This document informs you about privacy issues such as the collection, storage, use, and disclosure of Personal Information received from users of this Site, data subjects (customers and their clients) of Ensuredly, or Quarto Compliance, which is the parent company of Ensuredly (hereinafter also: the Company).
Ensuredly acts as a Data Controller related to its own and direct customers, which are employees from companies, or company representatives signing up for the service.
Ensuredly acts as a Data Processor, when processing employee personal data, such as the employee name, email, and signature logs of completed trainings.
If you have questions or comments, you may always contact via mail, phone, or email at: helsinki@ensuredly.com
Instructions:
1. What is this document going to be about?
2. Specify, or mention, your roles as Data Controller (deciding the purpose and means of the data), Data Processor (acting on behalf of the Data Controller), or a Third party (a recipient of personal data neither in the position of Data controller, or Data processor.)
3. Add your company details
From our website visitors, the Company collects personal data such as:
We collect this data based on your consent, Article 6 (1) (a) of the European General Data Protection Regulation 2016/679, because you have reached out to us for information or questions or like to be contacted by Ensuredly.
Regarding customers, and for the purpose of providing the service, the Company collects data such as:
This data is collected based on the contractual obligation from Ensuredly to provide you the product and services of GDPR documents, consultation and advice, which stems from Article 6 (1) (b) of the European General Data Protection Regulation 2016/679.
Marketing
Ensuredly collects potential customer representative names and emails it received via:
Where Ensuredly receives your information, we reach out to you based on the company's legitimate interest.
Where you respond to our engagement you have provided consent to stay in touch, or remain connected for the purpose of engaging with our services in the future. Ideally, we connect on LinkedIn, so that your information can be removed from our email folders.
Where you do not engage with us within 1 year, or have expressed not to wish to engage with us, we remove your information from our email and servers.
Instructions on data collection:
Marketing
Explain the type of marketing funnels you use, and what data is collected in such way. Do you track people? Do you create behavior profiles? Do you keep marketing prospect lists?
If you collect more, or other data, for example, video surveillance, research from your services, add it here and explain what it is that you do.
Cookies
Ensuredly does not collect personal identifiable cookies. It does review website statistics, which are anonymous cookies, such as number of visits, and the area (such as country or continent) you visited from.
Instructions on cookies:
When tracking people, or creating profiles based on website visits, ask consent. For any cookie that is created or shared, that stores or collect personal information you must ask consent via a banner.
Anonymous cookies do not need consent, but you must inform people about these.
Note: anonymous information is not subject to GDPR rules anymore, however, data can be considered anonymous when there is no link anymore with the data subject, so that the data subject cannot be re-identified anymore.
Sub-processors
We use the following sub-processors:
Domain and Email:
MailerLite, France
Business email and productivity tools:
Google Business Suite and Microsoft, European data centres
Course forms
Jotform EU
Documentation and policies:
Slite, Belgium
We refuse to sell any personal information.
We only use authorised and vetted sub-processors that can establish data centres in the EU, and have contractual tools and documentation in place for us to prove data protection compliance
Sub-processors:
Securing personal data
We use appropriate technical and organisational security measures, such as, but not limited to:
Securing personal data:
You do not need to go into detail as we did here, but you should address if you have secured personal data from unauthorised loss, modification, or access wherever possible.
These measures include, at least (but you can add any measure that work for you to reduce the risk):
Data subject rights
Data subjects have the following data subject rights:
It may be possible that Ensuredly cannot comply to your data subject right request. Where Ensuredly is the Data Processor, it shall refer you to your Data Controller, which is your employer, without undue delay, and assist your Data Controller to the best of its abilities.
Where Ensuredly is prohibited due to reasons based on a legal obligation from a National Authority, or reasons for public interest or public health, it shall inform you whether this is the case, where possible.
Regardless, Ensuredly, shall answer to your request by execution, or failure of execution due to any of the reasons above, within the legal limit of 30 business days.
Please contact helsinki@ensuredly.com to file such a claim.
Data subject rights
Mention all data subject rights, and explain if you cannot comply with them, of example, because you have anonymised the data and the data subject cannot be re-identified anymore, if you will return the request to the data controller (and assist to the best of your ability), or any other reason that applies.
Note that for authorities, this is a very important section!
Add the contact information for data subjects to file a claim, and you must respond within 30 days, which is a legal time frame.
Changes to this policy
This policy was updated in April 2024. Should you wish to report a complaint or you feel Ensuredly has not sufficiently addressed your concerns, you may contact the Data Protection Authorities in Finland, or in your country of residence.
Time and Authorities
Always add the last review date for updates, and to which authorities the persons can file a claim. This is also a legal requirement, thus do not forget this last part.
Privacy policies should be updated at least annually.