Latest update 30.11.2021
We are delighted that you have found grit:lab, an innovative coding education which is based on the 01 edu-system pedagogy. We are committed to protecting your privacy and we will treat your information with respect.
2. WHO ARE WE
Ålands Gymnasium (ÅG) is providing grit:lab in collaboration with Ålands Penningautomatförening (Paf), and has set an agreement to arrange the processing of personal data controlled by ÅG and processed by Paf.
ÅG is the controller and responsible for all personal data collected by ÅG or by its subcontractor, and the processing thereof.
Paf is however considered a controller and responsible for the processing of your personal data connected to the protection of Paf’s information and assets. Paf is also responsible for the processing activities connected to the security of Paf’s network and for providing a safe environment and easy, controlled and secure access to Paf premises – the Campus.
2.1 Contact information
If you have any questions regarding our processing of your personal data, please feel free to contact us.
3. COLLECTION OF AND PURPOSE OF PROCESSING PERSONAL DATA
We and our subcontractors, including Paf, collect your personal data when you visit our website, through our application website and during the education. Some personal data are given directly by you and other categories of personal data are collected in connection with evaluating your progress in the application phase, during the education and through your interactions within the school.
The personal data collected from you are used for the main purpose of providing a coding education and we only collect your personal data that is adequate and relevant to the purposes for which they are collected.
We rely on a variety of legal reasons and permissions to process your personal data. You can find an overview of our objectives of processing your personal data and on which legal grounds we rely on in the table down below.
The collected personal data is used for the purposes of our service provision, within the framework of education, and in order to execute our peer-to-peer educational model.
In general, personal data is processed for the following purposes:
- Registration and test results for the purposes of admission of students and education;
- Administrative purposes, to enable access to the education;
- To manage the education details and online services to facilitate study progress monitoring;
- Communication purposes;
- Conducting general statistics; and
- Ensuring a secure student environment.
4. AUTOMATIC DECISION MAKING
We use automated decision making to validate your test results on our online application test, when you continue in the Piscine and during the full 2 year program.
Automated decision making means a decision made about a person, through algorithms applied to their personal data. However, please note that you have the right to obtain human intervention from us if you want to express your point of view or contest the automated decision.
4.1 Online application test
We use an algorithm to validate the levels of logic and memory of the candidates to allow them to go further in the application process.
The game’s algorithm of the application test evaluates the levels reached on the different games to determine if a candidate has demonstrated enough skills to continue the following selection steps.
4.2 During the Piscine and the educational program
We use a second algorithm during the Piscine to help determine which candidates are eligible for admission within grit:lab.
This algorithm is based on several criteria such as the skills, motivation, collaboration and commitment that the candidate has shown. It assesses the match between the candidate and our educational model.
Based on the evaluation criteria, ÅG will make the final decision on who will be accepted to grit:lab, and review the results during the education.
5. DISCLOSURE AND TRANSFER OF PERSONAL DATA
We process your personal data in the strictest confidence and only discloses your personal data to third parties which process the personal data on behalf of us and to persons authorised to process personal data, who have undertaken to observe confidentiality or are subject to appropriate statutory confidentiality. Otherwise, we will only share your personal data with a third party if you have given consent to such disclosure.
Where we have engaged a subcontractor, which provides services related to the processing of personal data to us, so called a processor, the subcontractor will only process the personal data in accordance with our written instructions.
We may also disclose your personal data in cases where we are required to do so by law, regulation or as a result of a request from an authority.
We always strive to process your personal data as far as possible within the European Union (EU) and the European Economic Area (EEA).
In cases where it is necessary to transfer personal data outside the EU/EEA, we have taken the necessary and reasonable legal, technical and organisational measures to ensure that the level of protection is the same as in the EU/EEA. In cases where We transfer personal data to countries outside the EU/EEA, processing is primarily supported by EU standard contractual clauses.
6. RETENTION PERIOD
We undertake to only retain your personal data as long as it is necessary to fulfil the purposes for which the personal data are processed. Thus, the retention period varies depending on the purposes for which the personal data is processed. In the table down below you will find how long we keep your personal data.
At the end of the retention period, we will proceed with the deletion of your personal data. Anonymised data will be kept for statistical purposes.
7. YOUR RIGHTS
7.1 Right to access
You are entitled to access your personal data, that is, a record of what personal data we process about you, provided that the personal data does not affect the rights and freedoms of others, or access to personal data is forbidden due to legal requirements. Please note that in cases where we receive a request for access to personal data, we may request further information from you, to ensure effective handling of the request and that disclosure of the personal data is to the correct person.
7.2 Right to rectification
You are entitled to have incorrect personal data that concerns you rectified as well as to supplement incomplete personal data.
As a student you can update and correct your contact details yourself via your account. Other data that may need to be corrected or supplemented is handled by contacting Paf.
7.3 Right to be forgotten
You are entitled to request that we delete or remove all or some of your personal data, for example, if the personal data is no longer required for the purposes it was collected or otherwise processed.
Please note that we may deny your request for deletion or removal of your personal data in cases where the processing is performed due to legal obligations or we have a compelling legitimate interest for the processing, for example security reasons, or if it is necessary for us to determine, claim or defend legal claims.
7.4 Right to object and restriction of processing
You are entitled to object to the processing of your personal data where processing is conducted for legitimate business reasons, unless we have a compelling reason to continue the processing, for example security purposes.
In the event you dispute the accuracy of your personal data or you have made an objection to the processing, have the right to require the processing of your personal data to be restricted.
7.5 Right to data portability
If the processing of your personal data is based on either your consent or on performance of an agreement between you and us, and that your personal data is provided by you and that the processing is automated, you are entitled to request that your data be transferred to another data controller.
7.6 Withdrawal of consent
In cases where we base the processing of your personal data on your consent, you can withdraw your consent at any time, at no cost. You can withdraw your consent by contacting us.
Note that the withdrawal of consent does not affect the legality of the processing that takes place before the consent is withdrawn.
7.7 Right to lodge a complaint
If you consider that our processing of your personal data does not comply with applicable data protection laws, you may submit a complaint to:
8. SECURITY MEASURES
We have taken all necessary and appropriate steps to protect your personal data from unlawful or unauthorised processing, which includes theft, deletion, alteration, disclosure and transfer of personal data. These measures include the greatest possible restriction of the circle of people that has the right to the personal data and limitation of the ability of the authorised persons to make changes, as well as technical barriers to infringement, including encryption during transmission and storage, firewalls and strict requirements for passwords.
Paf is also ISO 27001 certified.
10. FURTHER INFORMATION
For more information about ÅG’s processing of personal data, please visit:
For more information about Paf, please visit:
OBJECTIVES FOR PROCESSING PERSONAL DATA
Our objectives for processing your personal data are described in the below table.