Privacy notice.




Datafisher Oy (also referred to as “us”, “we” or “our” in this document) specializes in online compliance training (e-learning) and provides its LMS learning and communications platform to its customers. 

We are located at Erottajankatu 9, 00130 Helsinki. You can contact us by email ([email protected]) or phone (+358 44 593 2336) or through our website ( 

We operate our website at and provide the products (e.g. compliance training modules) and other services (e.g. LMS platform, Elevate compliance training suite) described there (collectively referred to in this document as our “Products” and/or “Services”). 



This Privacy Notice applies to and the Products and Services owned, operated or provided by Datafisher Oy (“Datafisher”, “We”, “Us”).  

This document informs you of 

  • our policies regarding the collection, use and disclosure of the personal data you provide us when you use our Services, 
  • your rights and choices associated with the data you provide to us, namely how you can access, update, correct or delete your personal information. 

Use of the personal information we collect shall be limited to the purpose(s) of providing you with our Services. 



We collect several different types of data for various purposes, including to provide and improve our Services to you. 

Types of Data Collected 

Personal Data 

When using our Services, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to: 

  • email address, 
  • first name, 
  • last name, 
  • company name (where applicable)
  • Cookies and Usage Data (see descriptions below). 

Usage Data 

We may also collect information that your browser sends us whenever you use a mobile or other device to visit or access our Services (“Usage Data”). 

This Usage Data may include information such as 

  • the type of device you use,
  • unique device identifiers, 
  • your device’s Internet Protocol (IP) address, 
  • your Internet Service Provider (ISP), 
  • your device’s operating system (OS), 
  • the type and version of Internet browser you use, 
  • referring/exit pages and other pages of our Services that you visit, 
  • the time and date of your visit, 
  • the time spent on those pages, 
  • clickstream data, 
  • other diagnostic data. 

Tracking & Cookies Data 

Datafisher uses cookies and similar tracking technologies to track activity on our Services. We retain some of this information to help us analyze trends, obtain demographic information about our user base, administer our Services (e.g. authenticate users), remember user settings (e.g. language preferences) and track users’ movements when using our Services to improve our Services and users’ experiences with them (e.g. keeping you signed in). We may also use reports based on the use of these technologies on an individual and aggregated basis. 

What are Cookies? 

Cookies are files placed on your computer to collect standard Internet log information and visitor behavior information. These files contain a small amount of data and may include a unique identifier. When you visit a website, the website sends cookies to your browser, which are then stored on your device. Tracking technologies used may also include beacons, tags and scripts to automatically collect and track information, which we use to analyze and improve our Services. For further information about cookies, visit 

Managing cookies 

You can set your browser to refuse cookies or to inform you when it is sending a cookie. The website above also informs you how to remove cookies from your browser. However, if you do not accept cookies, you may be unable to use some of our Services or some features of our Services may not function as intended. 

Examples of Cookies we use:

  • Functionality Cookies to recognize you on our website,
  • Session Cookies to operate our Services, 
  • Preference Cookies to remember your preferences and various settings (e.g. language, location), 
  • Advertising cookies to collect information about your visit to our website (e.g. content you viewed, links you followed, information about your browser, device, IP address),  
  • Security Cookies for security purposes.



You directly provide Datafisher with most of the data we collect and process when you 

  • Register online to use our Services, 
  • Contact us about our Products or Services, 
  • Voluntarily complete a customer survey, 
  • Provide us with feedback on our Products or Services, 
  • Use or view our website via your browser (e.g. cookies; see description of cookies above). 

As is true of most websites, we gather certain information automatically and store it in log files. We do not link this automatically collected data to other information we collect about you. 



Datafisher collects this data on the basis of legitimate business interest in enabling you to use our Services.

With your consent, we may

  • contact you about the Products and Services we offer, 
  • send you our newsletter(s). 

You may withdraw your consent to receive communications from Datafisher at any time by

  • clicking on the “unsubscribe” button on the newsletter(s),
  • emailing us at [email protected] with your request to stop receiving communications from us. (Letting us know in your email which communications you wish to stop receiving would be helpful, but is not required.)



We use the data we collect:

  • to respond to requests for demos, proposals, meetings, service requests or other matters related our products and Services,
  • to provide communication, care and support,
  • to administer (update, delete, etc.) your contact information,
  • to send you our newsletter and/or marketing communications (with your consent)
  • to provide and maintain our Services,
  • to notify you about changes in our Services,
  • to allow you to participate in interactive features of our Services,
  • to provide analysis or valuable information to improve our Services,
  • to monitor usage of our Services,
  • to detect, prevent and address technical issues.

We do not use automated decision-making to process your personal data.



Data security 

The security of your data is important to us. We follow commercially accepted standards to protect your personal information, both during transmission and once received. Understand, however, that because no method of transmission over the Internet or of electronic storage is 100% secure, we cannot guarantee its absolute security. 

If you have any questions about the security of your personal information, you can contact us at 

Datafisher stores the data we collect on secure servers located in Finland, the Netherlands and/or Ireland (EU) using commercially acceptable security methods and protocols. 

Data retention 

We will retain your personal data for as long as your relationship with us is active or as needed to provide you with our Products and/or Services, or up to 12 months from your last contact with us or last usage of our Services; after 12 months, your data will be automatically and permanently deleted from our system(s). 

We will also retain and use your information as necessary to comply with legal obligations, resolve disputes or enforce agreements.



Your information, including personal data, may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where data protection laws may differ from those in the jurisdiction where you are located. 

