Nordaurai Oy Ltd (“we,” “us,” or “our”) is committed to protecting your privacy. This
Privacy Policy outlines how we collect, use, store, and safeguard your personal data when
you interact with our services, including:
• Corporate Positive Psychology Sessions (in-person and online)
• Gamified Training Programs
• Digital and Physical Game Products
• Online Platforms hosted on WordPress
This policy applies to all users across all regions in which we operate, including both
business clients (B2B) and individual consumers (B2C).
1. Definitions and Interpretation
In this Policy the following terms shall have the following meanings:
“Account”: means collectively the personal information, Payment Information and
credentials used by Users to access Material and / or any communications System on the
Web Site;
“Content”: means any text, graphics, images, audio, video, software, data compilations and
any other form of information capable of being stored in a computer that appears on or
forms part of this Web Site;
“Cookie”: means a small text file placed on your computer by Nordaurai Oy when you
visit certain parts of this Web Site. This allows us to identify recurring visitors and to
analyse their browsing habits within the Web Site.
“Data”: means collectively all information that you submit to the Web Site. This includes,
but is not limited to, Account details and information submitted using any of our Services
or Systems;
“Service”: means collectively any online facilities, tools, services or information
that Nordaurai Oy makes available through the Web Site either now or in the future;
“System”: means any online communications infrastructure that Nordaurai Oy makes
available through the Web Site either now or in the future. This includes, but is not limited
to, web-based email, message boards, live chat facilities and email links;
“User” / “Users”: means any third party that accesses the Web Site and is not employed
by Nordaurai Oy and acting in the course of their employment; and
“Website”: means the website that you are currently using (www.nordaurai.com) and
any sub-domains of this site (e.g. subdomain.nordaurai.com) unless expressly excluded
by their own terms and conditions.
Nordaurai Oy may, from time to time, employ the services of other parties for dealing with
matters that may include, but are not limited to, payment handling, delivery of purchased
items, search engine facilities, advertising and marketing. The providers of such services do
not have access to certain personal Data provided by Users of this Web Site. Any Data used
by such parties is used only to the extent required by them to perform the services
that Nordaurai Oy requests. Any use for other purposes is strictly prohibited.
Furthermore, any Data that is processed by third parties must be processed within the
terms of this Policy and in accordance with the Data Protection Act 1998.
2. Company Information
• Business Name: Nordaurai Oy Ltd
• Registration: Registered in Helsinki, Finland
• Email: info@nordaurai.com
3. What Data We Collect
We collect the following categories of personal data:
3.1 Identification & Contact Information
• Full name
• Email address
• Date of birth
• Job title and profession (corporate clients)
• Company name (corporate clients)
3.2 Account & Subscription Data
• Login credentials
• Training assessments and responses
3.3 Payment Information
• Credit/debit card details (processed via Stripe)
• Billing address
• Transaction history
Note: We do not store full card details.
3.4 Technical & Usage Data
• IP address
• Browser type and version
• Operating system
• Visited pages, session duration, clickstream data
4. Third-Party Platforms
We integrate with the following platforms that may process your data:
Platform Purpose Privacy Policy Link
Stripe Secure payment processing Stripe Policy
Zoom Hosting live training sessions Zoom Policy
Calendly Scheduling coaching/training sessions Calendly Policy
5. Cookies & Tracking Technologies
We use cookies to:
• Ensure website functionality (essential cookies)
• Analyze user behavior (analytical cookies)
• Remember preferences (functional cookies)
• Deliver personalized content or ads (marketing cookies)
You may manage cookie preferences via our cookie banner or through your browser. Learn
more at www.aboutcookies.org.
6. Legal Basis for Data Processing (Under GDPR)
Purpose Legal Basis (GDPR Article 6)
Account setup, training access Performance of a contract (Art. 6(1)(b))
Customer service, session reminders Legitimate interest (Art. 6(1)(f))
Marketing communications Consent (Art. 6(1)(a)) – opt-in required
Payment and billing Legal obligation & contract (Art. 6(1)(b)(c))
Analytics and cookies Consent (Art. 6(1)(a))
You may withdraw consent at any time without affecting prior lawful processing.
