Privacy Policy

Who’s Responsible for This?

The budding empire is being built by Elisa Heikura. I’m responsible for protecting your personal data as well as for making sure you have a good time here in general. You can send any questions you have about data protection to or call me if you’d prefer: +358 41 435 9191. And if we’re being totally honest, my company Elisa Heikura Oy (Business ID 2905069-3) is also lurking in the background.

What Kinds of Personal Data I Collect and Why


If you leave a comment on the site (and I really hope you do!), the site collects the data on the comment form (your name, email address and the comment itself) as well as your IP address and which browser version you’re using to facilitate recognizing spam messages. The website will retain these as long as it stays online. In GDPR speak, the basis for processing your data is your consent – which means that if you begin to intensely regret a particular comment you left on the site, I will delete it at your request. However, for the IP address and the browser version, the basis for processing is the legitimate interest of the data controller (I use them to prevent spam).


If you leave a comment on the site, WordPress will save your name and email address automatically in a cookie. This function makes the site more pleasant to use because you don’t have to refill the form every time. The cookie data is removed from your browser after one year.

The online store (more on that below in a separate section) uses cookies as well. Also the site’s analytics uses cookies.

In GDPR speak, saving the cookie is also based on your consent. For the online store, the basis for processing is the performance of a contract.


I use Google Analytics to examine the amount of visitors to my site and their activities once here. From that data, I cannot tell apart a particular user from the crowd, no matter how far apart you’re standing. I can only see that this content was interesting to people and that content clearly wasn’t. Google Analytics uses cookies, and this data is deleted from your browser after one year. Because I cannot recognize specific visitors from Google Analytics, this data isn’t considered personal data as defined by the GDPR.

Embedded Third Party Content

The articles on this site may contain embedded content (such as videos, pictures or social media posts). Clicking on content that’s imported from other websites is comparable to you visiting the third-party site yourself.

These sites may collect data about you, use cookies, add third-party tracking cookies and monitor your interactions with the embedded content, including tracking your interactions if and when you’re logged in to the site.

In other words, I can’t influence what these third parties are tracking because that’s not within my power. However, I try to only add content that I also personally trust.

Online Store

My site has an online store where I sell training courses. I’ve built it using the services of Verkkokurssitehdas Oy (Business ID 2798139-8). If you buy an online course from my store – and I really hope you do – the online store saves (and passes on to Verkkokurssitehdas) your name, email address, street address, the country you’re in, and of course your username and password. For this data, the basis for processing is the performance of a contract.

What Rights You Have Regarding Your Own Data

If you’ve left comments or bought online courses, you can request a file compiling all personal data that you’ve given me. You can also request that I erase your personal data. The right to erase your personal data doesn’t apply to personal data that must be kept for maintenance, legal or data protection reasons.

In line with the data protection regulations, you have the right of access (the right to view the personal data I’ve collected and saved about you as well as rectify incorrect data or supplement it) as well as the right to object (the right to object to the processing of your personal data if you suspect that I’m processing your data unlawfully or without the right to do so).

The Right to Withdraw Consent

As you may have noticed, the typical basis for me processing your personal data is – in GDPR speak – consent. With regards to this data, if you tell me the magic words ‘I withdraw my consent’ (or you send me an email or other written communication about it), I’ll erase your data faster than you can say ‘abracadabra’.

How Do I Obtain Your Data?

All the data comes either directly from you or then your browser tells it to my magical systems through cookies. You can find more precise information about the data I collect above.

Where Is Your Data Located and Where Is It Sent? is located on the Seravo Oy (Business ID 2392019-2) servers in Finland. The Verkkokurssitehdas servers that run the online store and trainings are located in Ireland. That’s to say, your data is safely in the EU. Your data is not handed over to any country with more lax data protection laws, such as outside the EU.

An automated service for spam prevention might check the comments. Otherwise, the data isn’t sent anywhere or to anyone.

Automated Individual Decision-making and Profiling

I don’t process your data using automated individual decision-making, i.e., profiling. It’s just me making the decisions. Except for the aforementioned automagical spam prevention.

Is There Something Troubling You?

Contact me:

The Right to Appeal to the Supervisory Data Protection Authority

If you think I’ve processed your data unfairly or you’re otherwise unhappy about something, you have the right to submit a complaint to the Data Protection Ombudsman. You can find the Data Protection Ombudsman website at