Privacy Policy
Privacy and Registry Statement
PRIVACY STATEMENT
Anatomic Functional Training Oy
1. General
This privacy statement describes how Anatomic Functional Training Oy (“AFT or the“ controller ”) processes personal data. The privacy statement applies to our websites, marketing and customer relationship management, and the processing of personal information related to the products and services we offer.
We comply with applicable data protection laws in all processing of personal data. The data protection legislation refers to the applicable data protection legislation, such as the General Data Protection Regulation of the European Union (2016/679) and the Finnish Data Protection Act (5 December 2018/10). Data protection terms not defined in this Privacy Statement will be construed in accordance with data protection law.
Our services and websites may also contain links to external websites and services operated by other organizations. This Privacy Statement is not applicable to their use, so we encourage you to read the privacy statements that apply to them separately.
“Personal data” means any data relating to natural persons (“data subjects”) from which a person can be directly or indirectly identified, as further defined in the Data Protection Regulation.
2. Registrar and data protection officer
Name: Anatomic Functional Training Oy
Business ID: 2569368-3
Address: Samoojantie 7, 33480 Ylöjärvi
Email address:[email protected]
Phone number: +358 503397776
Privacy issues
Address: Samoojantie 7, 33480 Ylöjärvi
Email address: [email protected]
Phone number: +358 503397776
3. Purposes and legal bases for the processing of personal data
The purposes for which personal data are processed are:
- delivery of products and services, conclusion of customer agreements and handling of orders
- customer service and communications; and customer satisfaction surveys
billing - marketing, including market research, other marketing promotion and analysis, and the production of statistics and the measurement of marketing effectiveness;
- direct marketing, including electronic direct marketing and telephone marketing, and the planning and measurement of the effectiveness of advertising and marketing, and the aggregation and updating of personal data for direct
- marketing purposes;
- subcontracting and cooperation with service providers
- improving the user experience of our website and other services and tracking user traffic
- performing statutory obligations (eg accounting and tax activities) and reporting obligations
- business planning
- handling warranty and defect cases, handling complaints and handling legal and regulatory proceedings
- preventing and investigating misuse, and ensuring the security of information, persons and property
The legal basis for the processing of personal data in order to deliver our products and services, enter into customer agreements and handle orders and related obligations is the contractual relationship or its preparation.
The processing of personal data may also be based on the legitimate interests of the controller or of a third party. Customer relationship management, customer communication, the processing of personal data related to marketing (including direct marketing) and the processing of personal data related to, for example, business development, and the handling of complaints and legal proceedings are based on a legitimate interest. When we process personal data based on a legitimate interest, we assess the benefits and potential disadvantages of the processing for the data subject and have assessed that the data subject's rights and interests do not override the legitimate interest. Upon request, we will provide further information on the processing of personal data based on a legitimate interest.
If we process personal information to comply with legal requirements or to fulfill certain of our reporting obligations, the legal basis for the processing is primarily compliance with a legal obligation.
4. Personal data and sources of information processed
|
Information group |
Information content |
Shelf life |
|
Identification and contact information |
Customer name, phone number, address and email address. |
2 years from the termination of the customer relationship |
|
Information about products and services and their orders and customer communications |
Information on processed orders, delivery time of orders and information related to contracts, coaching, customer communication, feedback and complaints. |
2 years from the termination of the customer relationship
|
|
Information related to marketing (including direct marketing) and events, as well as consents and prohibitions given by the data subject |
Contact information for marketing, as well as information collected in connection with events and occasions. Consents and prohibitions on direct marketing. |
As long as the person her/himself withdraws her consent to electronic marketing |
|
Information on the use of the website and other electronic services |
IP address, electronic communications credentials, search and browsing credentials, browser and operating system credentials, analytics credentials, and registration information |
2 years from data collection |
We collect personal information directly from the data subject, such as when a data subject purchases or orders our products or services, either on their own behalf or on behalf of an organization they represent, or when a data subject visits our website or other electronic services, subscribes to our newsletter, responds to a customer satisfaction survey or otherwise contacts us.
5. Retention of personal information
We retain personal information for as long as is necessary to fulfill the purposes set forth in this Privacy Statement and for as long as is required by law (for example, responsibilities and obligations related to accounting or reporting obligations), or for litigation or similar disputes. Upon expiration of the purpose, the personal data will be deleted or rendered anonymous within a reasonable time.
Upon request, we will provide more information about our privacy practices.
6. Recipients of personal data
Various service providers and other third parties may also be used to process personal information, such as providers of technical solutions or server space, or service providers of accounting and financial management. We take care of the agreements required by data protection law with the parties we use to process personal data.
Personal data may be disclosed to third parties in situations required by law or authority or for the purpose of investigating misuse and ensuring security. In addition, personal data may have to be disclosed in connection with legal proceedings or similar legal proceedings.
