Privacy policy

1. General information

This Privacy Notice describes how New Nordic School (later “we” or “New Nordic School”) processes personal data; what personal data New Nordic School collects, how the data is used and to whom the data is disclosed, and how the data subject can control the processing. The Privacy Notice also informs about the obligations New Nordic School follows when processing personal data.

This Privacy Notice applies to all services offered by New Nordic School (later “Services”). This Privacy Notice covers all persons whose personal data are processed (later “data subjects”, “you”) in connection with the Services.

New Nordic School is dedicated to protecting the privacy of the data subjects and commits to process their personal data in compliance with the applicable privacy laws and regulations and good data processing practice.

Personal data refers to information, which allows a person to be directly or indirectly identified as an individual person, as defined in the GDPR. Examples of personal data: name, email address, date of birth and Internet Protocol (IP) address of a personal computer.

2. Controller and contact information

New Nordic School Oy
Business ID: 2877483-3
Address: Keilaranta 1, 02150 ESPOO, FINLAND
Email: [email protected]

3. Purpose and legal basis of the processing of personal data

We only process personal data that are relevant for the purpose it has been collected or obtained for, and we process the data in compliance with laws and regulations.


Personal data is processed for our Services, including customer relationship management, communications, quality assurance, service planning and development, analysis, generating statistics and administrative purposes such as consent and rights management. The legal basis of the processing is the performance of a contract or preparation of a contract with New Nordic School and the legitimate interests of New Nordic School. The legitimate interests include administration and development of the Services, and operations which are necessary for carrying out pre-contractual measures such as inquiries concerning our Products or Services.


Personal data is not used by New Nordic School for marketing purposes. You may subscribe to our newsletter. When Personal data is used for sending you our newsletter, such communications will be based on your consent (opt-in) which you can withdraw at any time. However, New Nordic School can send direct marketing regarding similar products and services you have acquired from us and using the electronic contact information provided by you. You have the right to object to this kind of marketing too, and it is possible to do it also in advance (opt-out).

Tracking and automated decision-making including profiling

We track behaviour on our web pages for service development and to offer you better user experience. We also utilise the data for marketing and internal development. See separate Cookie Policy .

Information security

Personal data is processed for preventing, detecting and remediating potentially prohibited or illegal activities. They are also processed for protecting data and property. Personal data can be used for investigating possible security incidents, crimes or damages. Processing related to security and safety is a legal obligation, but some of the security measures are done in the legitimate interests of New Nordic School such as protection of our property.

Legal obligations

We also process personal data when required by applicable law and/or to comply with the laws and regulations (e.g. accounting or other specific legislation). The legal obligation is the basis for the processing.

Purposes that require your consent

Your consent is required for certain types of processing of your personal data such as newsletters and processing of sensitive data. We do not intend to collect sensitive personal data, but data subjects may submit it voluntarily, and then we process it based on consent. For the processing of personal data that you have given your consent you can withdraw your consent at any time regarding further processing of your personal data. See instructions further down (8 Rights of the data subjects and the Supervisory authority). We will comply with such request unless there is another legitimate ground to process the data.

4. Personal data processed and sources of information

We collect and processes only personal data which is relevant and necessary for the purposes outlined in this Privacy Notice and provided by you. We collect the following categories of data:

Categories of data and examples of personal data

Identity and contact information

Name, personal identification code / date of birth, address, phone number, email, occupation and employer as well as in some cases qualification. The aforementioned personal data is essential in order to provide the Services.

Behaviour data

Browsing data and cookie data, see separate Cookie Policy.

When you order/purchase our Services or otherwise enter into a contract with us, or when we have a legal obligation to ask for your data, we need your personal data to fulfil the contract and/or our legal obligations. We will inform you at the time which personal data are mandatory to be provided by you.

We collect the information from the following sources:

  • Information you provide e.g. when contacting us, visiting us, utilising our Services (including web services and social media), participating in our marketing activities and when entering into a contract with us / ordering our Services or uploading User content.

  • Automatically gathered information when you use our Services e.g. when you use our online learning services.

