Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

Flexiblestrdynul
Piispansilta 11, 02230 Espoo, Finland
Email: assist@flexiblestrdynul.world
Phone: +358 10 767 2000

For any questions regarding this Privacy Policy or the processing of your personal data, please contact us using the details above.

2. Scope and Applicability

This Privacy Policy applies to all personal data collected through the website flexiblestrdynul.world, including data submitted via our contact form, collected through cookies and similar technologies, and data processed in connection with workshop registrations and program participation.

This policy is designed to comply with the General Data Protection Regulation (EU) 2016/679 (GDPR), the Finnish Data Protection Act (1050/2018), and other applicable international data protection laws.

3. Personal Data We Collect

3.1 Data You Provide Directly

When you use our contact form or register for a workshop, we may collect:

Full name
Email address
Phone number (if provided voluntarily)
Message content and inquiry details
Workshop or program preferences
GDPR consent confirmation and timestamp

3.2 Data Collected Automatically

When you visit our website, we may automatically collect certain technical data, including:

IP address (anonymized where possible)
Browser type and version
Operating system
Referring URL
Pages visited and time spent on each page
Date and time of access
Device type and screen resolution

Automatic data collection occurs only when you have provided consent for analytics cookies, except for strictly necessary technical data required for website operation and security.

3.3 Data We Do Not Collect

We do not collect sensitive personal data such as health records, medical diagnoses, biometric data, or financial account details through our website. Our outdoor fitness workshops are educational in nature and we do not require health status information for general inquiries.

4. Purposes of Data Processing

We process your personal data for the following specific purposes:

Responding to inquiries: To read, process, and respond to messages submitted through our contact form.
Workshop administration: To manage registrations, send session confirmations, and provide pre-session preparation materials.
Service communication: To send relevant information about booked sessions, schedule changes, or weather-related updates.
Website improvement: To analyze aggregated usage patterns and improve website content and functionality (with consent).
Legal compliance: To fulfill obligations under applicable laws, respond to lawful requests from authorities, and enforce our Terms of Use.
Security: To detect, prevent, and address technical issues, fraud, or unauthorized access.

5. Legal Basis for Processing

Under the GDPR, we rely on the following legal bases for processing your personal data:

Consent (Article 6(1)(a)): For analytics cookies, marketing communications, and contact form submission where you explicitly agree to data processing.
Contractual necessity (Article 6(1)(b)): For processing required to fulfill workshop registrations and deliver booked services.
Legitimate interests (Article 6(1)(f)): For website security, fraud prevention, and improving our services, balanced against your rights and freedoms.
Legal obligation (Article 6(1)(c)): For retaining records required by tax, accounting, or other applicable legislation.

6. Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

Contact form inquiries: Up to 12 months from the date of submission, unless an ongoing business relationship develops.
Workshop registration data: Up to 24 months after the last attended session, or longer if required for accounting purposes.
Cookie consent records: Up to 12 months from the date consent was given or updated.
Analytics data: Up to 26 months in aggregated, anonymized form.
Accounting and financial records: Up to 6 years as required by Finnish accounting legislation.

When retention periods expire, personal data is securely deleted or anonymized so it can no longer be associated with an identifiable individual.

We do not sell, rent, or trade your personal data to third parties. We may share data with the following categories of recipients only when necessary:

Service providers: Hosting providers, email delivery services, and analytics platforms that process data on our behalf under strict data processing agreements.
Legal authorities: When required by law, court order, or to protect our legal rights.
Professional advisors: Accountants or legal counsel bound by confidentiality obligations.

All third-party processors are located within the European Economic Area (EEA) or provide adequate safeguards for international data transfers in compliance with GDPR Chapter V.

8. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

HTTPS encryption for all data transmitted between your browser and our servers
Access controls limiting personal data access to authorized personnel only
Regular review of data processing practices and security configurations
Secure storage of digital records with password protection and encryption where applicable
Staff awareness of data protection obligations and confidentiality requirements

While we take reasonable precautions, no method of electronic transmission or storage is completely secure. We encourage you to use strong passwords for any accounts associated with our services and to contact us immediately if you suspect unauthorized access to your data.

9. Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal data:

Right of access (Article 15): Request a copy of the personal data we hold about you.
Right to rectification (Article 16): Request correction of inaccurate or incomplete personal data.
Right to erasure (Article 17): Request deletion of your personal data where there is no compelling reason for continued processing.
Right to restriction (Article 18): Request limitation of processing under certain circumstances.
Right to data portability (Article 20): Receive your data in a structured, machine-readable format where processing is based on consent or contract.
Right to object (Article 21): Object to processing based on legitimate interests or for direct marketing purposes.
Right to withdraw consent: Withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at assist@flexiblestrdynul.world. We will respond within 30 days. You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu) at tietosuoja.fi.

10. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. For detailed information about the types of cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy.

11. Children's Privacy

Our website and services are intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that we have collected data from a minor, we will take steps to delete that information promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The updated version will be posted on this page with a revised date. We encourage you to review this policy periodically. Material changes will be communicated via email to registered participants where appropriate.

13. Contact Information

For privacy-related inquiries, data subject requests, or concerns about our data handling practices: