Barona Academy

This privacy policy is valid starting from April 22, 2025.

This privacy policy is an application-specific addendum to Barona’s Employee Data Protection Notice, which is available at https://policies.barona.fi/employee-privacy-policy/.

Barona Academy is a learning environment that includes various training courses and materials intended for Barona’s personnel and customers. Training is offered through several different training platforms, and the training supports competence development and career paths at different stages of the employment relationship. Your supervisor will provide you with information about onboarding training and other Barona Academy training. 

The following personal data is processed in connection with Barona Academy: 

  • Name 
  • Email address 
  • Organisation and title 
  • Duration and type of employment 
  • Information about completed training courses  
  • Information about the use of training platforms and the access rights granted (e.g. user ID and information about logins) 
  • Device data 
  • Browser data 
  • LinkedIn profile

The purpose of processing personal data is to provide training and training materials, manage access rights to training platforms, monitor training completion and carry out communications related to Barona Academy. The processing of personal data is based on an employment contract or a legitimate interest. Personal data will be retained for a maximum of 365 days after the end of the user’s employment or service. If the user has not logged in to the system for 365 days, the data can be erased during the annual review, which is carried out at the beginning of the year. 

External service providers are used to provide training, and they process personal data on behalf of Barona. The service providers are contractually obligated to process personal data in accordance with the legislation and the data protection requirements specified by Barona. Service providers may process personal data outside the EU/EEA, e.g. in the United States or Canada. The transfer of personal data outside the EU/EEA is based on the European Commission’s data protection adequacy decision or standard contractual clauses.