  • Information from service providers such as marketing service providers

  • Information from third parties such as public and private registers

5. Retention of Personal data

The Personal data we collect are retained for the period necessary to fulfil the purposes outlined in this Privacy Notice unless a longer retention period is required by law (e.g. accounting obligations), or we need it to protect our legal rights. Thereafter, the Personal data will be deleted within a reasonable timeframe or rendered anonymous. The retention periods depend on the purpose of the processing and type of the information. Personal data and retention periods are listed in the table below:

Categories of personal data
Retention period or criteria used to determine the period

-Customer data
We will keep the personal data for the duration of the contract and no longer than 24 months after that.

-Marketing data
We will keep the personal data of non-clients for marketing purposes no longer than 24 months after collecting the personal data. If you use your right to opt-out from receiving marketing messages, we will delete your personal data from our marketing database without delay.

-Website users
We will keep the personal data of the users of our website no longer than 6 months after collecting the data.


Cookies/analytics data

See separate Cookie Policy.

6. Recipients of Personal data

Personal data are also shared with external service providers to provide technical solutions or services for processing stored information and for accessing the stored information by using a technical interface and will share Your personal information with such third-party service providers to the extent that it is reasonably necessary to perform, improve or maintain the Services. We use third party service providers, such as e-mail service providers, credit card processors, information analyzers and business intelligence providers. We have the right to share personal information as necessary for the aforementioned service providers to provide their services to us. List of the processors and other recipients can be provided upon request.

Transfers outside EU/EEA

When Personal data are transferred outside EU/EEA, the transfer is secured by legal measures, appropriate safeguards.

Other transfers

In addition, we may share your information in connection with any merger, sale of our assets, or a financing or acquisition of all or a portion of our business and in connection with other similar arrangements. Personal data are also disclosed to third parties if required under any applicable law or regulation or order by competent authorities, and to investigate possible infringing use of the Services as well as to guarantee the safety of the Services.

7. Protection of Personal data

We commit to follow to the security provisions of applicable data protection regulations, as well as to process Personal data in compliance with good processing practices. Personal data are protected with appropriate technical and organizational measures. We store the information with limited access rights and secure IT-environments. The IT-environments are protected with firewalls and other adequate security technics, and advanced monitoring is done 24/7. Our personnel and processors that process Personal data are obliged to keep Personal data strictly confidential. Access to Personal data is only granted to those employees that need the information to perform their work tasks. Employees and processors have personal IDs and passwords. We inform the authorities and users/data subjects of data breaches according to applicable information security and data protection regulation(s).

8. Rights of the data subjects and the Supervisory authority

The data subjects have the rights set out in the applicable data protection legislation.

Right to access and verify

You have the right to have confirmed if we process your personal data. You have the right to verify and access your personal data and to request us to provide you the data in writing or electronically.

Right to correct and erase (right to be forgotten)

You have the right to have corrected any incorrect or incomplete personal data. You have also the right to request us to remove data. We also remove, correct and complete incorrect, unnecessary, incomplete or outdated data on our own initiative when we notice such data.

Right to data portability and to object and restrict processing

You have the right to transmit your data to another controller. You have the right to request us to restrict processing of your personal data in accordance with the conditions set out in the data protection legislation. We will also restrict the processing of your personal data if we cannot correct or remove incorrect data, or if there is any uncertainty related to request to erase your data. You have the right to object to processing of your personal data for certain purposes. You have the right to deny any processing or transferring of data for direct marketing.

Right to withdraw consent

If the processing of your personal data is based on consent, you have the right to withdraw consent at any time. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. You can deny any direct marketing and withdraw your consent regarding electronic direct marketing by following the instructions received in connection to the marketing communication (e.g. in the marketing email or SMS).You can always withdraw any consent including parental consent by contacting New Nordic School using the contact information provided in the beginning of this document.

How to exercise the rights of the data subjects

After receiving all the required information of your request (including confirmation of identity), we will start the processing of your request. We will do our best effort to process your request within a period of one (1) month. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.

Right to lodge a complaint with the supervisory authority

In case you consider our processing activities of your Personal data to be inconsistent with the General Data Protection Regulation (GDPR) (EU) 2016/679, you have the right to complain with a data protection supervisory authority.

9. Changes to this Privacy Notice

We may change this Privacy Notice from time to time, whenever necessary. All changes here to will be made available on our website at This Privacy Notice has been published on 11 Mar 2020.

Change history

Version number 1.0
Change description -
Date 28 May 2018

Version number 2.0
Change description Updated headquarters office address
Date 11 Mar 2020