Trainero and the GDPR
The privacy statement is an informational document required by the data protection law. Everyone has the right to know what information has been stored about them in various registers. The right to inspect information, the implementation of the right to inspect, and the correction of information are regulated by the EU General Data Protection Regulation (2016/679).
The privacy statements of the personal registers containing customer and partnership information used by Trainero Ltd are categorized into different personal registers according to their intended use.
- Customer Register B2B
- Invoicing Register
- Prospects and Potential Customers
- Recruitment Register
- Electronic Communications Register
- Contract Register
- Newsletter Register
PROSPECTS AND POTENTIAL CUSTOMERS
PRIVACY POLICYCONTROLLER
Trainero Oy (2163165-3)
Karhumäentie 3
01530 Vantaa
Finland
CONTACT PERSON FOR REGISTER MATTERS
Janne Rantala
privacy@trainero.com
LEGAL BASIS FOR PROCESSING
Legitimate interest
PURPOSE OF PROCESSING PERSONAL DATA
The purpose of the register is the controller’s business operations, opening new customer relationships, and related communication.
The obtained information is used to create and maintain customer relationships and for other business needs of the controller.
BASIS OF LEGITIMATE INTEREST
The legitimate interest of the controller to process the collected and used personal data is based on the needs for direct marketing and the freedom to conduct business.
Direct marketing is a legitimate interest of the company under the EU data protection regulation. The controller needs to process personal data to perform business-related tasks. In this context, the processing of personal data cannot necessarily be justified based on a statutory obligation or a contract with the individual.
In the balancing test, the controller has found that the legitimate interest is the most appropriate basis for processing, considering the nature and scope of the processing and the realization of the rights and freedoms of the data subjects.
The controller has assessed that activities based on legitimate interest do not cause serious harm to the rights and freedoms of the individuals (data subjects) concerned.
CATEGORIES OF PERSONAL DATA
Name, represented organization, contact details
RECIPIENTS AND CATEGORIES OF RECIPIENTS
The controller’s personnel and outsourcing partners as appropriate (financial administration, marketing, IT maintenance).
CONTENT OF THE REGISTER
The personal register contains the following information:
- First and last name
- Represented organization
- Email address
- Postal address
- Phone number
- Website address
- IP number
- Information about previous orders
- Discussion details from customer negotiations
REGULAR SOURCES OF INFORMATION
Information is obtained from emails received from the customer, business cards, phone calls, or physical meetings.
Information can also be obtained from other stakeholders, such as mass communication, marketing, contact forms on websites, or similar sources.
Information is not disclosed outside the organization maintaining the register or its partners, except in matters related to credit applications, collections, or invoicing, and as required by legislation. The personal data of the registered person is deleted upon the user’s request unless legislation, customer relationship management, open invoices, or collection actions prevent the deletion of the data.
RETENTION PERIOD OF PERSONAL DATA
We retain personal data only as long as necessary for the purposes defined above in accordance with the applicable legislation.
REGULAR DISCLOSURES OF INFORMATION
The information in the register is only used by the controller and its personnel, except when using an external service provider to produce an added value service or to support a credit decision.
Information is not disclosed outside the organization maintaining the register or its partners, except in matters related to credit applications, collections, or invoicing, and as required by legislation.
The personal data of the registered person is deleted upon the user’s request unless legislation, customer relationship management, open invoices, or collection actions prevent the deletion of the data.
TRANSFER OF DATA OUTSIDE THE EU OR EEA
The data in the register is not regularly transferred outside the EU or EEA. However, it is possible that service providers outside the EU/EEA are used in processing, or that the service providers’ cloud servers are located outside the EU/EEA. In such cases, standard contractual clauses (SCCs) are used as the basis for the transfer, and additional safeguards are implemented, such as internal guidelines (on pseudonymization of personal data and similar) and possibly a TIA analysis if required by the situation. When the organization processing personal data is committed to the EU-USA data privacy framework (DPF), it is used as the basis for the transfer during its validity.
PRINCIPLES OF REGISTER PROTECTION A: MANUAL DATA
Documents containing customer data that are processed manually (e.g., printed emails or their attachments, printed web forms, or similar) are stored in locked and fireproof storage facilities after initial processing.
Only designated employees who have signed a confidentiality agreement have the right to handle manually stored customer data.
The protection and processing of register data comply with data protection law provisions and principles, authority regulations, and good data processing practices.
PRINCIPLES OF REGISTER PROTECTION B: ELECTRONIC DATA
Only designated employees of the organization and companies acting on its behalf have the right to use, for example, workstations whose software can maintain data on potential customers. Each designated user has a personal user ID and password. Each user has signed a confidentiality agreement.
The system is protected by a firewall that protects against external contacts to the system and workstations with appropriate security software.
The protection and processing of register data comply with data protection law provisions and principles, authority regulations, and good data processing practices.
COOKIES
We use cookies on our site. A cookie is a small text file sent to and stored on the user’s computer. Cookies do not harm users’ computers or files. The primary purpose of using cookies is to improve and customize the visitor’s experience on the site and to analyze and improve the functionality and content of the site.
RIGHT OF ACCESS, I.E., THE RIGHT TO OBTAIN PERSONAL DATA
The data subject has the right to check what information is stored about them in the register. The inspection request must be made in writing or from a verifiable email address.
The data subject has the right to prohibit the processing and disclosure of their data for direct marketing, distance selling, direct marketing, and market and opinion research by contacting the controller’s customer service point.
RIGHT TO TRANSFER DATA FROM ONE SYSTEM TO ANOTHER
When legitimate interest is used as the basis for processing, the data subject does not have the right to transfer their data from one system to another.
RIGHT TO REQUEST CORRECTION OF DATA
Incorrect, unnecessary, incomplete, or outdated personal data in the register must be corrected, deleted, or supplemented.
A correction request must be made in writing, signed by hand, or from a verifiable email address to the organization’s customer service or the personal register maintainer.
The request must specify which data is required to be corrected and on what basis. The correction will be implemented without delay.
The correction of the error is notified to the person from whom the incorrect data was received or to whom the data was disclosed. If the correction request is denied, the responsible person of the register provides a written certificate stating the reasons for the denial. The concerned person can submit the denial for a decision by the data protection authority.
RIGHT TO RESTRICT PROCESSING
The data subject has the right to request restriction of data processing, for example, if the personal data in the register is incorrect. Contacts should be directed to the responsible person for the register.
RIGHT TO OBJECT
The data subject has the right to request their personal data and the right to request correction or deletion of personal data. Requests can be addressed to the contact person for the register.
If you act as a contact person for a company or organization, your data cannot be deleted during this period.
RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
If you believe that the processing of your personal data violates the data protection regulation, you have the right to file a complaint with a supervisory authority.
You can also file a complaint in the member state where you have your permanent residence or workplace.
The contact details of the national supervisory authority are:
Office of the Data Protection Ombudsman
Visiting address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: PO Box 800, 00531 Helsinki
Switchboard: 029 566 6700
Registry: 029 566 6768
tietosuoja@om.fi
www.tietosuoja.fi
OTHER RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA
The data subject has the right to prohibit the disclosure and processing of their data for direct marketing and other marketing purposes, to request the anonymization of data as appropriate, and the right to be completely forgotten.
The backbone of a coaching business
For ambitious coaches, trainers, and gyms around the world, Trainero makes running a coaching business a simple, borderless, and enjoyable experience. Our Team is constantly developing the service to make it the best coaching platform ever built.
102
Different nationalities of users across the globe
6M+
Workout and diet plans created
4
Continents where Trainero's data centers are located
2008
The year when the company was established