Privacy Notice (GDPR)

Updated: 11 April 2025

Effective from: 11 April 2025 (Version 1.1)

1) Controller

SJR Consulting Oy / Signafutura.com (Business ID 3100697-4)
Minna Canthin katu 4, 70100 Kuopio, Finland
Email: info@sjrconsulting.fi

No statutory Data Protection Officer (DPO) is appointed. For all privacy matters, please use the contact above.

2) How to contact us about your data

All privacy-related inquiries (access, rectification, erasure, restriction, objection, data portability, consent withdrawal) can be sent to: info@sjrconsulting.fi or by post to the address above.
We may need to verify your identity before acting on a request.

3) Scope of this Notice

This Notice applies to personal data we process in connection with:

• Provision of our products and services (including online courses)

• Our websites and landing pages

• Customer support, sales and marketing (including newsletters)

• Events, surveys and market research
  It covers current and prospective customers and partners (mainly B2B), as well as individual subscribers and website visitors.

4) Purposes and legal bases for processing

Purposes

• Delivering products/services and managing customer relationships

• Account administration, support, quality assurance (including call/chat logs)

• Planning and improving our services and websites (analytics, usability)

• Events, surveys and market/opinion research

• Direct marketing across channels (e.g., newsletters, campaigns) and segmentation for relevance

• Billing, accounting and compliance with legal obligations

• Information security, misuse prevention and fraud monitoring

Legal bases (GDPR Art. 6):

• Consent (6(1)(a)) – e.g., newsletters/marketing emails, non-essential cookies, certain profiling for marketing

• Contract (6(1)(b)) – to provide services you ordered, or to take steps at your request before entering into a contract

• Legal obligation (6(1)(c)) – e.g., accounting laws, responding to authorities

• Legitimate interest (6(1)(f)) – e.g., B2B direct marketing, customer relationship management, service development, information security.
  You have the right to object to processing based on legitimate interests, including direct marketing (see Section 11).

Automated decisions / profiling
We do not make automated decisions producing legal or similarly significant effects. We may perform basic marketing segmentation (e.g., by past interactions or interests) to keep content relevant; you may object at any time (Section 11).

5) Categories of personal data we process

Depending on your relationship with us, we may process:

• Contact details: name, email, phone, organisation, job title/role

• Customer & contract data: orders, licences/courses, usage and login metadata, support tickets, feedback, communication history (campaigns, opens/clicks)

• Marketing preferences: subscriptions, consents/opt-outs, interests and segments

• Event data: registrations, attendance; any dietary/access needs if you choose to provide them

• Billing & payments: billing/shipping addresses, payment transaction metadata from payment providers (we do not store full card details)

• Technical & cookie data: IP address, device and browser type, timestamps, logs, cookie IDs, consent status

Not every item applies to every person.

6) Sources of data

• You, when using our services or websites (forms, checkout, support)

• Your organisation (B2B context)

• Automated collection from our services/websites (logs, analytics, cookies—subject to consent where required)

• Public sources (company websites, business registers, directories)

• Processors acting on our behalf (e.g., payment or email service providers)

7) Recipients and processors

We disclose personal data only as necessary for the purposes stated above and subject to appropriate safeguards:

Typical recipient categories

• Marketing & automation platforms (newsletter, campaigns, CRM/segments)

• Website & analytics providers (site operation, metrics)

• Payment service providers and accounting (billing, compliance)

• Event and survey tools

• IT operations & security (hosting, backups, monitoring)

All processors act under written data processing agreements (GDPR Art. 28).

Key services we currently use (illustrative list)

• Systeme.io – marketing automation, newsletters, course delivery

• Google Analytics / Google Ads & YouTube – web analytics and advertising (cookie-based; consent where required)

• Meta (Facebook/Instagram), LinkedIn, X (Twitter) – advertising/retargeting (cookie-based; consent where required)

• Stripe and/or PayPal – payment processing (we do not store full payment card details)

• Managed hosting/IT – website and platform hosting, security and backups

Further details are available on request.

8) International transfers

Some providers may process data outside the EU/EEA. Where this occurs, we ensure appropriate safeguards, such as:

• Adequacy decisions by the European Commission, or

• Standard Contractual Clauses (SCCs) with supplementary measures where necessary.

You can request details of applicable transfer mechanisms via info@sjrconsulting.fi.

