Privacy statement
Privacy policy in accordance with personal data legislation
EU General Data Protection Regulation (GDPR) and Data Protection Act
Updated 23.10.2024
1. Registrar
Coala Ltd
Business ID: 2403281-6
Kuortaneenkatu 5
00520 Helsinki
2. Contact person in matters concerning the register
Elina Erkkilä
Coala Ltd
Tel: +358 50 300 4154
E-mail: elina.erkkila(at)coala.fi
3. Name of the register
Coala Ltd's customer and marketing register
4. Purpose of processing personal data
We process the data of our customers and potential customers as well as their representatives and contact persons in the register. The data is used for customer relationship management, customer communication and marketing. Our aim is to provide you with up-to-date information that is relevant to your work.
The processing of data for customer relationship management and customer communication is based on the implementation of a contract between us. Data used for marketing purposes, is processed based primarily on consent (e.g. newsletter subscription) and secondarily a legitimate interest (e.g. customer relationship). Legitimate interest means that there is an appropriate and relevant relationship, such as a customer relationship, between the controller and the data subject. In this case, we are particularly sensitive to the interests and rights of the data subject.
5. Data content of the register
The following information may be stored about data subjects:
- Name and contact details (address, telephone number, e-mail address).
- Company details (e.g. name, business ID, contact details, industry)
- Direct marketing authorisations (e.g. newsletter subscription) and direct marketing bans
- Customer relationship and contact information (e.g. purchase and cancellation information for products and services, delivery information, feedback)
- Marketing and promotional data, such as marketing activities targeted at the data subject and participation in such activities (e.g. registration and participation in webinars and events)
6. Regular data sources
Personal data concerning the data subject is collected when entering into a contract (e.g. assignment contract or course registration), when using Coala's services (e.g. during a course) and in connection with marketing activities (e.g. webinar or other event). We collect information primarily from you, but we may also receive information from your employer or others who register you for our events or trainings.
We sell our training courses and collect registrations for webinars on oppia.fi. We receive lists of people who have registered for our courses, as well as those who have registered for and participated in our webinars. You can also view the oppia.fi privacy policy.
7. Disclosure of information
No data will be disclosed to third parties. Exceptions are situations where a third party awards a certificate at the end of the training, in which case we will disclose the information required by the certificate issuer for the certification.
Information may be handed over in the event of a company acquisition or other reorganization of Coala's business.
8. Transfer of data outside the EU and EEA
We use cloud services to store and process some personal data. Cloud service providers sometimes have their data centres or hosting facilities located outside the EU/EEA (e.g. in the USA). In such cases, we will also ensure that the services are appropriate and comply with the requirements of personal data legislation.
We will only use such services outside the EU/EEA if:
The data and maintenance are in a country where the European Commission has determined that there is an adequate level of data protection, or contractual arrangements can guarantee an adequate level of data protection (e.g. standard clauses approved by the Commission)
9. Principles for the protection of the register
Manual data will be kept in premises that are inaccessible to unauthorised persons.
Electronic data are protected by generally accepted technical means (e.g. passwords, firewalls, encryption). We take data security seriously and only use reputable and well-known service providers.
10. Right of access and rectification and other rights related to the processing of personal data
The data subject has the right under the Personal Data Act to inspect the data stored about him or her in the register and to request the correction of inaccurate data, the completion of incomplete data and the deletion of data. The request for verification, correction, integration and deletion of data must be sent in writing to the controller. The controller has the right to ask the applicant to prove his identity. At the request of the data subject, we will make the necessary corrections and additions (e.g. correct inaccurate, unnecessary, incomplete or outdated data). We will delete your data on request, where possible without breaching any other obligations imposed on us (e.g. legal retention periods).
The data subject has the right to object to the use of his/her data for direct marketing.
We will respond within the time limits set out in the EU General Data Protection Regulation (generally within one month).
Requests should be sent to:
Coala Ltd
Request for personal data / Elina Erkkilä
Kuortaneenkatu 5
00520 Helsinki, Finland
elina.erkkila(at)coala.fi
11. Amendments to the Privacy Policy
We are constantly developing our services and therefore we reserve the right to change this Privacy Policy by notifying you on this page. Changes may also be based on changes in legislation.