WHAT IS THIS ABOUT?
In order for us to be able to offer our services in the way we promise, we handle personal data in our operations. We want to keep your personal data protected and thus handle it as little as possible: we only handle data that is essential for our operations. We comply with the EU’s General Data Protection Regulation and the Finnish legislation regarding personal data in our operations.
This is, in effect, the customer and marketing register of the Academy of Security and Arctic Training.
IN WHAT SITUATIONS DO WE HANDLE PERSONAL DATA?
We handle personal data essential for the operations of the company for customer and marketing reasons. We only register data that is necessary for planning our operations.
WHO IS IN CHARGE OF HANDLING PERSONAL DATA?
Academy of Security and Arctic Training, 33210 TAMPERE(Business ID: 2732911-3).
Contact person regarding personal data: Ulla Tirronen.
WHAT DATA DO WE HANDLE?
We collect and record the following personal data of our customers:
– Email address
– Mobile or other telephone number
– Organization and position in that organization
– Address and billing information of the person or organization
– Information about the services the customer has ordered, their delivery, and billing.
We only handle personal data general in nature. If we would have to handle data that belongs to a special data category in order to be able to provide the service you have ordered (for example special dietary information for individual training events), we would delete this kind of data immediately when the need for the data had expired (for example when the training event had been held).
FROM WHERE AND HOW DO WE COLLECT PERSONAL DATA?
We collect your personal data in the following situations:
- If you become our customer
- If you subscribe to our newsletter
- If you come to some other event that we organize
- If you contact us through our website
- We may also collect personal data from generally available internet sources and possible other public sources. Address sources are acknowledged if they are other than the above-mentioned.
We record your personal data in order to be able to
- provide you with information regarding your order
- deliver your order
- collect a payment from you
- meet legislative requirements (for example requirements related to the Accounting Act and the Consumer Protection Act)
- keep track of your participation in our training in order to later confirm your participation in our training, if necessary, (the possibility to duplicate a certificate), and to be able to make targeted offers to you about our other services
- recognize users in social media, who may be interested in our services
- send targeted offers and information to you in our newsletter
- make customer surveys about our services
- hand out a list of participants (including name, title, and organization) in certain training events in order to promote participant networking (you may also forbid your name from appearing on such participant lists)
- analyse your purchasing behaviour in order to be able to make more targeted offers through profiling.
We handle your personal data firstly based on customer relationship, other contract, specific agreement of the customer, and other legislative obligations.
WHAT SOURCES DO WE GET DATA FROM?
We collect your data mainly from yourself. In certain situations, we may receive information from generally available internet sources and possible other public sources. As a general rule, address sources are stated if other than the above mentioned.
WHERE DO WE GIVE OUT OR TRANSFER YOUR PERSONAL DATA?
We do not give out personal information of our customers to third parties, except when the authorities in Finland so require.
We handle your personal data mainly within the EU and the EEA. Only in a situation when we use an external IT system provider as our software provider (such as Google) may we give out your personal data outside the EU or EEA countries when we handle data in the software provided by these software providers. In such cases, we make sure that the software provider in question is committed to following the EU’s General Data Protection Regulation, for example, by being a member of the Privacy Shield Framework.
WHO HANDLES YOUR PERSONAL DATA?
We handle your personal data mainly in various electronic services (in IT systems and services related to the handling of payments offered by service providers), and thus the providers of these electronic services have access to personal data in the role of a handler. We, as the data controller, are responsible for the data being handled correctly and carefully according to the General Data Protection Regulation.
HOW DO WE PROTECT YOUR PERSONAL DATA?
- A) Manual material
Manual material accumulates only during training days if we hand out a printed list of participants to the participants of the training. We see to it that such printed out lists of participants are destroyed immediately after the training.
- B) Digital material
Personal data is stored as confidential. The network and equipment of the data controller and its possible IT partners where the register is located is protected by a firewall and other necessary technical measures.
We make sure that only those of our employees and employees of companies working for the data controller, for whom it is necessary in order to do their work, have access to the data.
The data is handled in the software we use in order to be able to offer our services as we promise. These include the invoicing system Netvisor as well as Google software services, which is a member of the Privacy Shield Framework.
FOR HOW LONG DO WE HANDLE YOUR PERSONAL DATA?
We handle your personal data only for as long as the current legislation requires, you have a customer relationship with us, or until you have been inactive in our register for over 5 years or until you yourself leave our register (you can leave unless the legislation requires us to keep your data for a certain time). We go through our register annually and remove personal data of those who have been inactive for five years in case other legislation allows removing their data.
HOW CAN YOU EXERCISE YOUR RIGHTS AS A REGISTERED PERSON?
As a registered person, you have the right to know what personal data about you we handle and, for example, correct your personal data or have it removed (unless the legislation requires to keep certain data for a certain time). Contact us if you have any questions regarding your personal data.
You also have the right to make a complaint to the national supervisory authority if you feel that your personal data has been mishandled.