9) Retention periods

We retain personal data only as long as necessary for the purposes described or to meet legal obligations. Typical periods:

• Customer account & contract data: for the duration of the customer relationship + up to 24 months of inactivity (unless you request earlier deletion and no legal need prevents it)

• Marketing records with consent: until consent is withdrawn; with legitimate interest: until you object, with periodic list hygiene

• Accounting and billing records: per Finnish accounting law (typically 6–10 years, depending on document type)

• Support tickets & operational logs: up to 24 months, unless a longer period is required for legal claims or security

Detailed schedules are available on request.

10) Security

We implement appropriate technical and organisational measures, including access controls (role-based), encryption in transit, firewalls, logging/monitoring, backups, and staff guidance. Access is limited to personnel with a work-related need.

11) Your rights

Under the GDPR you have the right to:

• Access your personal data and obtain a copy

• Rectify inaccurate or incomplete data

• Erase data (“right to be forgotten”) in certain situations

• Restrict processing in certain situations

• Object to processing based on legitimate interests, including direct marketing and related profiling

• Data portability for data you provided to us where processing is based on consent or contract and carried out by automated means

• Withdraw consent at any time (e.g., unsubscribe link in each newsletter)

Submit requests via info@sjrconsulting.fi. We respond without undue delay and in principle within one month. We may ask for additional information to verify your identity.

Right to complain to the supervisory authority
You may lodge a complaint with the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto), Ratapihantie 9, 00520 Helsinki, Finland (tietosuoja.fi). We kindly ask you to contact us first so we can try to resolve the matter.

12) Cookies and consent management

We use both session and persistent cookies:

• Necessary cookies (site operation, security)

• Analytics cookies (service improvement)

• Marketing cookies (ads, retargeting)

Non-essential cookies are set only with your consent (see the Cookie Policy below). You can change your choices at any time via the cookie banner or “Cookie settings” link. You are not identified solely by cookies, but combined with other information you may become identifiable.

13) Children’s data

Our services and content are intended for professionals and businesses. We do not knowingly collect personal data of children under 16. If you believe a child has provided data, contact us and we will take appropriate steps.

14) Changes to this Notice

We may update this Notice as our services or applicable laws evolve. We will indicate the update date and version number and, for material changes, provide a prominent notice on our website or by email.

Cookie Policy

Updated: 11 April 2025

1) What are cookies?

Cookies are small text files placed on your device by a website. Similar technologies include local storage, pixels and tags. We use these to make our site work, to analyse usage and to personalise marketing (with your consent where required).

2) How we classify cookies

• Strictly necessary – required for core site functions (security, navigation, load balancing, consent logging). These cannot be switched off in our systems.

• Analytics – help us understand how the site is used so we can improve it (e.g., pages visited, time on page). Set only with your consent.

• Marketing – enable advertising and retargeting on third-party platforms. Set only with your consent.

3) Your choices (Consent Management Platform, “CMP”)

On your first visit we display a cookie banner. You may choose:

• Accept all, Reject non-essential, or Customise by category.
  You can change your selection at any time via the “Cookie settings” link in the site footer or banner.

Note: Blocking analytics/marketing cookies may impact personalisation and measurement. Necessary cookies will still function.

4) Cookies and third-party services we use (examples)

• Google Analytics – analytics and site improvement

• Google Ads / YouTube – advertising and embedded videos

• Meta (Facebook/Instagram) – advertising and retargeting

• LinkedIn – B2B advertising and lead forms

• X (Twitter) – advertising and engagement

• Systeme.io – landing pages, marketing automation and course delivery (may set cookies for session management and tracking)

Some third parties may process data outside the EU/EEA. Where they do, we rely on adequacy or SCCs with supplementary measures as appropriate (see Privacy Notice, Section 8).

5) Cookie lifetimes

Cookies have different lifetimes. Session cookies expire when you close your browser. Persistent cookies remain for a defined period unless you delete them. Exact durations are controlled by each provider and may change; your CMP panel lists active cookies and current lifetimes.

6) How to control cookies in your browser

You can delete cookies or block them in your browser settings. For details, see your browser’s help pages. If you block all cookies, some site features may not work properly.

7) Changes to this Cookie Policy

We may update this policy when our cookie use changes. Check the updated date at the top of this page.

Contact: For questions about cookies and consent, email info@sjrconsulting.fi.