Company GDPR & Privacy Statement

GDPR Statement of GloESDE Oy (VAT FI34832446)
Data Protection and Processing of Personal Data
GloESDE Oy processes personal data of students, staff, stakeholders, and customers, as well as
research data that may contain personal information. Personal data includes any information that
can directly or indirectly identify an individual.
Data Protection Legislation
The EU General Data Protection Regulation (GDPR) is directly applicable legislation across the
entire European Union and applies to all processing of personal data.

  • What is personal data? | Data Protection Ombudsman’s Office (https://tietosuoja.fi/en/home)
  • EU General Data Protection Regulation (EU 2016/679) | Regulation – 2016/679 – EN –
    GDPR – EUR-Lex https://eur-lex.europa.eu/
  • National Data Protection Act (1050/2018) – Available in English on the official website.
    Data Protection Policy
    The GloESDE Oy Board has approved the data protection policy on February 23, 2025. The data
    protection policy defines the key principles, responsibilities, and operational procedures that
    GloESDE Oy follows in handling personal data. To ensure compliance, additional guidelines and
    codes of conduct are in place, forming a comprehensive framework together with the data
    protection policy.
    Personal data may only be processed when there is a legal basis. The objective is to ensure that
    GloESDE Oy complies with the obligations imposed by the EU General Data Protection
    Regulation (GDPR), national legislation, and other applicable laws related to personal data
    processing, and that compliance can be demonstrated through documentation.
    GloESDE Oy processes personal data in various tasks, including learning environments, where
    personal data is processed to facilitate work tasks, enable student learning, and maintain access
    rights and information security. Personal data is also used for GloESDE Oy’s marketing
    purposes, but is not disclosed to third parties except in connection with outsourced service
    providers (such as Moodle). This document contains links to the relevant materials where each
    subcontractor’s terms and conditions are detailed.
    General Data Protection Guidelines
    This guideline summarizes the key considerations for personal data processing and security. The
    purpose is to facilitate the application of the EU General Data Protection Regulation (GDPR) in
    data processing.
  • European Commission: Rules for the protection of personal data inside and outside the
    EU.
  • EU Agency for Fundamental Rights: Handbook on European Data Protection Law – 2018
    Edition https://fra.europa.eu/en
  1. Data Controller
    GloESDE Oy, Tykkitienkatu 4 A 12, 33300 Tampere, Finland
    Email: mari.moisio@gloesde.com
  2. Contact Person for Data Protection Matters
    CEO Mari Moisio, +358 (0)50 406 6966
  3. Purposes of Personal Data Processing
    GloESDE Oy processes personal data for the following purposes:
  • Provision and management of training services
  • Customer relationship management and development
  • Marketing communications
  • Website development and analytics
  1. Processed Personal Data
    GloESDE Oy processes the following personal data:
  • Training Platform: Name, email address, address, phone number, date of birth, industry,
    market area, country of operation, company name (if applicable), VAT number (if
    applicable), billing address, general sustainability-related questions.
  • HubSpot CRM: Basic customer information (name, contact details), purchase history,
    marketing-related data.
  • Website Contact Form: Name, email address, message.
  • Newsletter Subscription: Name, email address.
  • Google Analytics: Website usage data (e.g., IP address, browsing history, browser details).
  1. Data Retention Periods
    GloESDE Oy retains personal data only for as long as necessary to fulfill the above-mentioned
    purposes, subject to the following limitations:
    Legal Basis for Processing (GDPR Article 6)
    Purpose of Processing Legal Basis (GDPR Article 6)
    Event Registration Contract or Consent
    Customer Management (CRM) Legitimate Interest
    Training Platform (Moodle) Contract
    Marketing Communications Consent
    Analytics (Google Analytics, Cookies) Consent
    Information Security and Access Control Legal Obligation
    Personal Data Retention Periods

Data Type Retention Period
Event Registration Data Deleted 6 months after the event
Student Data (Moodle) Retained for 3 years after study completion
CRM Customer Data Retained for 2 years after the last customer interaction
Marketing Lists Retained until the user withdraws consent
Analytics Data (Google Analytics) Retained for 26 months

