Privacy Policy

Last updated: 14th April 2026

This Privacy Policy explains how Coach Sari Aalto / Oivalluksenaalto Oy (“we”, “us”, “our”) collects, uses, and protects your personal data when you use our website, services, or interact with our content.

We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Finnish data protection laws.

1. Data Controller

Oivalluksenaalto Oy
(trading as Coach Sari Aalto)
Business ID: 3278447-9
Address: Santaradantie 2 F 179, 01370 Vantaa, Finland
Email: [email protected]
Website: www.coachsariaalto.com

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Your consent (e.g., when you subscribe, download resources, or accept cookies).

Contractual necessity (e.g., when you purchase a product or service).

Legitimate interest (e.g., improving services, communication, and security).

Legal obligations (e.g., accounting and tax requirements).

We do not use your data for automated decision-making that produces legal or similarly significant effects. However, we may use automated tools (e.g., quiz outcome categorization) to provide personalized content recommendations. These are used solely to provide relevant content and do not produce legal or similarly significant effects.

3. Purpose of Data Collection

We collect and process your personal data for the following purposes:

Delivering digital products, services, and memberships.

Managing customer relationships and orders.

Providing customer support and service-related communication.

Sending marketing communications (with your consent).

Improving our services and user experience.

Analysing usage and performance of our website and services.

Ensuring website functionality and security.

Fulfilling contractual and legal obligations, including accounting and tax requirements.

4. Data We Collect

We collect only the data necessary for the purposes described above:

Name and email address.

Contact details you provide voluntarily.

Billing and payment-related information (handled securely by our payment processors; we do not store full payment card details).

IP address, browser, and device data.

Order and subscription history.

Responses to forms, quizzes, or surveys (we store only the outcome category, not individual answers).

Content or materials you choose to submit.

We do not collect special categories of personal data (e.g., health data), and our services are not directed at children.

5. Cookies and Analytics

We use cookies and similar technologies to ensure website functionality, analyse usage and performance, and improve user experience. Cookies may include:

Necessary cookies for website functionality (no consent required).

Analytics cookies to understand how the site is used (require consent).

Marketing cookies for advertising and tracking (require consent).

You can manage your cookie preferences through your browser settings or our cookie consent banner. Non-essential cookies are only placed with your explicit consent.

6. Third-Party Services

We use trusted third-party service providers (e.g., website hosting, payment processing, course platforms, email marketing, and analytics tools) to operate our services. We do not sell your personal data. Data is only shared with trusted service providers necessary to operate our business, or where required by law.

These providers act as data processors under GDPR and are contractually obligated to protect your data.

7. Data Storage and Retention

We retain your personal data only as long as necessary to:

Provide services and customer support.

Fulfill contractual and legal obligations, including accounting and tax requirements (e.g., purchase records are retained for 6 years as required by Finnish accounting law).

Meet other regulatory obligations.

Inactive contacts (e.g., email subscribers who haven’t engaged for 2+ years) are periodically reviewed and deleted.

8. Data Transfers

Your data may be processed outside the EU/EEA (e.g., in the USA) only when necessary for service delivery. We ensure adequate protection through:

EU-US Data Privacy Framework (for certified providers).

Standard Contractual Clauses (SCCs) for other transfers.

These safeguards ensure your data receives protection equivalent to that within the EU/EEA.

9. Your Rights Under GDPR

You have the right to:

Access your personal data.

Correct inaccurate or incomplete data.

Request deletion of your data.

Restrict or object to processing.

Withdraw consent at any time.

Receive your data in a portable format where processing is based on consent or contract.

File a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu), tietosuoja.fi/en.

To exercise your rights, contact us at: [email protected]

10. Data Security

We take industry-standard technical and organisational measures to protect your data, including:

Encryption of data in transit and at rest.

Access controls limiting data to authorised personnel.

Regular security reviews and compliance audits.

In the event of a data breach, we will notify authorities and affected individuals as required by GDPR.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website. We will notify you of significant changes via email or a website notice.

13. Contact

For any questions regarding this Privacy Policy or your personal data, please contact:
Oivalluksenaalto Oy / Coach Sari Aalto
Email: [email protected]
Address: Santaradantie 2 F 179, 01370 Vantaa, Finland

© Copyright 2026. Oivalluksenaalto Oy. All Rights Reserved. | Privacy Policy | Terms & Conditions