Trainero Oy (2163165-3)
Karhumäentie 3
01530 Vantaa
Finland

Janne Rantala
privacy@trainero.com

Legitimate interest

The purpose of the register is to maintain the organization’s customer register, manage, archive, and process customer orders, and manage the customer relationship.

The information can be used to develop operations, for statistical purposes, and to produce more personalized targeted content on our online services. Personal data is processed within the limits permitted and required by the data protection regulation.

The data in the register can be used in the organization’s own registers, for example, for targeted advertising without disclosing personal data to third parties. The organization may use partners to maintain the customer and service relationship, in which case parts of the register data may be transferred to the partner’s servers due to technical requirements.

The legitimate interest of the controller to process the collected and used personal data is based on the freedom to conduct business. The controller needs to process personal data to perform business-related tasks. In this context, the processing of personal data cannot necessarily be justified based on a statutory obligation or a contract with the individual.

In the balancing test, the controller has found that the legitimate interest is the most appropriate basis for processing, considering the nature and scope of the processing and the realization of the rights and freedoms of the data subjects.

The controller has assessed that the activities based on legitimate interest do not cause serious harm to the rights and freedoms of the individuals (data subjects) concerned.

Name, represented organization, contact details, billing information.

The controller’s personnel and outsourcing partners (financial administration) as appropriate.

The personal register contains the following information:

• First and last name
• Represented organization
• Email address
• Postal address
• Phone number
• Website address
• IP number
• Information about previous orders

Information is obtained from customer registrations and notifications made by the customer during the customer relationship. Name and contact information updates are also obtained from update services provided by authorities and companies.

Information can also be obtained from subcontractors related to the use or production of the service. Information about customers’ other activities in the digital environment can be obtained from the websites of partners, information systems, or other digital sources logged into via electronic invitations, cookies, or using customer-provided credentials.

The customer register information is only used by the organization, except when using an external service provider to produce an added value service or support a credit decision.

Information is not disclosed outside the organization or to its partners, except in matters related to credit applications, collections, or invoicing, and as required by legislation. The personal data of the registered person is deleted upon the user’s request unless legislation, open invoices, or collection actions prevent the deletion of the data.

2 years from the end of the customer relationship.

The customer register information is only used by the organization, except when using an external service provider to produce an added value service or support a credit decision.

Information is not disclosed outside the controller or to its partners, except in matters related to credit applications, collections, or invoicing, and as required by legislation. The personal data of the registered person is deleted upon the user’s request unless legislation, open invoices, or collection actions prevent the deletion of the data.

The data in the register is not regularly transferred outside the EU or EEA. However, it is possible that service providers outside the EU/EEA are used in processing, or that the service providers’ cloud servers are located outside the EU/EEA. In such cases, standard contractual clauses (SCCs) are used as the basis for the transfer, and additional safeguards are implemented, such as internal guidelines (on pseudonymization of personal data and similar) and possibly a TIA analysis if required by the situation.

When the organization processing personal data is committed to the EU-USA data privacy framework (DPF), it is used as the basis for the transfer during its validity.

Contact information and other manually processed customer data collected during customer events are stored in locked and fireproof storage facilities after initial processing.

Only designated employees who have signed a confidentiality agreement have the right to handle manually stored customer data.

The protection and processing of register data comply with data protection law provisions and principles, authority regulations, and good data processing practices.

Only designated employees of the organization and companies acting on its behalf have the right to use and maintain the customer owner and customer register. Each designated user has a personal user ID and password.

Each user has signed a confidentiality agreement. The system is protected by a firewall that protects against external contacts to the system.

The protection and processing of register data comply with data protection law provisions and principles, authority regulations, and good data processing practices.

We use cookies on our site. A cookie is a small text file sent to and stored on the user’s computer. Cookies do not harm users’ computers or files. The primary purpose of using cookies is to improve and customize the visitor’s experience on the site and to analyze and improve the functionality and content of the site.

The data subject has the right to check what information is stored about them in the register. The inspection request must be made in writing by contacting the controller’s customer service or the contact person for the register in Finnish or English. The inspection request must be signed or made from a verifiable email address.

The data subject has the right to prohibit the processing and disclosure of their data for direct marketing, distance selling, direct marketing, and market and opinion research by contacting the controller’s customer service point.

The data subject has the right to transfer their data from one system to another. The transfer request can be addressed to the contact person for the register.

Incorrect, unnecessary, incomplete, or outdated personal data in the register must be corrected, deleted, or supplemented.

A correction request must be made in writing, signed by hand, or from a verifiable email address to the organization’s customer service or the personal register maintainer.

The request must specify which data is required to be corrected and on what basis. The correction will be implemented without delay.

The correction of the error is notified to the person from whom the incorrect data was received or to whom the data was disclosed. If the correction request is denied, the responsible person of the register provides a written certificate stating the reasons for the denial. The concerned person can submit the denial for a decision by the data protection authority.

The data subject has the right to request restriction of data processing, for example, if the personal data in the register is incorrect. Contacts should be directed to the responsible person for the register.

The data subject has the right to request their personal data and the right to request correction or deletion of personal data. Requests can be addressed to the contact person for the register.

If you act as a contact person for a company or organization, your data cannot be deleted during this period.

If you believe that the processing of your personal data violates the data protection regulation, you have the right to file a complaint with a supervisory authority.

You can also file a complaint in the member state where you have your permanent residence or workplace.

The contact details of the national supervisory authority are:
Office of the Data Protection Ombudsman
Visiting address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: PO Box 800, 00531 Helsinki
Switchboard: 029 566 6700
Registry: 029 566 6768
tietosuoja@om.fi
www.tietosuoja.fi

The data subject has the right to prohibit the disclosure and processing of their data for direct marketing and other marketing purposes, to request the anonymization of data as appropriate, and the right to be completely forgotten.