PRIVACY NOTICE

With this Privacy Notice we provide you information on why and how we process your personal data in connection to our business operations.

1) WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?

The controller of your personal data is Step Beyond Oy (business ID: 2335953-4).

You can reach us via email at: info@stepbeyond.eu

2) WHAT DEFINITIONS ARE USED IN THIS PRIVACY NOTICE?

Controller means a party that is in charge of the personal data processing activities.

Data subject is a term for a human being in accordance with data protection laws.

Legal basis for processing means the legal basis with which the controller processes personal data of a data subject. Article 6 of the GDPR contains provisions on legal basis for processing.

Personal data means any data concerning a data subject or data with which a data subject can be identified with.

Privacy Notice means a data protection document that has been drafted according to Articles 13 and 14 of the GDPR, and with which the controller may inform its data subjects of the ways their personal data is processed.

Processor means a party that processes personal data for and on behalf of the controller.

Purpose for processing means the reason why the controller processes personal data of a data subject.

3) WHY DO WE PROCESS YOUR PERSONAL DATA?

We process personal data when we provide our services. We also process personal data for our general business purposes such as communications, marketing, development of our services, business partner relations and compliance with legal obligations.

Our legal basis for processing personal data depends on the purpose for which we process personal data. We use as a legal basis (i) our contractual obligations when we carry out our contractual obligations and rights, (ii) our legitimate interests in communications, marketing, and development of our services and (iii) our legal obligations when complying with our legal obligations (e.g. accounting).

We process the personal data of coaching and training participants, the representatives of our customers and business partners, and other applicable data subjects. This includes e.g. processing of names, basic contact information, working related data (e.g. job role and expertise), IP addresses and other personal data related to the use of our services (e.g. personal characteristics).

4) FROM WHERE DO WE COLLECT YOUR PERSONAL DATA?

We collect your personal data from you, digital services (e.g. email service providers), authorities, public sources (e.g. official registries such as trade registry) and cookies (e.g. Google Analytics).

We may also process your personal data collected and stored by assessment services provider in connection with our coaching services.

5) DO WE TRANSFER YOUR PERSONAL DATA?

As a general rule, we will not disclose your personal data to third parties. However, if we are required by mandatory law or governmental authorities to disclose your personal data, we will assess the legality of such disclosure on a case-by-case basis.

We do share, i.e. transfer your personal data to others as part of our normal business activities when using various digital services. For example, we use the following digital services provided by data processors, which involve the processing of personal data: data storage services (e.g. cloud services), communication services (e.g. e-mails) and financial management tools.

6) DO WE PROCESS YOUR PERSONAL DATA OUTSIDE THE EU AND THE EEA AREA?

Your personal data may be processed outside the EU and the EEA area. In these situations, we ensure an adequate level of data protection, for example, through standard contractual clauses, adequacy decisions, Data Privacy Framework (DPF) and other similar arrangements.

7) HOW LONG DO WE RETAIN YOUR PERSONAL DATA?

We retain personal data for (i) as long as we have a valid contractual relationship in connection to data, (ii) as long as it is necessary to fulfil the purpose of data processing and/or (iii) for as long as we have a legal obligation to retain data.

8) DO WE USE ASSESSMENT SERVICES PROVIDERS IN OUR SERVICES?

Yes, we may provide coaching services in connection with assessment services providers. When doing so, the assessment related personal data of our data subjects shall be retained in the systems of the relevant [assessment services provider. Before any personal data may be provided to the relevant assessment services provider, the data subject shall be provided with the Privacy Notice of the relevant assessment services provider. We shall have access to the data subject’s personal data held at the assessment services providers, and we shall use that data in the provision of our services to the data subject.

9) WHAT DATA PROTECTION RIGHTS DO YOU HAVE?

You may have the right to use the below listed data protection rights under the GDPR:

  • Right to inspect (art. 15)
  • Right to rectify (art. 16)
  • Right to erasure (art. 17)
  • Right to restriction of processing (art. 18)
  • Right to data portability (art. 20)
  • Right to object; especially when processing personal data based on legitimate interests (art. 21)
  • Right not to be subject to automated individual decision-making, including profiling (art. 22)

If you would like to use your rights or inquire something about data protection, please be in touch via email (see contact information from section 1).

You may also have a right to lodge a complaint with the data protection authorities, if you think that the processing of your personal data infringes data protection laws.

10) CAN THIS PRIVACY NOTICE BE AMENDED?

We may unilaterally amend this privacy notice. We update the privacy notice as necessary, for example, when there is a change in legislation. Amendments to this privacy notice will take effect immediately when we post an updated version on our website.

If we make significant changes to the privacy notice, or if there is a significant change in the way it is used, we will notify the data subjects.

(Last update 26.2.2024)