Privacy Policy


Updated: 25.1.2024

This Privacy Policy explains how Code of Conduct Company Oy collects, processes and discloses your personal data when offering you services (“Service”) and/or when you visit our website. The services here mean both our online training services, which are located at codeofconduct.vuolearning.fi, and other training and consulting services we offer, which are collected and processed on our website codeofconduct.fi.

1 The Controller

Company name: Code of Conduct Company Oy

Company ID: 2369201-1

Address: c/o Niina Ratsula, Tiilimäki 24 A 1, 00330 Helsinki, Finland

Tel: +358 50 486 9821

Email: info@codeofconduct.fi

Contact person: Niina Ratsula

E-mail: niina@codeofconduct.fi

2 Processing information

We may collect and process any personal information which you provide to us, including:

  • Information that you provide to us via our website codeofconduct.fi. For example, the information you provide to us if you subscribe to our newsletter, request a business proposal, request information or attend our events.
  • Information that you provide to us when purchasing goods or services via our website.
  • If you contact us, we may keep a record of that correspondence until the issue is concluded.
  • Information obtained from other sources, to the extent permitted by applicable laws, e.g. LinkedIn.

We collect and process, for example, the following groups of personal data:

  • Basic information, such as name, job title and your position in the company you represent and contact information (email, address and phone number) and language;
  • Information related to the customer relationship, such as information about the Service and the order, payment information, invoicing information, marketing permits and prohibitions, results of customer satisfaction surveys;
  • Customer contacts and related correspondence as well as entries regarding the rights of data subjects;
  • Personal data generated in connection with the use of the Service or data collected in connection with the use of our website, e.g. usernames, passwords, information related to identification, log data regarding the use of the Service, chat discussions and task answers of online trainings, or data collected from the website using similar technologies (device ID and type, operating system and application settings, your online behavior);
  • Data collected from direct marketing such as click and open rates of newsletters, and
  • Other information defined on a case-by-case basis based on your consent.

Code of Conduct Company may combine personal data collected from different sources for the purposes mentioned in this statement.

3 How do we use your information

We only collect and process personal data that is necessary to conduct our business, manage customer relationships and for appropriate commercial purposes. We may use the information you have provided to us in the following ways:

3.1. Service provision and customer relationship management

We process personal data primarily to offer and deliver services to you or the company you represent and to manage and maintain the customer relationship between you or the company you represent and Code of Conduct Company. This includes, among other things, customer communication such as sending newsletters and event invitations, other customer service, managing invoicing, as well as managing direct marketing bans and other possible customer-specific restrictions. In this case, the processing of personal data is based on an agreement between you or the company you represent and Code of Conduct Company.

3.2. Marketing and sales

We may contact you to inform you about new features and contents of the Service or to market and sell you the Service or our other services. We can also process your personal data for marketing research, customer surveys and opinion surveys, as well as invite you to our events and inform about campaigns. The processing of personal data is based on our legitimate interest in providing information as part of the Service and marketing our other services to you.

We store, group, analyse and otherwise process your personal data so that we can better understand your interests and offer you services that interest you. For example, we collect statistics about your website behavior and process your purchase history data to offer you targeted marketing material. We also use site statistics for customer segmentation for our sales processes. You have the right at any time to object to the processing of your personal data for direct marketing and telemarketing as well as profiling (see Section 8 of this Privacy Policy).

3.3. Compliance with laws and legal protection

We can process your personal data in order to fulfil our statutory obligations, or to implement the information requests of the authorities (e.g. the tax authority) based on the law. Based on a legitimate interest, we can also process your personal data to respond to possible lawsuits and claims.

3.4. Other purposes to which you have consented

We also process your personal data for other purposes, if you have given your consent to such processing.

4 Data transfer

Any information will not be disclosed outside of Code of Conduct Company Oy. Due to the technical implementation of the data processing, some of the data may be physically located on the servers or equipment of external subcontractors, from which they are processed using a technical access connection. With the customer’s separate approval (subscribing to the newsletter), part of the personal data in the register is processed by our service provider (Koodiviidakko Oy).

We can also hand over personal data to third parties to the extent permitted or required by law, e.g. to fulfil a request for information made by a competent authority.

If your user license for the Code of Conduct Academy Service has been ordered by your employer, we will, for example, hand over your performance data to your employer’s designated contact persons.

5 Storing personal data

Personal data is stored only as long as it is necessary to fulfil the purposes of use defined in this Privacy Policy.

Principally, personal data is stored for the duration of the customer relationship. Personal data can be stored to the extent necessary even after the end of the customer relationship to the extent permitted or required by the applicable law, or as long as the purposes of use according to this Privacy Policy, and the rights and obligations of the parties require it. For example, after the end of the customer relationship, we typically retain personal data that is necessary to respond to claims or lawsuits in accordance with applicable statutes of limitations. We can also, for example, store personal data to the extent necessary to comply with your direct marketing ban and to develop our service.

In addition, we can process your personal data for sales and marketing purposes even before the beginning of the customer relationship or after the end of the customer relationship, unless you have specifically forbidden this. In this case, we will delete your personal data if, for example, your contact information no longer works and if there is no other obstacle to data deletion. In addition, we may delete your information at your request, if possible.

Personal data is deleted when its storage is no longer necessary to fulfil the law or the rights or obligations of either party.

6 Your rights

You have the right to check your personal data. You can also request to correct, update or delete your personal data at any time. Please note, however, that personal data that is necessary for the implementation of the purposes defined in this Privacy Policy or that is required to be kept by law cannot be deleted.

You have the right to object to or limit the processing of your personal data, such as profiling, to the extent required by applicable law. If you object to direct marketing, the processing of your personal data will be processed so that it can no longer be actively used for direct marketing. However, data may be stored to the extent necessary to comply with the ban.

In certain cases, you have the right to transfer the personal data you have provided to us from one system to another, i.e. the right to receive your personal data in a structured, commonly used, machine-readable format and to transfer your personal data to another data controller, in accordance with the applicable law.

When we process your personal data based on consent, you have the right to withdraw your consent at any time. After that, we will not process personal data, unless there is another legal basis for the processing.

You can exercise your rights by sending us a request to info@codeofconduct.fi. If you feel that the processing of your personal data is not appropriate, you have the right to complain to the Data Protection Ombudsman. You can find the contact information here: http://www.tietosuoja.fi/fi/index.html.

7 Security

We take appropriate measures (including physical, digital and administrative measures) to protect personal information from loss, destruction, misuse and unauthorized access or disclosure. For example, only persons who need it to perform their work tasks have access to personal data.

Please note that even appropriate measures cannot prevent all possible data security breaches. In the event of a security breach of personal data, we will notify you in accordance with the applicable laws.

8 Updating the Policy

We have the right to change this Privacy Policy. We will notify you of the changes on our website.

9 Contact

You can ask about this Privacy Policy or the processing of your personal data by contacting us at info@codeofconduct.fi.