Trainero and the GDPR

The privacy statement is an informational document required by the data protection law. Everyone has the right to know what information has been stored about them in various registers. The right to inspect information, the implementation of the right to inspect, and the correction of information are regulated by the EU General Data Protection Regulation (2016/679).

The privacy statements of the personal registers containing customer and partnership information used by Trainero Ltd are categorized into different personal registers according to their intended use.

INVOICING REGISTER

PRIVACY POLICY

CONTROLLER

Trainero Oy (2163165-3)
Karhumäentie 3
01530 Vantaa
Finland

CONTACT PERSON FOR REGISTER MATTERS

Janne Rantala
privacy@trainero.com

LEGAL BASIS FOR PROCESSING

Contract

PURPOSE OF PROCESSING PERSONAL DATA

The purpose of the register is to enable the delivery of invoices to customers. The information can be used to develop the controller’s operations.

The customer has the right to prohibit the publication of the data by notifying the controller’s customer service, by email (email address), or the contact person for the register.

The basis for processing is contractual.

CATEGORIES OF PERSONAL DATA

Name, represented organization, contact details, bank account information

RECIPIENTS AND CATEGORIES OF RECIPIENTS

The controller’s personnel and outsourcing partners as appropriate (financial administration, collection).

CONTENT OF THE REGISTER

The invoicing register contains the following information:

  • First and last name
  • Represented organization
  • Email address
  • Postal address
  • Phone number
  • Price and payment information

REGULAR SOURCES OF INFORMATION

Information is obtained from customer registrations and notifications made by the customer during the customer relationship. Name and contact information updates are also obtained from update services provided by authorities and companies. Information can also be obtained from subcontractors related to the use or production of the service.

The invoicing register information is only used by the controller, except when using an external service provider to produce an added value service, for invoicing, or to support a credit decision. Information is not disclosed outside the controller or to its partners, except in matters related to credit applications, collections, or invoicing, and as required by legislation. The personal data of the registered person is deleted upon the user’s request unless legislation, open invoices, or collection actions prevent the deletion of the data.

RETENTION PERIOD OF PERSONAL DATA

Personal data is retained for 10 years from the end of the customer relationship.

REGULAR DISCLOSURES OF INFORMATION

The invoicing register information is only used by the controller organization, except when using an external service provider to produce an added value service or to support a credit decision.

Information is not disclosed outside the controller or to its partners, except in matters related to credit applications, collections, or invoicing, and as required by legislation. The personal data of the registered person is deleted upon the user’s request unless legislation, open invoices, or collection actions prevent the deletion of the data.

TRANSFER OF DATA OUTSIDE THE EU OR EEA

The data in the register is not regularly transferred outside the EU or EEA. However, it is possible that service providers outside the EU/EEA are used in processing, or that the service providers’ cloud servers are located outside the EU/EEA. In such cases, standard contractual clauses (SCCs) are used as the basis for the transfer, and additional safeguards are implemented, such as internal guidelines (on pseudonymization of personal data and similar) and possibly a TIA analysis if required by the situation.

PRINCIPLES OF REGISTER PROTECTION A: MANUAL DATA

Contact information and other manually processed customer data collected during customer events are stored in locked and fireproof storage facilities after initial processing. Only designated employees who have signed a confidentiality agreement have the right to handle manually stored customer data.

The protection and processing of register data comply with data protection law provisions and principles, authority regulations, and good data processing practices.

PRINCIPLES OF REGISTER PROTECTION B: ELECTRONIC DATA

Only designated employees of the organization and companies acting on its behalf have the right to use and maintain the invoicing register. Each designated user has a personal user ID and password. Each user has signed a confidentiality agreement.

The system is protected by a firewall that protects against external contacts to the system.

The protection and processing of register data comply with data protection law provisions and principles, authority regulations, and good data processing practices.

COOKIES

We use cookies on our site. A cookie is a small text file sent to and stored on the user’s computer. Cookies do not harm users’ computers or files. The primary purpose of using cookies is to improve and customize the visitor’s experience on the site and to analyze and improve the functionality and content of the site.

RIGHT OF ACCESS, I.E., THE RIGHT TO OBTAIN PERSONAL DATA

The data subject has the right to check what information is stored about them in the register. The inspection request must be made in writing by contacting the controller’s customer service or from a verifiable email address.

The data subject has the right to prohibit the processing and disclosure of their data for direct marketing, distance selling, direct marketing, and market and opinion research by contacting the controller’s customer service point.

RIGHT TO REQUEST CORRECTION OF DATA

Incorrect, unnecessary, incomplete, or outdated personal data in the register must be corrected, deleted, or supplemented.

A correction request must be made in writing, signed by hand, or from a verifiable email address to the controller’s customer service or the personal register maintainer.

The request must specify which data is required to be corrected and on what basis. The correction will be implemented without delay.

The correction of the error is notified to the person from whom the incorrect data was received or to whom the data was disclosed. If the correction request is denied, the responsible person of the register provides a written certificate stating the reasons for the denial. The concerned person can submit the denial for a decision by the data protection authority.

RIGHT TO RESTRICT PROCESSING

The data subject has the right to request restriction of data processing, for example, if the personal data in the register is incorrect. Contacts should be directed to the responsible person for the register.

RIGHT TO OBJECT

The data subject has the right to request their personal data and the right to request correction or deletion of personal data. Requests can be addressed to the contact person for the register.

If you act as a contact person for a company or organization, your data cannot be deleted during this period.

RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

If you believe that the processing of your personal data violates the data protection regulation, you have the right to file a complaint with a supervisory authority.

You can also file a complaint in the member state where you have your permanent residence or workplace.

The contact details of the national supervisory authority are:
Office of the Data Protection Ombudsman
Visiting address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: PO Box 800, 00531 Helsinki
Switchboard: 029 566 6700
Registry: 029 566 6768
tietosuoja@om.fi
www.tietosuoja.fi

OTHER RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA

The data subject has the right to prohibit the disclosure and processing of their data for direct marketing and other marketing purposes, to request the anonymization of data as appropriate, and the right to be completely forgotten.

The backbone of a coaching business

For ambitious coaches, trainers, and gyms around the world, Trainero makes running a coaching business a simple, borderless, and enjoyable experience. Our Team is constantly developing the service to make it the best coaching platform ever built.

102

Different nationalities of users across the globe

6M+

Workout and diet plans created

4

Continents where Trainero's data centers are located

2008

The year when the company was established