Privacy Policy

1. Data Controller

Tellero Hatuntie 16 B 82900 ILOMANTSI info@operaili.fi Business ID: 2003363-5

2. Registry Contact Person

Raili Kokko, entrepreneur, info@operaili.fi

3. Name of the Registry

Tellero Customer and Email Registry

4. Purpose of the Registry

The purpose of the registry is to manage Tellero’s customer and stakeholder relationships, as well as the marketing and sales of training and service products.

The EU General Data Protection Regulation 2016/679 (“GDPR”) became applicable on 25 May 2018.

The GDPR requires written agreements on the processing of personal data in situations where Tellero (“the Service Provider”) acts as the data controller or processor of customer data. This privacy policy describes how the Service Provider collects, uses, stores, and protects personal data.

This privacy policy covers the following sections:

  1. Definitions
  2. Roles of the Service Provider and subcontractors, and collection of personal data
  3. Purposes for which personal data may be used and the legal bases
  4. How the Service Provider protects personal data
  5. Customer rights related to privacy protection
  6. How long personal data is retained
  7. Transfer of data outside the EU or EEA
  8. Website tracking
  9. Contact forms on websites
  10. Cookies
  11. Use of the email system
  12. Personal data in social media channels
  13. Contact information
  14. Automated decision-making
  15. Changes to the privacy policy

1. Definitions

“Data Controller” refers to the Service Provider, who determines the purposes and means of processing personal data.

“Legislation” refers to any national data protection laws, the European Union General Data Protection Regulation (2016/679, “GDPR”) from its date of application (25 May 2018), and any future applicable data protection legislation in force at the time.

“Standard Contractual Clauses” refers to the standard contractual terms approved by the European Commission for the transfer of personal data from EU data controllers to processors in third countries (Decision 2002/16/EC).

“Personal Data” refers to any information relating to an identified or identifiable natural person; an identifiable person is one who can be directly or indirectly identified, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

“Processing” refers to any operation or set of operations performed on personal data.

“Subcontractor” refers to a processor who, on behalf of the Service Provider, carries out processing in accordance with this privacy policy on the Service Provider’s behalf.

2. Roles of the Service Provider and Subcontractors, and Collection of Personal Data

The Service Provider offers customers digital online products such as online courses, e-books, and other training-related online services. The Service Provider acts as the data controller.

The personal data collected falls into two categories:

  1. Private individuals who use the Service Provider’s services, and
  2. Corporate and organisational customers who purchase the company’s services.

The Service Provider uses the following subcontractors for the processing of personal data.

Verkkokurssitehdas Oy provides the Service Provider with the Koulutuskone platform as a cloud service for the sale and distribution of online courses. With regard to the personal data registries generated, the Service Provider acts as the data controller in accordance with the General Data Protection Regulation (EU 2016/679) and other applicable data protection legislation in force at the time. Verkkokurssitehdas acts as a data processor on behalf of the Service Provider.

WP-Engine (https://wpengine.com) is an international server services provider and serves as the server services provider for Verkkokurssitehdas Oy. The servers are located in Finland. All personal data is stored in WP-Engine’s service. Personal data is automatically transferred to WP-Engine’s service when it is entered into the system.

Koulutuskone has two separate user levels, both of which may have different types of user data collected.

Group Leader The following data may be collected about a group leader: name, email address, postal and billing addresses. The group leader may additionally save the following information about themselves: website address, Google+ account name, information about themselves (a free-text field), and a profile picture or a linked Gravatar account. The system also stores log data, conversations between the group leader or other administrators and students, and data from student discussion forums.

Student The following data may be collected about a student: name, email address, postal and billing addresses, online course student data such as course counts, grades, assignment information, and other information entered by students themselves, as well as teacher evaluations. The system also stores log data, conversations between teachers and students, and data from student discussion forums.

Both group leaders and students log in to the system using an email address and password. For some courses or training materials, address information is also required. Without these, it is not possible to log in to or use the system. Other information stored in the system relates to course study.

The company publishes its content on the Verkkokurssikone platform, with Visma Pay (Visma Payments Oy, business ID 2486559-4) acting as the payment processor for the online store. It is registered in the payment institution register maintained by the Financial Supervisory Authority. Payments are made through Visma Pay’s online service. Visma Pay transmits payments to the online merchant.

During a payment transaction, the customer has the option to apply a discount code.

Payment is secure, as all information relating to the payment transaction is transmitted using an encrypted connection so that no third party can view the payment transaction details. The contract is formed between the online store’s customer and the online store. The online store is responsible for all obligations related to the transaction: https://www.vismapay.fi

Purchases by companies and organisations are handled by invoicing. In this case, the Service Provider requests the customer’s billing details. The customer’s online banking or credit card details are not stored in the company’s systems but remain with the payment processing company.