If you are located outside Finland and choose to provide information to us, please note that we transfer the data, including personal data, primarily to Finland, the Netherlands and Ireland (EU), and process it there. 

When we share personal information you provide within Datafisher and/or with our service providers located in the European Union or elsewhere, we make use of 

  • European Commission-approved standard contractual data protection clauses, 
  • binding corporate rules for transfers to data processors, 
  • generally accepted standards or other appropriate legal mechanisms 

to safeguard the transfer of information we collect from and to the European Union and elsewhere. 

Your use of our Services, followed by your submission of such information, represents your agreement to this Privacy Notice and to these data transfers. 

Datafisher will take all steps reasonably necessary to ensure that 

  • your data is processed securely and in accordance with this Privacy Notice and 
  • your personal data is not transferred to an organization or a country without adequate controls in place to reasonably secure your data and other personal information.



Legal Requirements

Datafisher is responsible for the processing of personal data we receive and subsequently transfer to a third party acting as an agent on our behalf. With respect to personal data received or transferred, Datafisher is subject to the regulatory enforcement powers of the EU Commission and Finland’s Data Protection Ombudsman. In certain situations, Datafisher may be required to disclose your personal data in the good-faith belief that such action is necessary: 

  • to comply with a legal obligation, subpoena, and/or lawful requests by public or government authorities (including to meet national security or law enforcement requirements), bankruptcy proceedings or a similar legal process,
  • to protect and defend Datafisher’s rights or property,
  • to protect your safety or the safety of others,
  • to prevent or investigate suspected fraud or wrongdoing in connection with our Services,
  • to protect the personal safety of users of our Services and/or the public,
  • to protect Datafisher and/or its personnel against legal liability. 

If Datafisher is involved in a merger, acquisition or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership, uses of your personal information and choices you may have regarding your personal information.



Service Providers 

Datafisher may employ third parties (companies, individuals) to facilitate our Services, to provide the Services on our behalf, to perform services related to our Services or to assist us in analyzing how our Services are used. We call these third parties Service Providers. 

These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. 


We may use third-party Service Providers to monitor and analyze the use of our Services. These Service Providers include

We strongly advise you to review the privacy policies of the Service Providers listed above for further information. 

Social media features and widgets 

Our Services may include social media features (e.g. “like” buttons) and widgets (e.g. “share” buttons) or interactive mini-programs that run on our Services. These features may collect your usage data (see above) and may set a cookie to enable the feature to function properly. Social media features and widgets are hosted either by a third party or directly on our Services. Your interactions with these features are governed by the privacy statement of the company that provides them. Note that their privacy statements may differ from this Privacy Notice, so we encourage you to read them carefully. 

Links to other sites 

Our Services may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s website. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party websites or services. We strongly advise you to review the privacy policy of every website you visit. 

Privacy of minors (children) 

Our Services are not intended for use by minors (e.g. children, anyone under the age of 18). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and are aware that your minor child has provided us with personal data, please inform us using the contact information under HOW TO CONTACT US? (below). If we become aware that we have collected personal data from a minor child without verifying parental consent, we will take steps to remove that information from our systems and servers.



Datafisher would like to ensure that you are fully aware of your data protection rights. Every person whose data we process has the following rights: 

Right to Access
You have the right to request from Datafisher copies of your personal data. (Please note that we may charge a small fee for this service.) 

Right to Rectification
You have the right to request that Datafisher correct, update, amend or complete any information you believe is inaccurate or incomplete or that has changed. 

Right to Restrict Processing
You have the right to request that Datafisher restrict is processing of your personal data, under certain conditions. 

Right to Object to Processing
You have the right to object to Datafisher’s processing of your personal data, under certain conditions. 

Right to Erasure (Right to be Forgotten)
You have the right to request that Datafisher deactivate, delete, remove or erase your personal data (under certain conditions) or ask to have it removed from a public forum, directory or testimonial on our site. 

Right to Data Portability
You have the right to request that Datafisher transfer the personal data that we have collected to another organization or directly to you, under certain circumstances. 

If you wish to exercise these rights or make a request based on them, please send your request to us at the contact details listed below under HOW TO CONTACT US? (below). Please note that Datafisher has up to 30 days from the date of your request to respond to you.



You have the right to request the deletion of personal data about you (e.g. your name, employee number, job title) that we process through the Datafisher LMS app on behalf of and under the instruction of the data controller (e.g., your employer, host company).

You may exercise your right at any time by emailing a request to delete your personal data to [email protected]. Your request will then be forwarded to the designated data controller for processing in accordance with applicable data protection laws (e.g. GDPR), which may impact the fulfillment of your request (e.g. required retention periods for certain personal data).

Should you have any questions or concerns regarding the exercising of your right or the fulfillment of your request, contact the designated data controller (e.g., your employer, host company).



You can contact us with any questions or concerns related to this Data Privacy Notice at:

Datafisher Oy
Erottajankatu 9
00130 Helsinki, Finland
Email: [email protected]
Phone: +358 44 593 2336



If you feel that Datafisher has failed to address your concern in a satisfactory manner, you may contact the appropriate data protection authority: 

Office of the Data Protection Ombudsman
Ratapihantie 9
00520 Helsinki, Finland
Email: [email protected]
Phone: +358 29 56 66777 (Monday-Friday, 9:00-11:00)



Datafisher may at any time update the content and notices on its web pages. We advise you to check this document from time to time for any changes. 

This Data Privacy Notice was last updated on 20 June 2023.