1) Who we are (data controller)
For the purposes of this Privacy Policy, Arto Komsi is responsible for the personal information collected through this website. We refer to Arto Komsi as “we,” “us,” or “our.”
Controller contact details
- Arto Komsi, Amerikanraitti 12, 70820 Kuopio, Finland
- [email protected]
- +358 17 123 4567
If you write to us about privacy, please include the email address you used with our forms and a description of your request.
2) What personal information we collect
We collect only the information needed to operate an educational website, respond to messages, and understand how the site is used. Depending on how you interact with us, we may collect the following categories of personal information:
Information you submit
- Full name (if you choose to provide it in a contact form)
- Email address (newsletter or contact requests)
- Phone number (only if you choose to include it in a message)
- Message content and any details you include
Technical and usage data
- IP address and approximate location derived from IP (city/region level)
- Browser type, device type, operating system, and language settings
- Pages viewed, time spent, navigation events, and referring page (where available)
- Cookie and similar identifier data (see Cookies section)
Sensitive information
Please do not submit sensitive personal information through our forms (for example, health information, government identifiers, or detailed financial information). Our services are educational, and we do not need that type of data.
3) How we collect information
We collect information using a combination of direct input and automated signals. The main collection methods are:
- Web forms, such as newsletter signups and contact requests
- Cookies and similar technologies used for essential site functions and analytics (depending on your choices)
- Server logs, which record requests to our site (for security and diagnostics)
- Optional analytics tools (for example, Google Analytics 4), which may be enabled only if you accept analytics cookies
We may also use measurement tools for advertising platforms (for example, Meta Pixel) only if implemented and only where appropriate consent is obtained through the cookie banner. If such tools are used, they are described in the Cookies section and in our Cookie Policy.
4) Why we use personal information (purposes)
We use personal information for clear, limited purposes that align with running an educational website and communicating with you. These purposes include:
Service delivery and website operations
To display content correctly, improve accessibility, remember your cookie preferences, and keep the site functioning and secure. This includes troubleshooting issues, preventing abuse, and maintaining performance.
Responding to requests and support
To reply to contact messages, follow up on questions about courses or learning materials, and provide administrative information such as policies or scheduling details. We do not use your support messages to infer personal attributes.
Marketing communications (consent-based)
If you subscribe, we may send optional educational updates about new lessons, webinars, or resource guides. You can unsubscribe anytime using the link in the message or by contacting us. We do not send marketing messages without an appropriate consent basis.
Legal compliance and fraud prevention
To comply with applicable laws, respond to lawful requests, and protect our website and users against harmful or unauthorized activity. This includes retaining certain records for reasonable periods when required for security or legal reasons.
5) Legal bases (GDPR-style transparency)
While our site includes Canadian privacy commitments (including PIPEDA principles such as consent, limiting collection, and safeguarding), we also describe legal bases commonly used under GDPR Article 6 to make our processing logic easy to understand:
Consent (Art. 6(1)(a))
Used for optional newsletter subscriptions and for non-essential cookies such as analytics or marketing cookies, where applicable. You can withdraw consent at any time.
Contract / pre-contract (Art. 6(1)(b))
Used when you request information related to our courses, materials, webinars, or workshops and we need to respond or administer your request.
Legitimate interests (Art. 6(1)(f))
Used for essential security measures, preventing abuse, maintaining site reliability, and understanding broad usage patterns where consent is not required or where the tool is configured to minimize data. We balance these interests against your privacy expectations and provide opt-outs where appropriate.
If you are in Canada, our practical approach is to request meaningful consent where appropriate, explain purposes clearly, limit collection, and safeguard information.
Retention (summary)
How long we keep information
- Form submissions: up to 2 years
- Analytics data: 14 months (where enabled)
- Email list: until unsubscribe + 30 days
- Server logs: 30 days (security and diagnostics)
We may keep certain records longer if required to meet legal obligations, resolve disputes, or enforce agreements, while applying appropriate safeguards.
Unsubscribe and deletion requests
You can unsubscribe from email updates at any time. You can also request access, correction, or deletion of personal information by emailing [email protected].
For faster handling, include “Privacy Request” in the subject line and tell us what information you want changed or removed.
Canada (PIPEDA) note
If you are in Canada, you can ask how we use your personal information and request access or corrections. We will respond within a reasonable time and may ask you to verify your identity before fulfilling a request.
