CTA Coaching Privacy Policy
Last Updated: [20.12.2024]
1. Introduction
CTA Coaching (“we,” “us,” or “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our coaching and e-learning services (“Services”), visit our website, engage with us on social media, or otherwise interact with us (e.g., by participating in surveys).
By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with its terms, please refrain from using our Services.
2. Who We Are
CTA Coaching is a company based in Finland. We provide coaching, educational resources, and related online learning experiences to clients worldwide. As the data controller under the General Data Protection Regulation (GDPR), we determine how and why your personal data is processed. We apply GDPR standards to our data processing activities, regardless of where you are located.
3. Personal Data We Collect
We may collect and process the following categories of personal data:
- Identification and Contact Details: Name, email address, phone number, postal address, and social media handles.
- Professional Background: Information about your occupation, industry, professional history, or other details relevant to providing our Services.
- Billing and Payment Information: Payment card details, billing addresses, and transaction records. Payment information is typically processed by secure third-party providers (e.g., Stripe).
- Service Interaction Data: Records of communications (e.g., via email, phone, surveys, or social media), feedback, inquiries, and any other information you provide through web forms, surveys, or other online tools.
- Technical Usage Data: IP addresses, browser types, and usage details related to your interactions with our website and online portals.
4. How We Collect Your Personal Data
We collect personal data when you:
- Register or sign up for our Services via our website or third-party platforms.
- Contact us via email, phone, social media, or other channels.
- Participate in coaching sessions, e-learning modules, surveys, questionnaires, or related events.
- Use third-party platforms integrated with our Services (e.g., scheduling or payment systems).
We may supplement the data we collect from you with data from third parties (e.g. your employer)
5. Purposes and Legal Bases for Processing
We process your personal data for the following purposes and under the corresponding legal bases:
- Providing Our Services: To deliver coaching sessions, manage customer accounts, process payments, and provide e-learning resources (Performance of a Contract).
- Customer Support and Service Improvement: To respond to inquiries, provide support, and enhance the quality and functionality of our Services. For example, we may analyze feedback to improve user experience, streamline navigation, or reduce technical errors. We may also process data to ensure platform security, detect fraud, or prevent misuse (Legitimate Interests).
- Marketing and Communications: To send newsletters, offers, and updates about our Services, provided you have given consent or where our legitimate interest in keeping you informed is not overridden by your rights (Consent or Legitimate Interests).
- Legal and Regulatory Compliance: To comply with legal, regulatory, accounting, and tax obligations (Legal Obligations).
6. Data Sharing and Disclosure
We share your personal data only as necessary. This includes:
- Service Providers, Subcontractors, and Cooperation Partners: We engage trusted third parties to help deliver, maintain, and improve our Services. For example:
- Website Hosting/Content Management: (e.g., WordPress)
- Payment Processing: (e.g., Stripe)
- Scheduling Tools: Platforms used to manage appointments or sessions
These third parties act as data processors and are contractually obligated (via Data Processing Agreements) to comply with GDPR-level standards of data protection and only process data on our instructions.
- Professional Advisors: Accountants, auditors, lawyers, and other professionals, where necessary for compliance with legal obligations or to pursue our legitimate interests.
- Authorities and Regulators: When required by law, court order, or other legal processes.
We apply GDPR standards globally to our data handling, ensuring that any party receiving personal data has appropriate safeguards in place.
7. International Data Transfers
Your personal data may be transferred outside the European Economic Area (EEA). In such cases, we rely on safeguards, including:
- Adequacy Decisions: Transfers to countries recognized by the European Commission as providing adequate data protection.
- Standard Contractual Clauses (SCCs): EU-approved contractual clauses ensuring GDPR-level protection for data transferred to countries without an adequacy decision.
- Supplementary Measures: Additional technical, organizational, or contractual measures (e.g., encryption, strict access limitations) to protect your data.
8. Data Retention
We retain your personal data as long as necessary to fulfill the purposes for which it was collected, and to comply with legal or regulatory requirements. Generally, we will retain data for up to five (5) years following the conclusion of our services, unless a longer retention period is required by law. After this period, we will securely delete or anonymize your personal data.
9. Security Measures
We implement a range of technical and organizational measures to safeguard your personal data. These may include:
- Encryption of data in transit and/or at rest
- Secure servers and firewalls
- Access controls and role-based permissions
- Regular security audits and testing
- Staff training on data protection and confidentiality
- Incident response plans
We select and apply measures proportionate to the risks involved in processing your personal data.
10. Your Rights Under GDPR
As a data subject, you have rights regarding your personal data:
- Right of Access: Obtain confirmation that we are processing your personal data and access a copy of it.
- Right to Rectification: Request correction of inaccurate or incomplete personal data.
- Right to Erasure (‘Right to be Forgotten’): Request deletion of your personal data when it’s no longer needed or if processing is unlawful.
- Right to Restrict Processing: Under certain circumstances, request limitations on processing your personal data.
- Right to Data Portability: Receive your personal data in a structured, commonly used format and request its transfer to another controller.
- Right to Object: Object to processing based on legitimate interests or direct marketing.
- Right to Withdraw Consent: If processing is based on consent, you can withdraw it at any time, without affecting prior lawful processing.
To exercise these rights, please contact us using the details in Section 11.
11. Contact Information
If you have any questions, concerns, or requests related to your personal data or this Privacy Policy, please contact us at:
Company Name: CTA Coaching
Address: Annankatu 8 B 49, FI-00120 Helsinki, Finland
Email: sfctacoach@gmail.com
If you believe we have not resolved your concerns, you have the right to lodge a complaint with your local data protection authority or the Finnish Data Protection Ombudsman.
12. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our data processing practices, legal requirements, or business operations. When we make material changes—especially those that would significantly affect how we process your personal data—we will provide a prominent notice (e.g., on our website) and, if required by law, seek your consent again before applying those changes to your information.
For less significant updates, the revised Privacy Policy will be posted on our website with an updated “Last Updated” date. Please review this Privacy Policy periodically to stay informed.
By using our Services, you agree to the collection, use, and sharing of your personal data as described in this Privacy Policy.