Trainero and the GDPR

The privacy statement is an informational document required by the data protection law. Everyone has the right to know what information has been stored about them in various registers. The right to inspect information, the implementation of the right to inspect, and the correction of information are regulated by the EU General Data Protection Regulation (2016/679).

The privacy statements of the personal registers containing customer and partnership information used by Trainero Ltd are categorized into different personal registers according to their intended use.

CONTRACT REGISTER

PRIVACY POLICY

CONTROLLER

Trainero Oy (2163165-3)
Karhumäentie 3
01530 Vantaa
Finland

CONTACT PERSON FOR REGISTER MATTERS

Janne Rantala
privacy@trainero.com

LEGAL BASIS FOR PROCESSING

Legitimate interest

PURPOSE OF PROCESSING PERSONAL DATA

The purpose of the register is to maintain, manage, archive, and process the contracts of the organization’s customers and other stakeholders and to manage the customer relationship.

The information can be used for the controller’s operational development, statistical purposes, and to produce more personalized targeted content. Personal data is processed within the limits permitted and required by data protection laws.

The register data can be used in the controller’s own registers, for example, for targeted advertising without disclosing personal data to third parties. The organization may use partners to maintain the customer and service relationship, in which case parts of the register data may be transferred to the partner’s servers due to technical requirements. The data is processed solely for maintaining the customer relationship through technical interfaces.

BASIS OF LEGITIMATE INTEREST

The controller needs to process personal data to perform business-related tasks. In this context, the processing of personal data cannot necessarily be justified based on a statutory obligation or a contract with the individual.

In the balancing test, the controller has found that the legitimate interest is the most appropriate basis for processing, considering the nature and scope of the processing and the realization of the rights and freedoms of the data subjects.

The controller has assessed that activities based on legitimate interest do not cause serious harm to the rights and freedoms of the individuals (data subjects) concerned.

CATEGORIES OF PERSONAL DATA

Name, represented organization, contact information, matters agreed in the contract.

RECIPIENTS AND CATEGORIES OF RECIPIENTS

The controller’s personnel and outsourcing partners as appropriate (financial administration, IT administration, collection, etc.).

CONTENT OF THE REGISTER

The contract register contains the following information:

  • First and last name
  • Represented organization
  • Business ID
  • Email address
  • Postal address
  • Phone number
  • Ordered services
  • Other mutually agreed business matters

REGULAR SOURCES OF INFORMATION

Phone and other electronic communication tools.

Information can also be obtained from subcontractors related to the use or provision of the service.

Information about customers’ other activities in the digital environment can be obtained from the websites, information systems, or other digital sources of partners that are logged into via electronic invitations (link), cookies, or using customer-provided credentials.

The contract register information is only used by the controller, except when using an external service provider to produce an added value service or support a credit decision.

Information is not disclosed outside the controller or to its partners, except in matters related to credit applications, collections, or invoicing, and as required by legislation. The personal data of the registered person is deleted upon the user’s request unless legislation, open invoices, or collection actions prevent the deletion of the data.

RETENTION PERIOD OF PERSONAL DATA

Contract register information is retained for 10 years from the end of the contract.

REGULAR DISCLOSURES OF INFORMATION

The register information is only used by the controller, except when using an external service provider to produce an added value service or support a credit decision.

Information is not disclosed outside the controller or to its partners, except in matters related to credit applications, collections, or invoicing, and as required by legislation.

The personal data of the registered person is deleted upon the user’s request unless legislation, open invoices, or collection actions prevent the deletion of the data.

TRANSFER OF DATA OUTSIDE THE EU OR EEA

The data in the register is not regularly transferred outside the EU or EEA. However, it is possible that service providers outside the EU/EEA are used in processing, or that the service providers’ cloud servers are located outside the EU/EEA. In such cases, standard contractual clauses (SCCs) are used as the basis for the transfer, and additional safeguards are implemented, such as internal guidelines (on pseudonymization of personal data and similar) and possibly a TIA analysis if required by the situation.

When the organization processing personal data is committed to the EU-USA data privacy framework (DPF), it is used as the basis for the transfer during its validity.

PRINCIPLES OF REGISTER PROTECTION A: MANUAL DATA

Documents containing customer data that are processed manually (e.g., printed emails or their attachments) are stored in locked and fireproof storage facilities after initial processing. Only designated employees who have signed a confidentiality agreement have the right to handle manually stored customer data.

The protection and processing of register data comply with data protection law provisions and principles, authority regulations, and good data processing practices.

PRINCIPLES OF REGISTER PROTECTION B: ELECTRONIC DATA

Only designated employees of the organization and companies acting on its behalf have the right to use and maintain the contract register. Each designated user has a personal user ID and password. Each user has signed a confidentiality agreement.

The system is protected by a firewall that protects against external contacts to the system.

The protection and processing of register data comply with data protection law provisions and principles, authority regulations, and good data processing practices.

COOKIES

We use cookies on our site. A cookie is a small text file sent to and stored on the user’s computer. Cookies do not harm users’ computers or files. The primary purpose of using cookies is to improve and customize the visitor’s experience on the site and to analyze and improve the functionality and content of the site.

RIGHT OF ACCESS, I.E., THE RIGHT TO OBTAIN PERSONAL DATA

The data subject has the right to check what information is stored about them in the register. The inspection request must be made in writing or from a verifiable email address.

The data subject has the right to prohibit the processing and disclosure of their data for direct marketing, distance selling, direct marketing, and market and opinion research by contacting the controller’s customer service point.

RIGHT TO TRANSFER DATA FROM ONE SYSTEM TO ANOTHER

The data subject has the right to transfer their data from one system to another.

The transfer request can be addressed to the contact person for the register.

RIGHT TO REQUEST CORRECTION OF DATA

Incorrect, unnecessary, incomplete, or outdated personal data in the register must be corrected, deleted, or supplemented.

A correction request must be made in writing, signed by hand, or from a verifiable email address to the controller’s customer service.

The request must specify which data is required to be corrected and on what basis. The correction will be implemented without delay.

The correction of the error is notified to the person from whom the incorrect data was received or to whom the data was disclosed. If the correction request is denied, the responsible person of the register provides a written certificate stating the reasons for the denial. The concerned person can submit the denial for a decision by the data protection authority.

RIGHT TO RESTRICT PROCESSING

The data subject has the right to request restriction of data processing, for example, if the personal data in the register is incorrect. Contacts should be directed to the responsible person for the register.

RIGHT TO OBJECT

The data subject has the right to request their personal data and the right to request correction or deletion of personal data. Requests can be addressed to the contact person for the register.

If you act as a contact person for a company or organization, your data cannot be deleted during this period.

RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

If you believe that the processing of your personal data violates the data protection regulation, you have the right to file a complaint with a supervisory authority.

You can also file a complaint in the member state where you have your permanent residence or workplace.

The contact details of the national supervisory authority are:
Office of the Data Protection Ombudsman
Visiting address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: PO Box 800, 00531 Helsinki
Switchboard: 029 566 6700
Registry: 029 566 6768
tietosuoja@om.fi
www.tietosuoja.fi

OTHER RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA

The data subject has the right to prohibit the disclosure and processing of their data for direct marketing and other marketing purposes, to request the anonymization of data as appropriate, and the right to be completely forgotten after the contract has expired.

The backbone of a coaching business

For ambitious coaches, trainers, and gyms around the world, Trainero makes running a coaching business a simple, borderless, and enjoyable experience. Our Team is constantly developing the service to make it the best coaching platform ever built.

102

Different nationalities of users across the globe

6M+

Workout and diet plans created

4

Continents where Trainero's data centers are located

2008

The year when the company was established