Privacy policy

Privacy policy and data protection updated 19.9.2022
Data Protection Act 1050/2018,
Section 10 Act on the Protection of Privacy in Electronic Communications (917/2014)


Visoko: Customer & Marketing Register


Visoko Ltd
Business ID: 3173621-3
Address: Tahmelankatu 4 A 5, 33240 Tampere
Phone: +358 45 668 7380



The data subjects are the controller's customers, the contact persons of the customers, representatives of stakeholders.


Person responsible for register matters

Vuokko Isokorpi, owner


Name and basis of maintenance of the register

Customer register in accordance with Section 19 of the Personal Data Act
Weekly letter (e-mail list)


Registry-related sites


Who, what and to whom?

Visoko Oy (the company) often refers to the "user" in this privacy policy. For the user, the company refers to people visiting the sites, customers, participants in courses, webinars, podcasts and workshops, as well as people participating in various competitions and lots, companies, communities, entrepreneurs, blog media or blog portals.

Visoko Oy's sub-website TranquilPeatland includes online courses and online shopping managed by Visoko. TranquilPeatland Terms and Conditions can be found here.


Purpose of personal data

The data subject's personal data is processed for the maintenance, management and development of customer and stakeholder relationships related to the Controller's services, as well as for the provision, provision and development of services based on customer relationship and other relevant connection, such as partnership. The personal data contained in the register may be used for the communication, direct marketing, opinion or market surveys of the Controller and its carefully selected partners, as well as for other addressed consignments and digital marketing targeting.

Your personal data may be processed for the following purposes: maintaining, managing and developing customer relationships, implementing services, managing your course operations, verifying customer and visitor transactions to conduct customer service, operations and websites conducting opinion and market surveys, remarketing using tools for linkedin, Facebook, Google and email marketing to market products and services and the implementation of partnership and affiliate marketing. The register consists of users who have joined the mailing list through the above-mentioned sites, ordering free guides and purchasing various products and services. The personal data in the register is used to communicate with users on the e-mail list and to manage and maintain the customer relationship between the company and the customers. The user is informed about the news and current events on the sites in accordance with the Personal Data Act. You agree that the Company will also send direct marketing, direct mail, opinion, marketing research materials and/or other addressed broadcasts via e-mail.


Personal data stored in the register

The controller has a customer and stakeholder register containing the following information:

  • Contact information (name, email address and telephone number of the data subject), the community and title they represent
  • Information related to the customer relationship and/or other cooperation relationship, including the services acquired and the billing information
  • Information on communications, marketing, invitations and other similar measures directed at the data subject
  • Customer data required by the Act on the Prevention of Money Laundering and Terrorism (444/2017 as amended)


Information collected about you

As a user, the following information may be collected about you:

  • First name
  • Surname
  • E-mail address
  • Company customer's personal and/or business information (business ID, email address, postal address, city and number)
  • Customer relationship maintenance information; billing and payment information, order information, salesperson and partner information, customer feedback, contacts, lottery and competition responses, cancellation information
  • Site user e-mail messages
  • Permissions and consents of the site user
  • User usage information, such as clicking links, pages, or posts you visit, the time of the actions.
  • A user who has joined the e-mail list may at any time delete their data from the register via the link mentioned in each letter. The link is either in English (unsubscribe) or in Finnish (leave the list).
  • The user may be included in more than one e-mail list, which may still allow the company to send messages and materials, even if they feel that the user has left the e-mail list once. If you wish to leave all lists at the same time, please contact us by email at


User permissions

The user has the following permissions, the use of which must be made to:
The site user has the following permissions:

  • Right to information
  • Right to restrict processing
  • Right to repair
  • Right to be forgotten

It should be noted that the Controller may have a statutory or other right not to delete the requested data. The controller is obliged to keep the accounting records in accordance with the period defined in the Accounting Act (Chapter 2, Section 10) (10 years). Therefore, accounting material cannot be deleted before the expiry of the time limit.


Right to withdraw consent

The User has the right to prohibit the controller from processing data concerning him or her for the purposes of direct advertising, distance selling or other direct marketing, market and opinion polls.

The data subject may appeal the decision to the Data Protection Ombudsman

The data subject has the right to demand that we restrict the processing of disputed data until the matter is resolved.


Retention periods for personal data

The customer register is reviewed at regular intervals. The controller does not store personal data for longer than is necessary for its purpose or as required by the agreement or law.


Disclosure of personal data

The data collected in the registers will not be disclosed outside the company for marketing, sales, opinion or market research purposes. However, personal data may be disclosed to the authorities in accordance with Finnish law upon request. The register is stored in the information system and is protected and located in such a way that unauthorised parties do not have access to the register data.