For customer marketing purposes, the Service Provider separately requests marketing consent when collecting personal data. The management of marketing opt-outs is handled automatically, and customers can easily unsubscribe from our marketing list. The Service Provider does not use mass mailing functions in electronic marketing; instead, each message is sent individually and separately to each recipient, so that no recipient’s email address is visible to anyone other than the recipient themselves.

3. Purposes for Which Personal Data May Be Used and the Legal Bases

The Service Provider collects personal data in order to fulfil its statutory and contractual obligations. Personal data is required for invoicing purposes.

In addition, customer data may be used for communications and marketing related to training offerings. The Service Provider is responsible for the implementation of communications and marketing, as well as for managing marketing opt-outs. If personal data is to be used for marketing purposes, marketing consent is requested separately at the time of data collection.

4. How the Service Provider Protects Personal Data

We respect the confidentiality of personal data. The registry is stored in a database protected by passwords and other technical measures, accessible only to persons authorised by the Service Provider.

Both students and teachers register in the system using their email address as a username and by choosing their own password. Administrators can see the email addresses of registered individuals but not their passwords.

5. Rights Related to Privacy Protection

Teachers and students, as registered users, have rights in relation to the personal data held by the Service Provider. These rights include:

a) The right to request access to their personal data held by us.

b) The right to request correction of inaccurate or incomplete data.

c) In certain circumstances, the right to request restriction of or to object to the processing of personal data.

d) The right to request the deletion of data from the registries.

e) The right to prohibit the collection of personal data for direct marketing purposes, as well as direct marketing itself.

f) The right to receive personal data held in our registries in electronic format.

Notwithstanding the rights mentioned above, data provided by the customer may still be processed for the fulfilment of statutory obligations.

6. How Long Personal Data Is Retained

We delete outdated and unnecessary data in an appropriate manner. We retain personal data only for as long as is necessary to fulfil the purposes of personal data processing defined in this privacy policy.

7. Transfer of Data Outside the EU or EEA

The Service Provider may use subcontractors for the processing of personal data who may have access to personal data outside the EU/EEA area. We ensure that transfers are carried out appropriately and lawfully in accordance with applicable data protection legislation.

8. Website Tracking

The Service Provider’s website is open to all and browsing it does not require registration. Statistical data on the use of the online service is collected to support the development of the website. Website tracking is carried out using the Google Analytics service and the statistical data it provides.

No personal data is collected from the use of the online service that would allow an individual visitor to be identified. Statistically collected data cannot be combined to identify individuals.

9. Use of Cookies

Cookies are used on the website. In addition to statistical purposes, cookies are used to ensure that the service is safe, efficient, and user-friendly.

10. Contact Forms on Websites

Contact forms may be available on the website, through which visitors can submit enquiries or requests for quotations. The form may request the following information:

  • Name
  • Email
  • Phone
  • Company name
  • Free text

Information submitted via the contact form is automatically forwarded to the Service Provider’s email.

11. Use of the Email System

Enquiries sent to the Service Provider’s email addresses, as well as other emails requiring action from the Service Provider, are received in the Service Provider’s own mailbox. Emails are accessible to the Service Provider’s staff but require login to a computer or email application using a username and password.

Email messages and identification data stored in the email system are subject to the provisions of the Act on Data Protection in Electronic Communications regarding the confidentiality of communications. Anyone who has received or otherwise obtained knowledge of a confidential message or identification data not intended for them may not, without the consent of a party to the communication, disclose or make use of the content of the message, the identification data, or the knowledge of the existence of the message, unless otherwise provided by law.

Personal emails are subject to the provisions on confidentiality of communications, which means that an employer or employer’s representative and other third parties may not view or open messages without the consent of the person concerned. The Act on the Protection of Privacy in Working Life (759/2004) specifically provides for the exceptional circumstances and means under which a message received in a personal email account may be opened without the consent of the person concerned.

12. Personal Data in Social Media Channels

The Service Provider uses social media channels for communications and marketing. Personal data in social media channels is not linked, either manually or automatically, to the Service Provider’s personal data registries or subcontractor services without separately requested consent.

Facebook pixels are used in Facebook marketing. Pixels and web analytics are used to monitor and improve the effectiveness of marketing. Pixels do not collect personal data by which an individual could be identified.

13. Contact Information

Enquiries relating to this privacy policy can be sent by email to info@operaili.fi or by post to: Tellero, Hatuntie 16 B, 82900 ILOMANTSI.

You also always have the right to lodge a complaint with the relevant supervisory authority, or with the supervisory authority of the EU member state in which your place of residence or work is located, if you consider that we have not processed your personal data in accordance with applicable data protection legislation. More information is available at: https://tietosuoja.fi

14. Automated Decision-Making

Customers are not subject to automated decision-making (profiling) based on the personal data they provide.

15. Changes to the Privacy Policy

We continuously strive to develop our services and therefore reserve the right to amend this privacy policy by announcing changes on this page.

Updated 24 April 2026