Privacy Policy

This is the privacy and data protection statement of Kurssini Oy in accordance with the Finnish Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Created on: 2 November 2021. Last updated: 31 March 2025.

1. Data Controller

Kurssini Oy
Business ID: 3233628-9
Laserkatu 6, 53850 Lappeenranta, Finland

2. Contact Person for Register Matters

Niklas Nukari
Phone: 0300 472 035
Email: asiakaspalvelu@jatkokoulutus.com

3. Name of the Register

Jatkokoulutus.com Customer and Marketing Register

4. Legal Basis and Purpose of Processing Personal Data

We process personal data based on the following legal grounds defined in the GDPR:

  • The data subject’s consent
  • The data subject’s participation in a contract
  • Legal obligation

We process personal data for the following purposes:

  • To provide training services
  • To maintain and improve user experience in a secure environment
  • To make marketing and sales more effective and targeted
  • To develop customer service and the overall customer experience
  • To maintain the customer relationship
  • To fulfill legal reporting obligations
  • To prevent potential misuse

5. Register Data Content

The data we may collect includes but is not limited to:

  • Contact information, such as email and phone number
  • Personal identity number (for Finnish users)
  • Unique identifiers and contact details for business customers
  • Payment and billing information
  • Analytics data related to service usage
  • IP addresses
  • Course completions and related timestamps
  • Payment records
  • Online behavioral data and device identifiers

The customer is the primary source of information. Data may also be supplemented or verified via third-party partners such as credit check providers.

Retention periods are determined according to the purposes described in this document. Some data is retained longer to comply with legal requirements, such as accounting obligations or official reporting duties.

Upon request, personal data may be deleted unless doing so would conflict with statutory obligations.

Examples of legal retention requirements:

  • Documents related to professional competence training are stored for five years, as required by Traficom.
  • Finnish accounting laws require the long-term storage of certain financial documents.

6. Regular Sources of Data

We collect data in various ways, including:

  • Web forms
  • Emails
  • Phone calls
  • Social media platforms
  • Contracts
  • In-person meetings where the customer voluntarily provides information

We may also receive data from third parties during credit assessments, for example when evaluating the creditworthiness of an individual or company during course registration. These credit reports are stored for two weeks and then deleted. However, the final decision (approved/declined) may be retained in the customer profile.

7. Data Disclosures and Transfers Outside the EU/EEA

We generally do not share personal data with third parties unless the customer has given explicit consent or if sharing is required to provide a service.

However, data may be transferred outside the EU/EEA in certain cases.

Examples of such data transfers:

  • When required by law (e.g., reporting professional qualifications), data may be disclosed to authorities such as Traficom or Ajovarma Oy.
  • Kurssini Oy, as the training provider, may share necessary data for training execution and regulatory reporting.
  • Business development partners may have limited access to customer data.
  • In the event of a change in company ownership, personal data may be transferred to new owners.
  • Data may be shared with third parties for contract performance, debt collection, or to fulfill legal obligations.
  • Personal data may be stored in third-party cloud services (including outside the EU/EEA) accessible only by Kurssini Oy staff.
  • Data may also be shared with third parties with the consent of the data subject.

8. Principles of Data Protection

We handle personal data with care and pay special attention to data security. All IT systems are properly protected. Data is stored on servers with strong physical and digital safeguards.

Only authorized employees who need the data for their duties have access. All personal data is treated as confidential.

9. Right to Access and Correct Data

All registered individuals have the right to request access to their personal data and to request corrections to inaccurate or incomplete data.

Requests must be submitted in writing to the data controller via email or mail. Proof of identity may be required. All requests will be processed within the timeframe set by GDPR, typically within one month.

10. Other Data Subject Rights

Registered individuals have the right to request the deletion of their personal data (“right to be forgotten”) or the restriction of processing under specific circumstances as defined by the GDPR.

All such requests must be submitted in writing. The data controller may request proof of identity. Requests will be processed within GDPR-compliant timelines, usually within one month.

11. Cookies

Kurssini Oy uses cookies and similar technologies (such as local storage) on its website. Cookies are small files saved to a user’s device to allow features like user recognition and shopping cart functionality. They typically remain active from hours to days depending on browser settings.

By using our website, you consent to the use of cookies set by both us and third parties.

Third-party cookies may be provided by services such as Google, Facebook, Instagram, and Snapchat, which are integrated into our site.

Need help choosing the right training?

Call us or send a message – we’re happy to help!

Need help choosing the right training?

Call us or send a message – we’re happy to help!

Contact Us In-Person Training Online Training