6) How long we keep information (retention)
We keep personal information only as long as needed for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Typical retention periods are:
- Contact form submissions: up to 2 years from last interaction, then deleted or anonymized unless needed for ongoing support or legal reasons.
- Newsletter subscription records: maintained until you unsubscribe, then we remove you from the active list and keep a minimal suppression record for up to 30 days to prevent accidental resubscription errors.
- Analytics data: up to 14 months, then deleted or aggregated depending on provider settings.
- Server logs: typically 30 days for security and diagnostics, then deleted or rotated.
7) Sharing and disclosures
We do not sell your personal information. We may share personal information only when needed to operate the site, provide requested services, or meet legal obligations. Typical recipients include:
Service providers (processors)
Hosting and infrastructure providers, email delivery tools for newsletters, and website analytics providers. These providers process data under instructions and contractual safeguards.
Workshops and payments
If paid courses or workshops are offered, payments may be handled by a payment processor. We aim to minimize what we receive and store, and we rely on the processor to handle payment card details.
Legal and safety disclosures
We may disclose information if required by law, regulation, or legal process, or if we reasonably believe disclosure is necessary to protect the security of the site, our users, or the public.
Affiliate links (educational tools)
Some pages may include affiliate links to educational or productivity tools. If you click an affiliate link, the provider may use cookies or similar technologies according to their policies. You can review our cookie details in the Cookie Policy.
8) International transfers
Our organization is based in Finland and our service providers may store or process information in multiple countries, including countries outside Canada and outside the European Economic Area. When information is processed in another country, it may be subject to that country’s laws and lawful access by authorities.
Where applicable and appropriate, we use contractual safeguards for cross-border transfers, such as Standard Contractual Clauses or similar measures offered by providers. We also aim to reduce risk by limiting collection, using access controls, and selecting reputable service providers.
9) Security and safeguards
We take reasonable technical and organizational measures to protect personal information against loss, theft, unauthorized access, disclosure, copying, use, or modification. Safeguards may include access controls, encryption in transit where supported, and routine updates to systems.
No method of transmission over the internet is fully secure. If you believe your interaction with us is no longer secure, please contact us promptly at [email protected].
10) Your privacy rights
Depending on where you live and the context, you may have rights related to your personal information. We respect reasonable requests and will respond within a reasonable time. Rights may include:
- Access: request a copy or description of personal information we hold about you.
- Correction: ask us to correct inaccurate or incomplete information.
- Deletion: ask us to delete information when it is no longer needed, subject to legal and security limits.
- Restriction / objection: ask us to limit certain processing or object to processing in some circumstances.
- Portability (where applicable): request a portable copy of certain data you provided.
- Withdraw consent: if processing is based on consent, you can withdraw it at any time.
To exercise a right, email [email protected]. We may ask for verification to protect your privacy.
Complaints and supervisory authorities
If you are in Canada and have concerns about how we handle personal information, you can contact us first. You may also contact the Office of the Privacy Commissioner of Canada (OPC) to file a complaint or learn more about PIPEDA and privacy rights.
If you are in the EU/EEA and believe data protection law applies to your situation, you may have the right to lodge a complaint with a supervisory authority in your country. In Finland, this is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto).
11) Cookies (overview)
Types, purposes, and durations
Cookies are small text files stored on your device. We use them for essential functions and, if you choose, for analytics. We do not use cookies to identify you directly by name, but cookie identifiers can be treated as personal information when linked to other data.
Strictly necessary cookies
Used to remember essential preferences such as cookie consent. Duration: up to 12 months, depending on browser settings and local storage retention.
Analytics cookies (optional)
Used to understand general usage, such as pages viewed and approximate location. Duration: commonly up to 14 months, depending on provider settings and your browser.
Marketing cookies (optional)
May be used to measure the effectiveness of educational campaigns (for example, through advertising platform pixels) if implemented. Duration varies by provider and can range from days to months.
For more detail, including how to change cookie settings and a list of cookie categories, see our Cookie Policy.
12) Children’s privacy
This website is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided personal information, contact us and we will take steps to delete it.
13) Updates to this policy
We may update this Privacy Policy to reflect changes to our site, tools, or legal requirements. If changes are significant, we will post a notice on this page and may also use a banner or email notice where appropriate. The date at the top shows the latest revision.
Contact for privacy requests
Email: [email protected]
Mailing address: Amerikanraitti 12, 70820 Kuopio, Finland
We respond to requests as soon as practical. Some requests may require identity verification to protect your privacy.