7. Your GDPR Rights
As an EU/EEA data subject, you have the following rights:
Right Description
Access Request access to your personal data
Rectification Request correction of incorrect/incomplete data
Erasure Request deletion of your data (in applicable
circumstances)
Restriction of Processing Temporarily halt processing under certain conditions
Data Portability Receive data in a structured format for
transfer
Object Object to processing based on legitimate interests
Withdraw Consent Withdraw consent for processing based
on prior agreement
To exercise your rights, email us at info@nordaurai.com. We respond within 30 days.
8. Data Retention
Data Type Retention Period
Account/login info Training period + 12 months
Billing & payment data Up to 6 years (per Finnish law)
Assessment/training responses 12 months post-training
Contact messages/inquiries 12 months
Data is securely deleted or anonymized when no longer necessary.
9. Data Sharing & International Transfers
We only share data with GDPR-compliant service providers for:
• Online course hosting
• Secure payments
• Scheduling and video conferencing
• Gamified learning delivery
10. Security Measures
We prioritize your data protection through:
• Encryption (at rest and in transit)
• Access Controls (authorized staff only)
• Routine Audits (technical and procedural)
All third-party platforms also follow high security standards and are GDPR-compliant.
11. Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services,
legal requirements, or data processing practices.
• The updated version will be indicated by an updated “Last updated” date at the top of the
page.
• We recommend reviewing this page periodically to stay informed about how we protect
your data.
If significant changes are made, we will notify you via email (if applicable) or through a
prominent notice on our platform.
12. Contact Information
If you have questions about this Privacy Policy or your personal data:
Email: info@nordaurai.com
Nordaurai Oy Ltd (“we,” “us,” or “our”) is committed to protecting your privacy.
13. Cookies
This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. Cookies generally exist to make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the help section of your browser.
Necessary Cookies (all site visitors)
- cfduid: Is used for our CDN CloudFlare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. See more information on privacy here: CloudFlare Privacy Policy.
- PHPSESSID: To identify your unique session on the website.
Necessary Cookies (Additional for Logged in Customers)
- wp-auth: Used by WordPress to authenticate logged-in visitors, password authentication and user verification.
- wordpress_logged_in_{hash}: Used by WordPress to authenticate logged-in visitors, password authentication and user verification.
- wordpress_test_cookie Used by WordPress to ensure cookies are working correctly.
- wp-settings-[UID]: WordPress sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
- wp-settings-[UID]:WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface1
If you are a client with a registered account, your personal information can be accessed by:
- Our system administrators.
- Our supporters when they (in order to provide support) need to get the information about the client accounts and access.
14. Security Measures
We use the SSL/HTTPS protocol throughout our site. This encrypts our user communications with the servers so that personally identifiable information is not captured/hijacked by third parties without authorization.
In case of a data breach, system administrators will immediately take all needed steps to ensure system integrity, will contact affected users and will attempt to reset passwords if needed.
9. Your Data Rights
General Rights
If you have a registered account on this website or have left comments, you can request an exported file of the personal data we retain, including any additional data you have provided to us.
You can also request that we erase any of the personal data we have stored. This does not include any data we are obliged to keep for administrative, legal, or security purposes. In short, we cannot erase data that is vital to you being an active customer (i.e. basic account information like an email address).
If you wish that all of your data is erased, we will no longer be able to offer any support or other product-related services to you.
GDPR Rights
Your privacy is critically important to us. Going forward with the GDPR we aim to support the GDPR standard. AncoraThemes permits residents of the European Union to use its Service. Therefore, it is the intent of AncoraThemes to comply with the European General Data Protection Regulation. For more details please see here: EU GDPR Information Portal.