Legal

Privacy Policy

This policy explains how Tendonbiosau collects, processes, and protects your personal data in accordance with the EU General Data Protection Regulation (GDPR), the Finnish Data Protection Act (Tietosuojalaki 1050/2018), and other applicable Finnish legislation.

Last updated:

Contents

1. Data Controller 2. Data We Collect 3. Purposes and Legal Basis 4. Data Retention 5. Data Sharing 6. Your Rights 7. Legal Framework 8. International Transfers 9. Children 10. Security 11. Changes to This Policy 12. Contact

1. Data Controller

The data controller responsible for processing your personal data is:

  • Name: Tendonbiosau
  • Address: Lapinlahdenpolku 8, 00180 Helsinki, Finland
  • Phone: +358 45 1687796
  • Email: reply@tendonbiosau.click
  • Country: Finland

2. Data We Collect

We may collect the following categories of personal data:

  • Contact data: name and email address submitted via the contact form
  • Communication data: the content of messages you send us
  • Technical data: IP address, browser type, operating system, referring URLs, and pages visited — collected automatically via server logs and analytics tools
  • Cookie data: identifiers and preference settings stored in browser cookies (see our Cookie Policy)

We do not collect sensitive personal data (such as data relating to ethnicity, religion, biometrics, or similar categories).

3. Purposes and Legal Basis

We process personal data only where we have a valid legal basis under Article 6 GDPR and, where applicable, Section 4 of the Finnish Data Protection Act. The main purposes are summarised below.

Responding to enquiries

When you submit the contact form, we process your name, email, and message to respond to your enquiry. The legal basis is our legitimate interest in communicating with people who contact us (Article 6(1)(f) GDPR), and where relevant, the performance of a contract or pre-contractual steps (Article 6(1)(b) GDPR). You are not legally obliged to provide this data, but we cannot respond without the information you choose to submit.

Course purchases and customer support

If you purchase paid course access, we process order-related data (such as name, email, payment reference, and purchase history) to deliver the service, handle refunds, and provide customer support. The legal basis is performance of a contract (Article 6(1)(b) GDPR) and, where applicable, compliance with legal obligations such as accounting and tax rules (Article 6(1)(c) GDPR).

Analytics and platform improvement

We use anonymised or pseudonymised technical data to understand how the platform is used and improve its structure and content. Non-essential analytics and marketing technologies are used only with your consent (Article 6(1)(a) GDPR and the ePrivacy rules as implemented in Finland). Server logs necessary for security and basic operation may be processed on the basis of legitimate interest (Article 6(1)(f) GDPR).

Legal obligations

We may process data to comply with applicable Finnish and EU legal requirements, including consumer protection, electronic commerce, and data protection rules (Article 6(1)(c) GDPR).

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

4. Data Retention

  • Contact form data: retained for up to 24 months from the date of submission, then deleted unless further retention is required by law
  • Server logs: retained for up to 12 months
  • Analytics data: retained in aggregated or pseudonymised form for up to 26 months
  • Cookie consent records: retained for 12 months

5. Data Sharing

We do not sell or rent your personal data to third parties. We may share data with:

  • Hosting and infrastructure providers acting as data processors under written agreements
  • Analytics service providers (only where you have consented to analytics cookies)
  • Competent authorities, if required by law or to protect our legal rights

Any third-party processors are required to maintain appropriate technical and organisational measures to protect your data and may only process it on our documented instructions.

6. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access — request a copy of the data we hold about you
  • Right to rectification — ask us to correct inaccurate data
  • Right to erasure — request deletion of your data in certain circumstances
  • Right to restriction — ask us to limit processing in certain circumstances
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at the details in Section 12. We will respond without undue delay and, in any event, within one month as required by GDPR Article 12, unless an extension is permitted by law. You also have the right to lodge a complaint with the Office of the Data Protection Ombudsman (Tietosuojavaltuutettu) in Finland: tietosuoja.fi.

This Privacy Policy is designed to comply with Regulation (EU) 2016/679 (GDPR) and the Finnish Data Protection Act (1050/2018). Where Finnish national provisions provide additional safeguards or information duties, we apply them to users in Finland and, where relevant, to other EU/EEA users.

8. International Transfers

Your data is primarily processed within the European Economic Area (EEA). If we use service providers located outside the EEA, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses or an adequacy decision by the European Commission, and we limit transfers to what is necessary for the stated purpose.

9. Children

The Platform is intended for adults aged 18 and over. We do not knowingly collect personal data from children under 16 without parental consent as required under Finnish law. If you believe we have received data from a child, please contact us and we will delete it promptly.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include HTTPS encryption for all data in transit, access controls, and regular security reviews. No transmission over the internet is completely secure; we take reasonable precautions but cannot guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the "Last updated" date at the top of this page. Where required by law, we will provide additional notice. Continued use of the Platform after the effective date of an update constitutes acceptance of the revised policy, except where your consent is required for specific processing activities.

12. Contact

For any questions or requests relating to this Privacy Policy or your personal data, please contact us:

  • Email: reply@tendonbiosau.click
  • Phone: +358 45 1687796
  • Address: Lapinlahdenpolku 8, 00180 Helsinki, Finland