Privacy Policy for Cad Sä Oy’s training and customer registers

  1. Data Controller and Processors
    Cad Sä Oy maintains the registers and processes personal data.
    Address: Kiilakiventie 1, 90250 Oulu, Finland.

Other data controllers and processors include the parties specified in section 9: the online learning platform provider, accounting firm, and companies providing email marketing services.

  1. Data Subjects
    The data subjects include target groups for electrical safety training marketing, individuals registered for training, their supervisors, and their employers.

  2. Purpose and Legal Basis for Processing
    We process personal data in accordance with the EU General Data Protection Regulation (GDPR) on the following legal grounds:

• Contract performance: Processing is necessary to enable course registrations, deliver training, and manage completion records.
• Legal obligation: Processing is required to comply with legal obligations, such as accounting and tax legislation (e.g. retention of billing data).
• Legitimate interest: We process data based on our legitimate interest in maintaining customer relationships, conducting B2B marketing, and communicating about our services to existing customers.
• Consent: Where required by law (e.g. electronic direct marketing to consumers without an existing customer relationship), processing is based on the explicit consent of the data subject.

Purposes of processing:
• Organising and delivering training services and events.
• Tracking training completion and managing certificates.
• Billing and financial administration.
• Customer communication and marketing of training services.
• Service development and feedback collection.

  1. Data Content
    The registers include contact details of participants and their employers:

• Name, address, and contact details.
• Employer name, contact person, and contact/billing details.
• Training records: start and completion dates, test results, pass/fail status, and certification documents.

  1. Rights of the Data Subject
    The data subject has the right to:

• Access their personal data.
• Request correction of inaccurate data.
• Object to processing.
• Request deletion of data (“right to be forgotten”).
• Restrict processing of disputed data.
• Lodge a complaint with the data protection authority.
o Instructions for complaints: www.tietosuoja.fi

  1. Sources of Data
    Data is primarily collected directly from the data subject or their employer during registration and participation in training. We may also update our registers using publicly available contact information for B2B marketing purposes.

  2. Disclosure of Data
    Personal data is not sold or rented to third parties. Data may be disclosed in the following cases:

• With consent.
• In connection with a business transaction.
• To employers regarding training completion.

  1. Data Retention
    We retain personal data only as long as necessary for the purposes described in this policy:

• Accounting data: Billing and payment data is retained for six (6) years from the end of the financial year, in accordance with accounting legislation.
• Training records: Data is retained to verify professional qualifications. We store this data for ten (10) years or as long as the qualification remains valid, unless the data subject requests deletion earlier, unless applicable law requires longer retention.
• Marketing register: Data is retained as long as the customer relationship is considered active. We regularly update our registers and remove unnecessary data. Marketing data is deleted without delay if the data subject objects or withdraws consent.

  1. Data Processors
    Personal data is processed by Cad Sä Oy personnel responsible for training and marketing, as well as financial administration service providers (e.g. accounting firms). Lawful processing is ensured through contractual agreements.

Service Providers:
• Saarni Learning Oy / Discentum Oy: learning platforms.
• Accounting: Tilitoimisto Rantalainen.
• Google Ireland Limited / Google LLC: website analytics (Google Analytics).

  1. Transfers Outside the EU/EEA
    Data is primarily processed within the EU/EEA. However, some service providers (e.g. cloud storage, backups, or email marketing tools) may process data outside the EU/EEA, such as in the United States.

In such cases, we ensure an adequate level of data protection through the following measures:

• Standard Contractual Clauses (SCC) approved by the European Commission.
• EU-U.S. Data Privacy Framework, where applicable.

  1. Cookies and Tracking
    We use cookies and similar technologies to recognise user devices. Third parties may place cookies for statistical purposes.

  2. Contact Information
    If you have questions about this privacy policy or wish to exercise your rights, please contact our Data Protection Officer:

Cad Sä Oy, 2260970-6 Jyrki Karvo
Data Protection Officer
jyrki.karvo@cadsa.fi