1. Introduction

This Privacy Policy explains how CapAid Oy ("CapAid", "we", "us") collects, uses, and protects personal data when you use the CapAid HELP platform, the ACE (Advanced Credit Excellence) platform, our websites, and related services (the "Services"). We act as a data controller for personal data processed about visitors and account holders, and as a data processor for Customer Data submitted to the Services by our clients.

2. Data We Collect

  • Account data: name, business email, employer, role, and authentication identifiers.

  • Usage data: pages viewed, features used, training progress, quiz results, certification records.

  • Technical data: IP address, browser, device, operating system, log timestamps, and error diagnostics.

  • Communications: messages you send to support, chatbot interactions, and feedback.

  • Customer Data: business information your organisation uploads or connects to the ACE platform (processed on behalf of the client).

3. How We Use Personal Data

We process personal data to:

  • Provide, secure, and improve the Services and customer support.

  • Authenticate users, manage subscriptions, and issue certifications.

  • Communicate about service updates, security notices, and onboarding.

  • Comply with legal, regulatory, accounting, and contractual obligations.

  • Detect, prevent, and respond to fraud, abuse, and security incidents.

4. Legal Bases (GDPR)

We rely on the following legal bases: performance of a contract (providing the Services), legitimate interests (securing and improving the Services), legal obligation (tax, accounting, regulatory requirements), and consent (where required, e.g. for non-essential cookies and marketing).

5. Sharing and Sub-processors

We share personal data only with vetted sub-processors that support our infrastructure (hosting, database, authentication, email, analytics) under data processing agreements. We do not sell personal data. Data may be disclosed to authorities where required by law.

6. International Transfers

Where personal data is transferred outside the EEA, we use appropriate safeguards such as Standard Contractual Clauses and equivalent measures.

7. Retention

We retain personal data for as long as needed to provide the Services and to meet legal, accounting, or reporting obligations. Customer Data is retained according to the client agreement and deleted or returned upon termination, subject to mandatory retention periods.

8. Your Rights

Subject to GDPR, you have the right to access, rectify, erase, restrict, or port your personal data, to object to processing, and to withdraw consent at any time. You may also lodge a complaint with your supervisory authority (in Finland: the Office of the Data Protection Ombudsman).

9. Security

We apply appropriate technical and organisational measures to protect personal data, including access controls, role-based permissions, audit logs, and regular security reviews.

10. Cookies

The Services use cookies and similar technologies. See our Cookies Policy for details.

11. Contact

For privacy questions or to exercise your rights, contact:
Jawid Danish — jawid.danish@capaid.fi — +358 400 911 699
CapAid, PL 59, 10601 Tammisaari, Finland · Company ID 3507194-1 · VAT FI35071941

12. Changes

We may update this Privacy Policy from time to time. Material changes will be communicated through the Services or by email.