Updated February 12, 2021
This Disclosure provides information about the processing by Harvard Business School Online of data about individuals located in the European Union, Iceland, Liechtenstein or Norway (the “European Economic Area” or “EEA”), when our processing is within the scope of the European Union’s General Data Protection Regulation (“GDPR”).
This Disclosure also provides information about the processing by Harvard Business School Online of data about individuals located in the United Kingdom (which has left the European Union but has adopted a law substantially similar to the GDPR), when our processing is within the scope of that law, the Data Protection Act 2018.
For purposes of this Disclosure, “Applicable Privacy Law” refers to the GDPR, with respect to individuals located in the EEA, and to the UK Data Protection Act 2018, with respect to individuals in the United Kingdom.
In this Disclosure, “Personal Data” means information relating to an identified or identifiable individual; an identifiable individual is one who can be identified, directly or indirectly, by use of any identifier or factor specific to that individual.
This Disclosure describes how you can exercise your rights under the Applicable Privacy Law if you are located in the EEA or the United Kingdom and how we comply with the applicable law, when our processing of your Personal Data is within its scope.
The information in this Disclosure supplements the information contained in our Privacy Notice and Terms of Use. Capitalized terms used and not defined in this Disclosure have the meanings provided or referred to in our Privacy Notice.
Legal Basis of Processing
Harvard Business School Online collects and processes your Personal Data as set out in our Privacy Notice, which also describes the purposes of processing and our legitimate interests. Our legal basis for processing your Personal Data when subject to the Applicable Privacy Law is our legitimate interests (for example providing educational offerings and providing information about these offerings); to process transactions requested by you and meet our contractual obligations (for example, processing your payments, delivering our programs and evaluating your performance); as necessary to comply with a legal obligation (for example, responding to a subpoena); as necessary for the performance of tasks we carry out in the public interest (for example, furthering research and understanding in fields of academic study); or on the basis of your consent, where applicable.
Certain Rights
You have the right in certain cases, with respect to Personal Data subject to Applicable Privacy Law, to:
- Obtain details of how your Personal Data is collected and used. Harvard Business School Online does this in our Privacy Notice.
- Obtain copies of Personal Data that an organization holds on you. The majority of the Personal Data that Harvard Business School Online holds on you is given to us by you. However, if you would like more information on this, please contact us as shown under the heading ‘Contact Us’ below.
- Have incorrect or incomplete data corrected. We encourage our participants to keep their information up to date. If any of your information changes, please let us know.
- Have your data erased by an organization in certain circumstances, subject to certain limitations.
- Obtain your data from an organization where it is processed by automated means and have it transmitted to other organizations.
- Object to the collection and use of your data in certain circumstances. If you have registered for one of our programs or services, Harvard Business School Online needs the Personal Data we request to deliver the program to you. See our Privacy Notice for more details.
- Withdraw your consent where processing is based on your consent.
- Not be subject to automated decision making, including profiling, in certain circumstances. We may, for example, employ automated profiling techniques to recommend content that may interest you. If you wish to obtain human intervention into the recommendation process, you can contact us as set forth in the “Contact Us” section below.
Retention of Information
Harvard Business School Online will retain your Personal Data for as long as is necessary for the purposes set out in our Privacy Notice unless a longer period is required under applicable law or is needed to resolve disputes or protect our legal rights or otherwise to comply with legal obligations.
Where we are processing Personal Data based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.
Where we are processing Personal Data based on your consent, we generally will retain the information for the period of time necessary to carry out the processing activities to which you consented, subject to your right, under certain circumstances, to have certain of your Personal Data erased (see “Certain Rights” above).
Where we are processing Personal Data based on the public interest, we generally retain the information for the period of time that continues to serve that underlying interest.
Where we are processing Personal Data based on our legitimate interests, we generally will retain the data for a reasonable period of time-based on the particular interest, taking into account the fundamental interests and the rights and freedoms of the data subjects. In some cases, where Personal Data was primarily processed and retained on the basis of consent, contract, or other bases described in these Disclosures, we may continue thereafter to retain the data based on a legitimate interest.
International Data Transfers
In the event we collect any of your Personal Data in the EEA or the United Kingdom, we may transfer the data outside the European Economic Area and United Kingdom relying on appropriate or suitable safeguards or specific derogations recognized under data protection laws, including Applicable Privacy Law. We may use Standard Contractual Clauses when transferring Personal Data from a country in the EEA or from the UK to a country outside the EEA or the UK. If so and your Personal Data are affected, you can request a copy of the Standard Contractual Clauses relevant to your Personal Data by contacting us as set forth in the “Contact Us” section below.
Updating this Disclosure
We may update this Disclosure from time to time without prior notice by posting revised Disclosures to this site. This Disclosure was last updated as of February 12, 2021.
Representatives
We have designated Harvard Global Research Support Centre Ireland Designated Activity Company as our representative in the European Union under the GDPR. You may contact our representative as follows:
Email: GDPRrepresentative@harvard.edu
Address: Harvard Global Research Support Centre Ireland
Attention: GDPR Representative
10 Earlsfort Terrace
Dublin 2
D02 T380
Ireland
We have designated Harvard Global UK as our representative in the UK under the Data Protection Act 2018. You may contact our representative as follows:
Email: GDPRrepresentative@harvard.edu
Address: Harvard Global UK
Attention: Data Protection Representative
71 Queen Victoria Street
London, United Kingdom
Contact Us
If you have any requests, questions, comments, or complaints regarding the handling of your Personal Data please reach out to hbsonlineprivacy@hbs.edu. You also have the right to make a complaint with your national data protection authority (i.e., supervisory authority).
***
The disclosures in this document and our Privacy Notice are in lieu of Harvard’s Additional EEA Privacy Disclosures, which do not apply to these Harvard Business School Online data processing activities.