Privacy Policy

  1. About this Privacy Policy

This Privacy Policy by Oppimaa Oy / Kids’Skills Academy (“Oppimaa”, “Kids’Skills Academy”, “we”, “us” “service provider”) describes our processing of the Personal Data of the users of our service (“Kids’Skills Academy users” or “you”) in accordance with the EU General Data Protection Regulation (GDPR) and the Finnish Data Protection Act.

Please, note that Kids’Skills Academy is a brand name owned by Oppimaa Oy and Helsinki Brief Therapy Institute Oy.

Please note also that this Privacy Policy only applies to processing of Personal Data carried out by Oppimaa as a data controller.

  1. Controller

Oppimaa Oy

Business ID: 2427713-5
Address: Vahtirinne 20 A 7, 00370 Helsinki, Finland
Tel: +358405629441
E-mail: helena.lehtimaki at oppimaa.fi

Contact Person: Helena Lehtimäki

  1. Definitions

In addition to the certain terms defined throughout the Privacy Policy, the following definitions will be used in the Privacy Policy

Administrator” shall mean a Kids’Skills Academy User assigned with administrator user rights to define the rules of data collection.

Personal data” shall mean any of the following: (1) first and last name; (2) online contact information. (3) Study data and other information regarding study processes.

  1. What Personal Data Do We Process?

We process the following Personal Data of Kids’Skills Academy Users

  • Personal dataincluding (1) first and last name; (2) home or other physical including street and name of city; (3) online contact information
  • Organisation to which the user may be connected to
  • Information regarding services or products ordered
  • Study information like number of courses, grades, assignments, comments, log information and teacher-student discussions
  • Registration info which requires an email address and password created by the student

The service provider has contracts with the following subcontractors. Verkkokurssitehdas Oy (2798139-8) provides us a platform for distribution and sales. http://verkkokurssikone.fi/Verkkokurssitehdas is in charge of processing the data as Oppimaa Oy is the data controller.

Verkkokurssitehdas acquires server services fromWP-Engine (https://wpengine.com) which is an international service provider based in Ireland. All our user data is saved in WP-Engine service automatically.

For payment services Verkkokurssitehdas offers Visma Pay Payform which is a one stop shop for accepting payments online and mobile: one contract – one payout – all payment methods (credit cards, digital wallets, direct debits, invoices, and part-payments). https://www.visma.fi/vismapay Thus money transfer data is not handled by Oppimaa Oy but by Visma Pay (2486559-4).

  1. Cookies and Third Party Links and Content

We use technology on our website to collect information that helps us enhance your experience and our products and services. The cookies that we use allow our service to work and help us to understand what information is most useful to our users.

The Kids’Skills Academy Service may include links to other Websites.  We also use third-party services providers like Vimeo. Please note that also such third-party service providers may collect and receive information based on your interaction. We recommend you to get separately acquainted with the privacy policies of such third-party service providers.

Examples of third party service providers that can optionally be used in Kids’Skills Academy and their respective privacy policies:

Vimeo: https://vimeo.com/privacy

Our Services also use Google Analytics to compile Analytics Data and reports on visitor usage and to help us improve the Services. For an overview of Google Analytics, please visit Google Analytics.

  1. Purposes and Legitimate grounds of Processing

Personal Data is processed by Oppimaa for the following purposes:

To provide our Services
For marketing purposes
For quality improvement
Legitimate grounds for processing

  1. How Do We Secure and Protect Your Data?

    Within the Oppimaa organization we restrict access to Personal Data to only those employees and directors of Oppimaa who absolutely need the access in order to appropriately operate, develop or improve the Service.

When collaborating with third party service providers in hosting the Services and storing your data, we do so only with parties of good reputation having advanced privacy practices.

Please that all service Users are responsible for protecting the confidentiality of their passwords.

Should a security breach occur that is likely to have negative effects to the privacy of our Users, we will inform the relevant individuals and other affected parties, as well as relevant authorities when required by applicable data protection laws, about the breach as soon as possible.

  1. International Data Transfers

We store Personal Data primarily within the European Economic Area.

  1. Personal Data Recipients

We do not share Personal Data with third parties outside of Oppimaa’s organization unless it is necessary for the purposes set out in this Privacy Policy.

  1. Storage Period

Oppimaa does not store Personal Data longer than is legally permitted and necessary for the purposes of providing the Services.

User Data relating to your use of the Services are typically deleted within reasonable time after you no longer use the Services. We will store User’s Personal Data for as long as the User is a registered user of our Services and, thereafter, for no longer than is required by law.

  1. Direct Marketing

Notwithstanding any consent granted beforehand for the purposes of direct marketing, you have the right to prohibit us from using your Personal Data for direct marketing purposes, market research and profiling made for direct marketing purposes by contacting us on the addresses indicated above or by using the functionalities of the Services or the unsubscribe possibility offered in connection with any direct marketing messages.

  1. Your Rights

Right to access

You have the right to access your Personal Data processed by us. Primarily such access should be exercised by using the functions of the service. You may also at any time access the Personal study content regarding you.

Right to withdraw consent

In case the processing is based on a consent granted by Kids’Skills Academy User, the User may withdraw the consent at any time. Withdrawing a consent may lead to fewer possibilities to use our Services. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to rectify

Kids’Skills Academy Users have the right to have incorrect or incomplete Personal Data we have stored about the User corrected or completed. Certain data can be corrected or updated through your individual user account.

Right to erasure

Users may also ask us to erase their Personal Data from our systems.

Right to object

Users may object to the processing of Personal Data if such data are processed for other purposes than purposes necessary for the performance of our Services to the User or for compliance with a legal obligation. In case we do not have legitimate grounds to continue processing such Personal Data, we shall no longer process the Personal Data after your objection.

Right to restriction of processing

Users may request us to restrict processing of Personal Data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data. This may however lead to fewer possibilities to use our Services.

Right to data portability

Users have the right to receive their Personal Data from us in a structured and commonly used format and to independently transmit those data to a third party.

How to use the rights

In case the above-mentioned rights cannot be exercised by using the the Service, you may send us a letter or an e-mail to the addresses set out above, including the following information: the full name, company name, address, e-mail address and a phone number.

  1. Lodging a Complaint

In case you consider our processing of Personal Data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection.