A document providing information in accordance with the General Data Protection Regulation (EU) 2016/679

1. Controller

Asia Exchange Oy, Vuorikatu 3 L 3, 33100 Tampere

2. Contact point in matters related to the processing of personal data

Customer service

Tel. +358 45 322 1230

email: info@asiaexchange.org

3. Legal grounds for and the purposes of the processing of personal data

Personal data is processed on the basis of the data subject’s unambiguous consent or the Controller’s legitimate interest. Personal data is processed for the following purposes:

1) Communications with current and potential customers;

2) Direct marketing and other targeted marketing;

3) Managing stakeholder information.

4. Processed personal data

The following data is being processed for the execution of the above mentioned processing purposes:

Basic information, such as:

  • Name of the person
  • Contact information (such as home country, address, telephone number and email) ‘
  • With potential customers, disclosed preferences regarding our services
  • When representing an entity, information concerning the data subject’s employer organization and position within the entity

In addition to the basic information, also information related to the execution of the marketing as well as stakeholder meetings are processed in the marketing register, such as information concerning the meeting date and topics, phone calls and other conversations including emails, as well as information concerning executed marketing acts.

In addition, the register contains the information on direct marketing permissions or prohibitions provided by data subjects.

6. Regular sources of data

Personal data from potential customers is collected from the data subject himself/herself, for instance, when

  • The data subject contacts Asia Exchange’s customer service by filling out a contact form on the Asia Exchange website, by emailing or calling Asia Exchange’s customer service
  • The data subject subscribes to Asia Exchange’s mailing list
  • The data subject registers for Asia Exchange’s webinars
  • The data subject fills out a quiz on Asia Exchange’s website

For data subjects representing an entity and considered stakeholders, personal data may be collected and updated from public registers such as websites belonging to the said entities, or registers of organizations belonging to the same group of organizations and economic interest group with the controller at a given time, to the extent permitted by the controller’s legitimate interest or in case the data subject has consented to this.

7. Regular transfers and disclosures of data as well as transferring data outside the EU or the European Economic Area

Controller may transfer data subjects’ personal data to third parties for the execution of the processing purposes described in this document as further specified hereinafter. When personal data is transferred to an entity processing personal data on behalf of the controller (i.e. to the data processor), the controller has ensured by contractual arrangements, amongst others, that the personal data is only processed based on written instructions provided by the controller and only for such purposes that have been defined in this privacy policy, and that the access to the personal data is limited to such persons only who need to access the personal data on the basis of the tasks assigned to them.

The controller may transfer personal data to data processors for the execution of such services and tasks that the controller has assigned to them. Data processors’ tasks relate to the provision and maintenance of data systems and software as well as to the provision of other data processing services, or to the production of marketing services or other equivalent tasks closely related to sales and marketing.

The personal data is stored on servers located within the European Economic Area (EEA) as well as the United States.

The databases in which the marketing register data is stored, are protected by firewalls, passwords and other technical means. The databases and their backups are located in locked up spaces.

The controller makes sure that access to data is permitted only to those of its employees and only to those employees of the companies acting on behalf of him who have the need to access the data for the execution of the tasks assigned to them.

8. Retention period of personal data

Personal data is retained as long as its necessary for the execution of the processing purposes mentioned in this privacy policy. The retention periods are defined based on the following grounds:

  • The personal data of the data subject is stored as long as the controller has a legitimate interest to do so. The controller shall define the validity of its legitimate interest based on the use of the controller’s online services as well as based on the communication between the data subject and the controller, such as communication related to customer or stakeholder relationship.
  • The data subject’s data shall be deleted from the register in case the data subject cancels his/her permission for direct marketing or objects to the processing of his/her personal data for the purposes of direct marketing. In such case, the information regarding prohibition of direct marketing is, however, retained.
  • The data subject’s data is deleted from the register in case the data subject has requested the deletion of his/her personal data and the controller has no other ground for the processing of such data.
  • Outdated data and data that has been marked to be deleted from the register are deleted during regular database updates.

9. Rights of the data subject

The General Data Protection Regulation provides the data subject with several rights based on which the data subject can in any situation himself/herself decide on the processing of his/her personal data. The data subject may use the following rights with regard to Asia Exchange to the extent Asia Exchange acts as the controller to the personal data of the data subject in question.

  • Right of access: The data subject has the right to obtain a confirmation from the controller on whether the controller processes personal data concerning the data subject and the right to access such data. The data controller may ask the data subject to specify his/her access request, amongst others, with regard to the details of the data to be delivered.
  • Right to rectification: The data subject has the right to obtain from the controller the rectification of inaccurate personal data concerning him/her processed by the controller, or to have incomplete personal data processed by the controller to be completed.
  • Right to be forgotten: The data subject has the right to obtain from controller the erasure of personal data related to him/her and the controller has the obligation to erase such data in case there is no longer a legal ground for the processing of such data or, where the legal or contractual obligation binding the controller related to the storing of the personal data has ended or, where the data subject has withdrawn his/her consent to the processing of his/her personal data.
  • Restriction of processing: In certain cases, where so prescribed by law, the data subject may have the right to obtain from the controller restriction of processing of his/her personal data.
  • Right to data portability: The data subject may, subject to certain conditions prescribed by law, have the right to receive the personal data concerning him/her processed by the controller in a commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance from the original controller.
  • Direct marketing and the right to object to the processing of personal data for the purposes of direct marketing: The data subject has the right to object to the processing of his/her personal data by the controller for the purposes of direct marketing. In case the data subject has given the data controller his/her consent with regard to sending electronic direct marketing, the data subject can withdraw his/her consent at any time.

To access and rectify his/her data, the data subject is advised to direct the requests to the customer service of Asia Exchange (contact information to be found below). Requests concerning the erasure, portability or the objection to processing shall be directed to customer service.

Contact information of the customer service:

Vuorikatu 3 L 3, Tampere

+358 45 322 1230




Get useful tips, inspiring stories and latest news straight to your inbox

Sign up for our monthly newsletter

We'll also send you a free 30+ page University Profiles Guide!
What do you want to receive?

Your information is safe with us. Unsubscribe any time.

Asia Exchange, Vuorikatu 3 L 3 33100 Tampere, Finland
Email: info@asiaexchange.org
Tel: +358 45 322 1230, Mon-Fri, 8am-4pm (GMT +2)
WhatsApp: +358 45 322 1230

Privacy Policy

Site by Atomi

© 2007-2019 Asia Exchange

Get help in making the best decision of your life

Sign up for our free webinars!


You’ll learn:

  • Why Asia is a top study abroad destination right now
  • How to choose the right destination, university and program for you
  • The many personal and professional benefits of studying in Asia
  • How we can help you apply easily and affordably, without extra stress and worry

You’ll also have the chance ask our experts any questions you might have, live!

Tell me more!

Thanks, I’ll pass