Trainero Oy (2163165-3)
Karhumäentie 3
01530 Vantaa
Finland

Janne Rantala
privacy@trainero.com

Legitimate interest

The purpose of the register is the controller’s business operations, opening new customer relationships, and related communication.

The obtained information is used to create and maintain customer relationships and for other business needs of the controller.

The controller’s legitimate interest is targeted electronic B2B direct marketing of products and services related to the recipient’s area of responsibility within their company.

The legitimate interest of the controller to process the collected and used personal data is based on the needs for direct marketing and the freedom to conduct business. Direct marketing is a legitimate interest of the company under the EU data protection regulation.

Name, represented organization, contact information

The controller’s personnel and outsourcing partners as appropriate (financial administration, marketing, IT maintenance).

The personal register may contain the following information:

• Contact information such as name, email address, phone number
• Job-related information such as position, area of responsibility
• Employer company contact and background information
• Event information such as participation in events or contacts with sales and customer service
• Possible permissions and consents
• Any other information collected with the individual’s consent
• Information about the marketing content used by the individual (usage data):
• Sending, opening, and clicking information of marketing messages
• Usage data of the company’s website such as time, pages, and duration
• Technical information related to web usage such as IP address, browser, and related data
• Order and download information of guides and other materials
• Cookies Information inferred from usage data by analytics (derived data):
• Interests
• Lead scores indicating the activity level of content usage

• Information provided by the registered individuals themselves via the website, email, or other means
• The company’s customer register
• Public decision-maker registers, public websites of companies, online social networks, or other similar registers where contact information of company representatives can be obtained.

We retain personal data only as long as necessary for the purposes defined above in accordance with the applicable legislation.

Usage data related to targeted direct marketing emails and content on the company’s website is automatically deleted periodically.

The register information is only used by the controller and its personnel, except when using an external service provider to produce an added value service or support a credit decision.

Information is not disclosed outside the organization maintaining the register or its partners, except in matters related to credit applications, collections, or invoicing, and as required by legislation.

The personal data of the registered person is deleted upon the user’s request unless legislation, customer relationship management, open invoices, or collection actions prevent the deletion of the data.

The data in the register is not regularly transferred outside the EU or EEA. However, it is possible that service providers outside the EU/EEA are used in processing, or that the service providers’ cloud servers are located outside the EU/EEA. In such cases, standard contractual clauses (SCCs) are used as the basis for the transfer, and additional safeguards are implemented, such as internal guidelines (on pseudonymization of personal data and similar) and possibly a TIA analysis if required by the situation.

When the organization processing personal data is committed to the EU-USA data privacy framework (DPF), it is used as the basis for the transfer during its validity.

Documents containing customer data that are processed manually (e.g., printed emails or their attachments, printed web forms, or similar) are stored in locked and fireproof storage facilities after initial processing.

Only designated employees who have signed a confidentiality agreement have the right to handle manually stored customer data.

The protection and processing of register data comply with data protection law provisions and principles, authority regulations, and good data processing practices.

Only designated employees of the organization and companies acting on its behalf have the right to use, for example, workstations whose software can maintain data on potential customers. Each designated user has a personal user ID and password. Each user has signed a confidentiality agreement.

The system is protected by a firewall that protects against external contacts to the system, and workstations are protected with appropriate security software.

The protection and processing of register data comply with data protection law provisions and principles, authority regulations, and good data processing practices.

We use cookies on our site. A cookie is a small text file sent to and stored on the user’s computer. Cookies do not harm users’ computers or files. The primary purpose of using cookies is to improve and customize the visitor’s experience on the site and to analyze and improve the functionality and content of the site.

The data subject has the right to check what information is stored about them in the register. The request must be made in writing or from a verifiable email address.

The data subject has the right to prohibit the processing and disclosure of their data for direct marketing, distance selling, direct marketing, and market and opinion research by contacting the controller’s customer service point.

The data subject has the right to transfer their data from one system to another.

The transfer request can be addressed to the contact person for the register.

Incorrect, unnecessary, incomplete, or outdated personal data in the register must be corrected, deleted, or supplemented.

A request must be made in writing or from a verifiable email address.

The request must specify which data is required to be corrected and on what basis. The correction will be implemented without delay.

The correction of the error is notified to the person from whom the incorrect data was received or to whom the data was disclosed. If the correction request is denied, the responsible person of the register provides a written certificate stating the reasons for the denial. The concerned person can submit the denial for a decision by the data protection authority.

The data subject has the right to request restriction of data processing, for example, if the personal data in the register is incorrect. Contacts should be directed to the responsible person for the register.

The data subject has the right to request their personal data and the right to request correction or deletion of personal data. Requests can be addressed to the contact person for the register.

If you act as a contact person for a company or organization, your data cannot be deleted during this period.

If you believe that the processing of your personal data violates the data protection regulation, you have the right to file a complaint with a supervisory authority.

You can also file a complaint in the member state where you have your permanent residence or workplace.

The contact details of the national supervisory authority are:
Office of the Data Protection Ombudsman
Visiting address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: PO Box 800, 00531 Helsinki
Switchboard: 029 566 6700
Registry: 029 566 6768
tietosuoja@om.fi
www.tietosuoja.fi

The data subject has the right to prohibit the disclosure and processing of their data for direct marketing and other marketing purposes, to request the anonymization of data as appropriate, and the right to be completely forgotten.