Privacy Policy
Privacy Policy and Data Protection Statement
This is the company’s GDPR-compliant privacy policy. Created on 16.09.2024.
1. Data Controller
Learning Scoop
Hämeenpuisto 28
33100 Tampere
FINLAND
2. Contact Person for the Register
Elli-Maija Ahonen
ellimaija.ahonen@learningscoop.fi
3. Register Name
Customer Register
4. Legal Basis and Purpose of Data Processing
The legal basis for processing personal data under GDPR includes:
- Consent (documented, voluntary, specific, informed, and unambiguous)
- Contract where the data subject is a party
- Legal obligation (specify)
- Performance of a task carried out in the public interest or official authority
- Legitimate interests of the data controller (e.g., customer relationship before a contract, employment, membership).
The purpose of data processing is to communicate with customers, maintain customer relationships, marketing, etc.
Data will not be used for automated decision-making or profiling.
5. Register Data Content
The data stored in the register includes: name, position, company/organization, contact details (phone number, email, address), website addresses, IP addresses, information on ordered services and changes, billing information, and other customer-related data.
If there are multiple data groups (e.g., customer and marketing registers), list them and their content. Also, specify data retention periods if possible and whether data will be anonymized after a certain period.
IP addresses and essential cookies on the website are processed based on legitimate interest for security and statistics, and third-party cookies require separate consent.
6. Regular Data Sources
Data is obtained from customers via web forms, email, phone, social media, contracts, meetings, and other situations where customers provide their information.
Data on contacts from companies and organizations may also be collected from public sources such as websites, directories, and other businesses.
7. Regular Data Disclosures and Transfers Outside the EU/EEA
Data is not regularly disclosed to third parties but may be published as agreed with the customer.
Data may be transferred outside the EU/EEA by the data controller. Data will not be transferred to the U.S. without explicit consent.
If data is shared with third parties, list recipients or recipient groups (including data processors/subcontractors), their purposes for processing personal data, and transfer bases if outside the EU.
8. Data Protection Principles
Data processing is carried out with care, and data stored on internet servers is protected appropriately. The data controller ensures physical and digital security of the equipment and confidentiality of data, access rights, and other critical security information.
9. Right to Access and Correct Data
Individuals have the right to access and request correction of their data. Requests must be made in writing to the data controller, who may request proof of identity. Responses will be provided within the timeframe specified by GDPR (generally within a month).
10. Other Rights Related to Data Processing
Individuals have the right to request deletion of their data (“right to be forgotten”) and other rights under GDPR, such as restricting processing in certain situations. Requests must be sent in writing to the data controller, who may request proof of identity. Responses will be provided within the timeframe specified by GDPR (generally within a month).
