Privacy policy

IWG Instituutti Oy provides language training services for organisational clients. In connection with this activity, we process personal data relating to training participants, representatives of client organisations, and individuals who contact us or express interest in working with us.

Depending on the situation, IWG Instituutti Oy acts either:

• as a data processor on behalf of client organisations, or
• as an independent data controller, for example in connection with:
  • website contact enquiries
  • direct communication
  • contractual cooperation
  • recruitment and collaboration enquiries

We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Finnish data protection legislation.

We may update this Privacy Policy when necessary.

We process only personal data that is necessary for our services.

This may include:

• name
• email address
• organisation name
• telephone number (if provided)
• role or position
• learning objectives
• starting level and assessment information
• participation data and training progress
• learning reports

When you contact us or use our website, we may also process:

• information you provide in contact forms or messages
• communication history
• basic technical data (such as IP address, browser type, and access time)

We do not intentionally collect sensitive personal data (such as health information). We ask that you only provide information necessary for your enquiry.

We process personal data only for clear and necessary purposes, including:

• planning, delivering, and managing training services
• communicating with participants and client representatives
• reporting training progress to client organisations
• responding to contact requests and enquiries
• managing customer and contractual relationships
• handling recruitment and collaboration enquiries
• improving our services and website functionality

We do not sell personal data.

We process personal data based on one or more of the following legal grounds under GDPR:

• Contract: processing necessary for providing services or taking steps prior to a contract
• Legitimate interest: for managing customer relationships, communication, and developing our services
• Consent: where required, such as for certain types of marketing or non-essential cookies
• Legal obligation: where processing is required by law

Where processing is based on legitimate interest, we ensure that your rights and interests are not overridden.

We may contact you regarding our services where:

• you have requested information, or
• we have an existing or relevant business relationship

Where required by law, we will request your consent before sending marketing communications.

You may object to receiving such communications at any time.

Personal data submitted through our website or communication channels is stored securely in our customer relationship management (CRM) system and other necessary business systems.

Access to personal data is restricted to authorised personnel who need it for their work.

We protect personal data using appropriate technical and organisational measures, including:

• restricted access based on roles
• personal user accounts and secure passwords
• use of two-factor authentication where applicable
• secure and encrypted communication where appropriate
• confidentiality obligations for all personnel

Personal data is processed only by authorised employees and trusted partners.

We use external service providers (subprocessors) for technical and operational purposes, such as:

• IT systems and maintenance
• customer relationship management (CRM)
• website hosting and analytics
• financial administration

These providers process data only on our instructions and under contractual agreements compliant with GDPR.

Personal data is not transferred outside the EU/EEA without appropriate safeguards. Where transfers occur, they are protected using approved mechanisms such as Standard Contractual Clauses.

Our website uses cookies and similar technologies to ensure functionality and improve user experience.

• Essential cookies are used for basic website operation
• Non-essential cookies (such as analytics or tracking) are used only with your consent

You can manage your preferences through our cookie banner or browser settings.

Website analytics tools may collect information such as:

• pages visited
• time spent on the website
• device and browser type

This helps us understand usage and improve our website.

We retain personal data only as long as necessary for the purposes described in this policy.

Typical retention periods:

• Training-related data: up to 12 months after completion, unless otherwise agreed
• Contact enquiries: for the duration of the communication and a reasonable follow-up period
• Legal or contractual data: as required by law

Data is securely deleted or anonymised after the retention period.

Where IWG Instituutti Oy acts as a data controller, you have the right to:

• access your personal data
• request correction of inaccurate data
• request deletion of data where applicable
• request restriction of processing
• object to processing based on legitimate interest
• request data portability where applicable
• withdraw consent at any time (where processing is based on consent)

If we process your data on behalf of a client organisation, requests should be directed to that organisation.

You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman: tietosuoja.fi

Our services are intended for organisations and professionals. We do not knowingly collect personal data from individuals under the age of 16.

If such data has been collected unintentionally, please contact us and we will delete it.

We may update this Privacy Policy from time to time. The latest version will always be available on our website.

IWG Instituutti Oy
Suokatu 1 A 7a
33230 Tampere
Finland

Email: maria.kunz@iwginstituutti.fi
Phone: +358 40 587 7142