If the controller is involved in a merger, business transaction or other corporate arrangement, personal data may be disclosed to the parties to the arrangement or to parties assisting in the arrangement.
Upon request, we will provide more information about the recipients of personal information.
7. Transfer of personal data outside the European Economic Area
We generally process personal data within the European Economic Area, but personal data may also be processed outside the European Economic Area. If personal data is transferred outside the European Economic Area, we will ensure the lawfulness of the transfer of personal data through an appropriate safeguard mechanism, such as the use of standard clauses by the European Commission.
|
Association |
Intended use |
Information |
Privacy Policy |
|
|
Kajabi |
Customer management and marketing |
Name, Email |
|
|
|
Stripe |
Payment intermediation |
Name, Email, payment card information |
|
|
|
|
||||
|
Tawk |
Customer service platform |
Name, Email |
|
|
|
Zapier |
Integration tool |
Name, Email |
|
|
|
Google Sheets |
Event management |
Name, Email |
|
- Please note that we use social media plug-ins through which your personal information may be transferred outside the EEA. You can read more about our cookie description here. Upon request, we will provide additional information regarding the transfer of personal data and the protection mechanisms used.
8. USERS UNDER 18
We do not knowingly collect personal data from anyone under 18 years of age. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we discover that a person under 18 years of age has provided us with personal data, we will delete such information immediately.
9.Protection of personal data
Data security and the protection of personal data are of paramount importance to us. We use appropriate technical and organizational safeguards to protect personal information. We also ensure fault tolerance and data recovery capabilities for our systems. The right of access to personal data is limited to those who are individually entitled. The use of the registry is protected by user-specific IDs, passwords and access rights. The registry is accessed through a secure connection.
Material in physical form is stored in a locked state. The material in electronic form is collected in the Service's common databases, which are protected by passwords. Persons processing personal data have a duty of confidentiality in matters related to the processing of personal data.
COOKIES
We use cookies in our online service. The cookie can be valid either for a single session or for a longer period. A cookie is a text file that is stored on a user's device when he or she visits a web service. For more information on cookies from the Anatomic Functional Training online service, see a separate cookie statement.
10. Rights of data subjects
Data subjects have rights to their own personal data in accordance with data protection law. However, the application of the rights in each individual situation depends on the purpose and situation of the use of personal data. - Right of access to personal data. The data subject has the right to receive confirmation as to whether the data subject's personal data and other data on the processing of personal data are processed in accordance with data protection legislation. The data subject has the right to receive a copy of the personal data.
- Right to rectification of personal data. The data subject has the right, with certain restrictions, to request the correction or deletion of incorrect or inaccurate information.
- Right to delete personal data. The data subject has the right to request the deletion of his or her personal data in accordance with the provisions of data protection law. Upon request, we will delete your personal information unless required to do so by law or other applicable exceptions under data protection law.
- Right to restrict processing. In accordance with the provisions of data protection law, the data subject has the right to request a restriction on the processing of personal data in certain situations.
- Right to transfer personal data. The data subject has the right to request the transfer of his or her personal data to another data controller. The right of transfer shall in principle apply to personal data which the data subject has provided to the controller in a structured and machine-readable form and which are processed on the basis of the data subject's consent or agreement and / or for which the processing is carried out automatically.
- Right to object to proceedings. The data subject has the right to object to the processing of personal data based on legitimate interests, including profiling, in accordance with the provisions of data protection law. We may refuse a request if the processing is necessary to protect the compelling and legitimate interests of the controller or a third party. However, the data subject always has the right to object to the processing of personal data for direct marketing purposes and for profiling related to direct marketing.
- Right to withdraw consent. If the processing of personal data is based on the consent of the data subject, the data subject has the right to withdraw his or her consent to the processing of personal data concerning him or her. Withdrawal of consent shall not affect any previous processing of the withdrawal.
11. Exercise of rights
We hope you will contact us if you have any questions regarding the processing of your personal information.
You can send a data subject's rights request by letter or email using the contact information provided in this Privacy Statement.
If necessary, the identity of the applicant will be verified before the request is processed. A request shall be replied to within a reasonable time and, in principle, within one month of the request being made and any identity being verified. If the request cannot be accepted, the refusal will be notified separately.
12. Right to lodge a complaint with the supervisory authority
The data subject has the right to lodge a complaint with the competent data protection authority if the data subject considers that his or her personal data have been processed in breach of data protection law.
Contact information for the Finnish Data Protection Authority can be found here.
13. Changes to the Privacy Statement
This privacy statement may need to be amended from time to time. Changes may also be based on changes in data protection legislation. We therefore encourage you to review our privacy policy on a regular basis.
This Privacy Statement was updated on August 22, 2022.