Disclosure and transfer of data between the EU or the EUROPEAN Economic Area

  • Information (first name, surname and e-mail address) of users on the e-mail list is transferred to software outside the EU or EEA:
  • Mailchimp email marketing program. Read more
  • Delfoi future method
  • Typeform questionnaires
  • Google Forms questionnaires


Regular data sources

As a rule, the personal data contained in the register is obtained from public registers, directly from data subjects or from another member of the anyone represented by the data subject. Personal data is obtained when the user subscribes to a weekly letter, downloads a free guide, updates their own information, purchases a company's product through the website, joins free challenges, workshops, competitions or lots. Information can also be obtained through cookies or other similar technologies.



The controller stores personal data on servers that are protected in accordance with general industry practices. Personal data is confidential and is not expressed to anyone other than those who need it at work. The use of the register is protected by user-specific IDs, passwords and other technical means. Only predetermined company employees and/or partners, such as an external producer of websites, an assistant responsible for invoicing or a marketing company, are able to access and be entitled to access the data contained in the register stored in the system.


Right of inspection and rectification (Section 26 of the Personal Data Act)

In accordance with Section 26 of the Personal Data Act, a user in a swamp marketing register has the right to check what data concerning him or her is stored in the register. The inspection request must be sent in writing and signed to Visoko Oy. In order to carry out the inspection request, it is recommended that the form available on the EDPS's website be used.

The inspection request must state that the request concerns the register data of visoko Oy's customer register. If there are errors in the data, the user can make a request to the registry contact to correct the error. The request for rectification must be made in writing. The request must justify and specify exactly what information is required to be corrected, what the user believes is the correct information and how the correction is requested to be made.

The company does not verify the accuracy of the personal data provided by the user. The user can change, supplement and delete their data through the links at the end of each weekly letter or by logging in to the service. Information about the use of the service is not available to users.


Reporting of infringements

Despite the best efforts, no internet data transfer method or electronic storage format is completely safe. The company cannot guarantee full security. If a company becomes aware of a security breach, it notifies the affected users so that they can take the necessary security measures. The Company undertakes to inform its customers of any matter concerning the security of their account and to provide them with all necessary information to fulfil their own legal reporting obligations.


User obligations

To keep your user's data secure, you must also ensure the security of your accounts by using passwords that are complex enough, change them regularly, and store them appropriately. The user must also ensure the safety of his/her own devices.


Links to third-party websites

E-books, online coaching, free guides, workbooks, blog posts, and weekly letters may include links to third-party websites. Linked websites are not controlled by the company and are not responsible for the content of third-party websites or the links contained in the websites.

If you go to a linked website, you should familiarize yourself with the privacy policy, cookie collection data and other applicable terms of use of that website.

Some of the links may be so-clicked. affiliate links through which the company receives commissions or free months of use of the products. Affiliatelinks have been reported either with a * sign or with a mention at the end of blog posts: "Some of the links in this post are affiliate links. By purchasing a product through affiliatelink, I get a smaller commission or product for a free month of use. However, clicking on the link will not cost you or me any income, so you can take your time to visit the page and think about your purchase decision for as long as you want.

I only take products from the collaborative parties that I can recommend myself. I recommend only those products that I have tested myself, used and found to work. Never buy a product if you're not sure it's helpful to you or you're not sure if it will help you achieve your goals.


Partnership marketing

From time to time, the company provides information about carefully selected partners and the services they provide. The company does not share user information with partners directly. The company acts by first sending the user an email asking if the user is interested in the free or paid service provided by the partner in question.

The user can choose directly from the email "yes, I am interested" or "no, I am not interested". If the user chooses "yes, I am interested", the company will send more detailed information about the service provided by the partner, after which the user can still choose whether to continue to familiarise them with the partner's service.



What is a cookie?

Cookies are small files that are stored in the browser of the device you are using (computer/mobile device). This allows the company to identify a visitor who visits the site several times. Each cookie expires after a certain period of time, depending on its purpose of use. Like commercial sites, the company uses cookies on its own website.  By using the company's websites, you consent to the use of cookies as described on this website.

What cookies does the company use?

The company uses the following cookies:

  • sign-in and activity cookies (for example, saving settings when you sign in)
  • analysis cookies (Google Analytics, Matomo, with information the company improves the functionality of the site)
  • targeted or advertising cookies (Facebook and Google, cost-effective use of advertising, do not contain personal data)
  • Other websites for which possible links are available collect and use cookies according to their needs.
  • The website user must accept the cookies of each website themselves. If you do not agree to be collected about him or her, the use of that website must be discontinued immediately.

Delete cookies

If you want to delete or block cookies from your browser, you have every right to do so. You should familiarize yourself with your browser settings, as the actions are always browser-specific. However, it is important to note that if you decide to do so, it may affect the efficient use of the services. By allowing cookies, you will ensure smoother use of our website.


