PRIVACY STATEMENT

This is FD Education Finland Oy’s register and privacy statement in accordance with the Personal Data Act (Sections 10 and 24) and the EU’s General Data Protection Regulation (GDPR).

Compiled on: 10 January 2023.

1. CONTROLLER

FD Education Finland Oy
Business ID 3206569-3
Peuranpolku 10, FI-70910 Vuorela
+358 50 324 6845

2. PERSON RESPONSIBLE FOR REGISTER MATTERS

Mikko Perttinä
Peuranpolku 10, FI-70910 Vuorela
+358 50 324 6845

3. REGISTRY NAME

Customer and user register of fitnessdecathlon.fi

4. LEGAL BASIS AND PURPOSE OF THE PROCESSING OF PERSONAL DATA

FD Education Finland Oy processes personal data only in accordance with the law. The purpose of the processing is to maintain, develop and manage the customer relationship and to implement the rights and obligations of the customer and FD Education Finland Oy.

The legal basis for the processing of personal data is the following criteria under the EU’s General Data Protection Regulation (hereinafter also referred to as “GDPR”):

  1. the data subject has given consent to the processing of his or her personal data for one or more specific purposes (GDPR Article 6(1)(a));
  2. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (GDPR Article 6(1)(b));
  3. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (GDPR Article 6(1)(f)). The legitimate interest of the data controller referred to above is based on a meaningful and appropriate relationship between the data subject and the data controller resulting from the fact that the data subject is a customer of the data controller and when the processing takes place for purposes reasonably expected by the data subject at the time of the collection of the personal data and in the context of the appropriate relationship.

 

5. DATA CONTENT OF THE REGISTER

The controller only collects information that is necessary for the purposes described in this privacy statement and for which the customer or the guardian of the minor client has consented. In order to obtain a company’s product, i.e. an Exercise analysis, the register contains the following information on customers:

– name* or identifier, age, gender **email address, region, sport(s) the person engages in

* The name is only collected if the customer wants to receive the Exercise analysis report under their own name.
** Entering an email address in the register is optional. The customer will provide this information if they wish the results and the Exercise analysis report to be sent to their email address.

The controller collects the following information through the contact form:

– name, phone number and email address

6. DISCLOSURE OF INFORMATION TO THIRD PARTIES

Personalised identifiable information related to an individual is not disclosed to third parties.

7. PRINCIPLES OF REGISTER PROTECTION

A database containing customer information is on a server that can only be accessed by designated and authorised persons due to their duties. The server is protected by an appropriate firewall and technical security.

Databases and systems can only be accessed with separately granted personal user IDs and passwords. The controller has restricted access rights and authorisations to information systems and other storage platforms so that the data can only be reviewed and processed by persons necessary for their processing. In addition, the use of databases and systems is registered in the controller’s IT system log data.

The controller’s employees and other persons are committed to complying with the obligation of confidentiality and to keeping confidential the information received in connection with the processing of personal data.

8. THE PURPOSES FOR WHICH THE DATA IS USED

The data is processed for purposes related to the management, administration and development of customer relationships, the provision and delivery of services and the development of services. The data is also processed for the purposes required for investigating possible complaints and other requirements. Analytics data is used in the analysis and statistics of the use and functionality of the versatility analysis service and in the development of service quality.

9. DATA STORAGE

The data collected in the register shall only be stored for as long as and to the extent necessary in relation to the original or compatible purposes for which the data have been collected. The controller shall regularly assess the necessity of data storage in accordance with its internal code of conduct. In addition, the controller shall take all reasonable measures to ensure that data which are inaccurate, false or outdated for the purposes of the processing are deleted or corrected without delay.

10. DATA SUBJECT’S RIGHTS

A person in the register has the right to request the removal of personal data concerning them from the register (“right to be forgotten”). The data subjects also have other rights under the EU’s General Data Protection Regulation such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the controller. Where appropriate, the controller may request the applicant to prove their identity. The controller is responsible to the customer within the time limit laid down in the EU’s General Data Protection Regulation (mainly within one month).

11. VISITOR TRACKING

The site uses Google Analytics to track visitors and improve site usability. Google Analytics can store temporary and permanent cookies on the user’s hard disk. The cookies are not necessary for using the site.

You can use your browser’s settings to block cookies. This is usually done in the Help, Tools or Edit menu. You can also clear cookies saved by your browser from your browser settings.

Google Analytics is based on anonymous data, which is viewed at the summary level. Google Analytics stores, for example, the addresses and titles of visited pages, information about clicked links, time spent on the page, browser name and version, operating system, and information about the screen. Google Analytics does not store an IP address or phone MAC tag, for instance. To prevent Google Analytics from collecting information about pages you read, you can use the Google Analytics Opt-Out plug-in. You can use the Ghostery extension to block other tracking codes.

12. AMENDING THE PRIVACY STATEMENT

FD Education Finland Oy reserves the right to amend the privacy statement in accordance with the development of its business operations. The changes may also be based on changes in legislation.

Data protection request

With a data protection request, you can ask the controller to provide the data concerning you or, if necessary, to make corrections to your data.