  1. Data Disclosure
    GloESDE Oy does not disclose personal data to third parties, except in the following cases:
  • To fulfill legal obligations
  • At the request of authorities
  • To subcontractors who process data on behalf of GloESDE Oy (Moodle, HubSpot,
    MailerLite, Paytrail)
    GloESDE Oy processes personal data in accordance with the EU General Data Protection
    Regulation (GDPR) and only uses service providers who declare compliance with GDPR. Personal
    data is processed according to the defined purposes of GloESDE Oy. However, GloESDE Oy is not
    responsible for the privacy policies or data storage locations of third parties. The privacy policies of
    service providers are available on their respective websites (see links below).
  1. Data Security
    GloESDE Oy has implemented appropriate technical and organizational measures to protect
    personal data from unauthorized access, disclosure, loss, and destruction.
  2. Data Subject Rights
    Data subjects can exercise their rights by contacting the GloESDE Oy Data Protection Officer:
    Email: mari.moisio@gloesde.com
    Phone: +358 (0)50-406 6966
    How Requests Are Processed
  • Right to Access: Upon request, you will receive a copy of your personal data within 30 days.
  • Right to Rectification: If your data is incorrect, you may request its update.
  • Right to Erasure (”Right to be Forgotten”): We delete your data in accordance with legal
    obligations.
  • Right to Object to Processing: You can withdraw consent for marketing communications or
    cookie usage at any time.
  • Right to Restrict Processing: If the legal basis for processing is disputed, data usage may be
    temporarily suspended.
  • Right to Data Portability: If you wish to transfer your data, you can request it in a commonly
    used format.
  1. Cookies and User Consent

GloESDE Oy’s website uses cookies for website analytics and to improve the user experience. The
following cookies are used:

  • Google Analytics Cookies: How Google Uses Cookies – Privacy & Terms – Google
  • Functional Cookies
  • Yoast SEO Cookies: Yoast and Your Privacy (GDPR) • Yoast
    Users can manage cookie preferences in their browser settings.
    Cookies are used on the website to enhance user experience and analytics. Users have the right to:
  • Accept or decline cookies immediately on the website.
  • Modify or withdraw their consent later via cookie settings.
    You can manage your cookie consent at any time through the website’s cookie settings or
    browser settings.
  1. Changes to the Privacy Statement
    GloESDE Oy may update this privacy statement as necessary.
    Cookie Policy and Consent
    GloESDE Oy’s website uses cookies for website analytics and user experience improvement. By
    using the website, you accept the use of cookies. You can manage cookie settings in your browser.
    Additional Information:
  1. Identify whether you process personal data and follow this guideline. Personal data
    includes any information that can be linked to an individual and used to directly or indirectly
    identify them (e.g., name, personal identification number, phone number, credit card
    number, photo, etc.).
  2. Privacy is a fundamental right. Handle personal data carefully, regardless of whether it is
    processed electronically, verbally, or on paper. Protect information from unauthorized
    access and be particularly cautious when processing confidential personal data (e.g.,
    sensitive data such as health information).
  3. Always process personal data within the original system whenever possible. Avoid
    unnecessary transfers outside the original system (e.g., to Excel spreadsheets). Processing
    personal data within the original system ensures that data processing logs are maintained.
  4. Plan the entire lifecycle of personal data processing (collection, use, modification,
    deletion) before starting data collection and document the process.
  5. Minimize data collection. Only collect and store the necessary personal data (e.g., avoid
    unnecessary processing of personal identification numbers).
  6. Inform individuals whose data is collected before processing begins. The law strictly
    defines what must be communicated to data subjects.
  7. Process personal data only for its intended purpose. Personal data processing must
    always have a predefined legal basis and purpose.
  8. Delete unnecessary or outdated personal data. Do not store personal data beyond its
    intended use. Follow internal data management policies regarding retention periods.
  9. Store personal data securely. Keep physical documents in locked cabinets, use restricted
    access controls for digital files, and encrypt external storage devices. Only authorized
    personnel should have access to personal data.
  10. Keep personal data up to date. Only accurate data is useful.
  11. Transfer personal data securely. Always verify the recipient. If sending confidential or
    sensitive data via email, encrypt the message or attachment (never send passwords via
    email). Ensure that any transfers outside GloESDE Oy comply with data protection
    requirements.
  12. Report any suspected data breaches immediately to mari.moisio@gloesde.com. Acting
    quickly minimizes risks and potential damages.
    Special Instructions
  13. Handling Personal Data in Excel and Other Documents
    If processing confidential or sensitive personal data in Excel, Word, or other document formats
    outside the original system:
  • Use only GloESDE Oy’s workstations or approved cloud services.
  • Do not transfer personal data to personal devices or unauthorized cloud services.
  • If sending confidential data via email, always encrypt the information.
  • Use a VPN when accessing services remotely.
  1. Encrypting Laptop Drives
    All GloESDE Oy’s laptops must be encrypted. Confidential data is stored on workstations, and
    proper security measures must be in place. IT services manage encryption centrally.
  2. Transferring Personal Data Outside the EEA
    Personal data may only be transferred outside the European Economic Area (EEA) if:
  1. Handling Personal Data by Service Providers
    If personal data is transferred to an external service provider (e.g., outsourcing or SaaS services), a
    data processing agreement (DPA) must be signed to ensure GDPR compliance.
  2. You can also read about Gloesde homepage cookie policy from here https://gloesde.com/cookie-policy-eu/

For any questions regarding data protection, please contact:
Email: mari.moisio@gloesde.com
Phone: +358 (0)50 406 6966

Scroll to Top