Privacy Policy

    Last updated: 2026-04-25

    This privacy policy explains how Taxi School Finland (“we”) collects, processes and protects your personal data when you use our website taxischoolfinland.fi and our services. Processing is carried out in accordance with the EU General Data Protection Regulation (GDPR) and the Finnish Data Protection Act.

    1. Data controller

    HuippuSaneeraus Oy
    Y-tunnus: 3524644-9
    Landbontie 37, 00890 Helsinki, Finland
    Email: koulutus@taxischoolfinland.fi

    2. What data we collect

    We process the following personal data:

    • Course registration data: name, email address, phone number, postal address, postal code, selected course and course date.
    • Payment data: payment transaction ID and payment status. We never store card details on our own servers — our payment processor Stripe receives and handles them directly.
    • Communications data: emails and other correspondence you send us.
    • Technical data: data temporarily recorded in server logs such as IP address and browser type, used to maintain the security and proper operation of the site.

    3. Purposes and legal bases

    • Processing course registrations and payments — legal basis: performance of a contract (GDPR Art. 6(1)(b)).
    • Compliance with legal obligations (accounting, taxation, Traficom reporting) — legal obligation (Art. 6(1)(c)).
    • Customer service and communication — legitimate interest (Art. 6(1)(f)).

    4. Retention periods

    • Course registration and payment records are retained for 6 years from the end of the calendar year in which the financial period ended (as required by the Finnish Accounting Act).
    • Email correspondence is kept for as long as necessary to manage the customer relationship, or up to 3 years from the last contact.

    5. Recipients and processors

    We use trusted third parties that process personal data on our behalf:

    • Stripe Payments Europe, Ltd. (Ireland) — payment processing.
    • Resend (United States) — sending confirmation emails. Transfers are protected by EU Standard Contractual Clauses.
    • Supabase / Lovable Cloud (EU) — database and server infrastructure.
    • Netlify — website hosting.

    We may also disclose data to public authorities (e.g. the Finnish Tax Administration, Traficom) where required by law.

    6. Transfers outside the EU/EEA

    Some of our service providers (e.g. Resend) may process data outside the EU. In such cases, transfers are based on EU Standard Contractual Clauses (SCCs) approved by the European Commission, or another appropriate safeguard.

    7. Data security

    Personal data is protected with appropriate technical and organisational measures, including encrypted data transfer (HTTPS/TLS), database access control (Row-Level Security) and password-protected systems. Access to personal data is limited to people who need it to carry out their duties.

    8. Your rights

    Under the GDPR you have the following rights:

    • Right to access your data.
    • Right to request correction of inaccurate data.
    • Right to request erasure (“right to be forgotten”).
    • Right to restrict or object to processing.
    • Right to data portability.
    • Right to withdraw consent at any time.
    • Right to lodge a complaint with a supervisory authority (Office of the Data Protection Ombudsman, tietosuoja.fi).

    To exercise your rights, send a request by email to koulutus@taxischoolfinland.fi. We will respond within one month at the latest.

    9. Cookies

    Our site uses only essential cookies and similar storage required for basic functionality such as language selection and payment flows. These do not require consent. We do not use any tracking or advertising cookies.

    10. Changes to this policy

    We may update this privacy policy from time to time, for example when laws or our services change. We recommend reviewing the policy periodically. Material changes will be announced on our website.

    ← Back to home