant Finnish data protection legislation.

By engaging with Kestora College, including applying for admission, enrolling in programmes, using our services, or visiting our digital platforms, you acknowledge that your personal data may be processed as described in this policy.

2. Data Controller

Kestora College acts as the data controller for personal data processed in relation to its educational, administrative, and operational activities. Contact details of the Data Protection Officer or responsible unit will be made available on the official Kestora College website.

3. Scope of This Policy

This Privacy Policy applies to all personal data processed by Kestora College, including data related to prospective students, enrolled students, graduates, staff, visiting lecturers, partners, research participants, and users of Kestora College websites, systems, and services.

4. Categories of Personal Data Collected

Kestora College may collect and process the following categories of personal data where relevant and lawful:

  • Identification data: name, date of birth, nationality, and identification numbers where required by law
  • Contact information: address, email address, telephone number, and emergency contact details
  • Application and admission data: academic background, qualifications, transcripts, and supporting documents
  • Study related data: enrolment records, course registrations, grades, credits, attendance, learning progress, and thesis information
  • Financial data: tuition fee records, payment information, scholarships, grants, and invoicing details
  • Employment related data: for staff including recruitment records, contracts, payroll information, and performance related data
  • Technical data: IP addresses, log data, device information, and usage data from digital platforms
  • Communication data: emails, messages, feedback, surveys, and support requests

Kestora College does not intentionally collect sensitive personal data unless required by law or necessary to fulfil statutory obligations.

6. Purposes of Data Processing

Kestora College processes personal data for the following purposes:

  • • Managing student admissions and academic administration
  • • Delivering educational programmes, teaching, and assessment
  • • Maintaining student records and qualifications
  • • Providing academic support and student welfare services
  • • Managing tuition fees, billing, and scholarships
  • • Conducting quality assurance and accreditation
  • • Managing human resources and employment
  • • Ensuring campus and information security
  • • Fulfilling legal reporting obligations

7. Data Retention

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal retention requirements. Retention periods are defined in accordance with Finnish archival regulations, education legislation, and internal data management policies. When personal data is no longer required, it is securely deleted or anonymised.

8. Data Sharing and Disclosure

Kestora College may share personal data with third parties only where necessary and lawful, including government authorities, educational partners, service providers, and research partners. All third parties are required to process data in accordance with law and confidentiality obligations.

9. International Data Transfers

Where personal data is transferred outside the EEA, Kestora College ensures appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses.

10. Data Security

We implement appropriate technical and organisational measures to protect data against unauthorised access, loss, or misuse. This includes access controls, encryption, and regular security reviews.

11. Data Subject Rights

Individuals have the following rights under applicable law:

  • • Right to access personal data
  • • Right to rectification
  • • Right to erasure
  • • Right to restriction of processing
  • • Right to data portability
  • • Right to object to processing
  • • Right to withdraw consent
  • • Right to lodge a complaint

    • 12. Cookies and Digital Services

    Our platforms use cookies to ensure functionality and improve user experience. Detailed info is in our separate Cookie Policy.

    13. Changes to This Policy

    This policy may be updated from time to time. The latest version will always be available on our website.

    14. Contact Information

    For questions or requests, please contact Kestora College through the official channels listed on our website.

    Data Protection Officer

    privacy@kestora.online

    Effective as of February 1, 2020.