Privacy policy

TN Training Consultant follows General Data Protection Regulation (GDPR).

Drawn on the 1st of December 2020.

1. Registrar

            TN Training Consultant

2. Responsible for the register

            Tea Nevala, tea.nevala@tntrainingconsultant.fi, +358 405 601 171.

3. Name of the register

            Network service user register.

4. The purpose of the processing of personal data

            The legal basis for the processing of personal data under EU General Data Protection Regulation is:

• The person’s consent is voluntary and documented.
• The legitimate interest of the registrar is the customer relationship.
• The purpose of the processing of personal data is to communicate with the customer, maintain customer relationship and market.
• The data is not used for automatized decision making or profiling.

5. The information content of the register

            The information to be built into the register are: person’s name, company/organization contact information,             e-mail address and other information related to the customer.

            The data retention period is 2 years.

6. Regular sources of information

            The information stored in the register is obtained from the customer.  This information may be obtained by,             for example: messages sent via web forms, e-mails, telephone calls, social media services, contracts,             customer meetings and other situations in which the customer discloses her/his information.

7. Regular transfers of data outside the EU or the EEA

            The information is not regularly disclosed to other parties. The information may be published to the extent             agreed with the client and, as general rule, anonymously.

            Data may also be transferred from the post of data controller outside the EU and the EEA in accordance             with the principle and justification of EU 2016/679 regulation. The processing of personal data shall be             permitted in Finland in such a situation. The transfer of personal data shall comply with the conditions set             out in chapter V of the General Data Protection Regulation on the EUR-Lex website.

            We use Google Analytics to collect information about visitors to this website. You can review Google
            Analytics' terms of use here: https://marketingplatform.google.com/about/analytics/terms/us/

8. Registry protection principles

            Care is taken in the processing of the register and the data processed by the information systems             are adequately protected. When register data is stored on internet servers, the physical and digital             security of their hardware is adequately addressed in accordance with the regulations. The controller             shall ensure that the data stored, as well as the access rights to the servers and other information critical to             the security of personal data, are treated confidentially and only by the employees whose job description it             includes. The employee has a signed duty of confidentiality.

9. Statutory obligation

            Compliance with the controller’s legal obligations may require the controller to process personal data. A             statutory obligation may be based only on European Union or on the law of a Member State.

10. Legitimate interest of the controller

            Processing of personal data is permitted when it is necessary to achieve the legitimate controller or third-
            party interests. A legitimate interest may exist, for example, where there is a significant relationship             between the data subject and the controller, for example, where the data subject is a customer or a             subordinate of the controller.

11. The right of inspection and the right to have the information rectified

            Every person in the register has the right to check the information stored in the register and to request the             completion of any incorrect information. If the person wishes to check or request the rectification of data             stored about him or her, the request must be made in writing to the controller. The registrar may, if             necessary, ask the applicant to prove her/his identity. The controller shall respond to the customer within             the period laid down in the EU data regulation within 1 month. If the controller indicates that he needs             more processing time, the deadline is 3 months after the initial request.

12. Other rights related to the processing of personal data

            The person in the register has the right to request the deletion of personal data concerning her/him from             the register ” the right to be forgotten”. The data subject also has other rights under the EU’s General Data             Protection Regulation, such as restricting the processing of personal data in certain situations. Requests             shall be sent in writing to the controller. The controller may, if necessary, ask the applicant to prove her/his             identity. The controller shall respond to the customer within the period provided in the EU General Data             Protection Regulation, which is, within 1 month.

Read more about the EU’s General Data Protection Regulation: www.eur-lex.europa.eu