Changing data protection and the register description

Data protection and the register description are reviewed twice a year, in connection with which they may change. Changes will be announced immediately when the update is made. By using the sites, you automatically agree to the new privacy and register description. If you do not agree, then the use of the sites must be discontinued immediately.


Other possible rights

The user has the right to lodge a complaint if you are dissatisfied with the processing of the complaint you send to the company. The complaint shall be lodged with the Supervisory Authority. |


More info on

For questions related to the register, you can contact us by e-mail
Privacy policy and data protection updated 19.9.2022.
Visoko Ltd




21.1.2021 Privacy Policy (updated 21.2.2022)


Descriptions of processing operations

The controller has described the processing of personal data in its report. Accounting firm TO Tilikirja, used by Visoko, has made its own statement as a processor on the processing of the customer's personal data. (Article 30).



Practical measures are instructed from the controller to the data processor: Written assignment agreement The controller has concluded a written agreement (Article 28) when outsourcing the processing of his or her personal data. In accordance with the agreement, the processor shall carry out the tasks agreed therein. A more detailed description of the tasks is defined by the service description of the contract. The agreement defines the division of responsibilities between the parties. The agreement will be updated as necessary.


Non-disclosure agreement

The controller has ensured that the personal data processor's personnel have committed themselves to professional secrecy (Article 28). In practice, the processor has entered into a non-disclosure agreement with anyone who processes this information at work. Other personnel of the processor shall not have access to personal data.


Using subcontractors

The controller gives prior authorisation that the processor may use subcontractors in its operations (Article 28). As required by the Regulation, the processor shall notify the controller of the planned changes.


Security of personal data processing method descriptions

The controller has made a description with the processor of the transmission, processing, storage, storage periods and disclosure, return and deletion of personal data. The description takes into account the risks and hedging measures of data processing and the obligation under the Accounting Act to store accounting material, which is payroll data.

The timelyness of the description, together with the handler, shall be reviewed periodically, at least once a year, and whenever changes occur in the processes or systems available.

The methodological description takes into account the requirement of the Regulation (Article 24) 'Taking into account the nature, scope, context and purposes of the processing and the risks to the rights and freedoms of natural persons, the controller shall take the necessary technical and organisational measures to ensure and demonstrate compliance with this Regulation. These measures shall be reviewed and updated as necessary.';

The controller exercises due care in storing the data of persons and is responsible for the fact that access to the data is restricted to processors whose tasks so require. When the assignment agreement is concluded, the controller has ensured that the data processor's personnel are also acting in accordance with the Regulation and have the expertise, reliability and resources to comply with the Regulation. Sensitive (Article 9: health information and trade union membership, etc.) shall be protected with special care and kept separate from other payroll material.

The controller instructs the data processor to use secure e-mail for the transmission of personal data or, alternatively, the SaaS system, where the data is transmitted by password through a secure service on both sides, or any other secure method agreed separately.

The controller has ensured in writing from system providers that their systems comply with data protection obligations in technical solutions and that the staff of the system providers are trained in the content of the GDPR. The controller has verified from the processor that it has acted in the same way as its own system providers. To the extent that data from systems is transferred to other systems, the security of interfaces shall be ensured to function properly.


Descriptions of processing operations

The controller has described the processing of personal data in its report. The accounting firm has made its own statement as a processor on the processing of the customer's personal data. (Article 30).


Information and communication to the data subject

The controller has taken care of the information of the persons whose personal data is processed in the register. The newsletter is available in the company's normal information channels: internal intranet, company bulletin board, distribution by email and induction material for new employees.

In the contract with the processor, the controller has outsourced to the accounting firm the transmission of the data subject's own data at his or her request. Requests for information to the processor are submitted by the controller's contact person notified by contract. This has been announced in a newsletter issued to data subjects.


The processor's obligation to instruct the controller

The controller instructs the data processor that according to the Regulation (Article 28), he/she is obliged to instruct the controller on compliance with the provisions of the GDPR.

If the processor notices that the controller's personnel are in breach of the Regulation, the processor must inform the controller accordingly. If the controller needs guidance on the content and compliance of the GDPR, it will ask the processor for guidance.


Report security breaches

The controller requires the data processor to report data breaches in accordance with the Regulation (Articles 33 and 34).

Documents mentioned in the instructions The documents mentioned in this instructions are kept attached to the instructions. The timelyness of the instructions and other documents is reviewed at least once a year. In the event of changes to processes or systems, their data security and security measures will be ensured before commissioning.


Parties mentioned in the guidelines

In this guide, the processor referred to in the Regulation is TO Ledger and controller Visoko Oy explains Visoko Oy's instructions on how to process data in its payroll and HR administration as required by the Regulation