Privacy

Privacy Policy

This Privacy Policy describes how Diploi collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from diploi.com (the "Site") or otherwise communicate with us (collectively, the "Services"). For purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.

Last updated October 28, 2025

Please read this Privacy Policy carefully. By using and accessing any of the Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not use or access any of the Services.

Diploi applies the the GDPR guidelines and regulations to all users and visitors. For more information about GDRP, check the official europa.eu website

Data Controller

Diploi Ltd

Address: Malminkatu 30, 00100 Helsinki, Finland

Business ID: FI34195512


Contact information:

Diploi Support Team support@diploi.com

Data Protection Officer privacy@diploi.com

Introduction

This Privacy Policy explains how Diploi Ltd (“Diploi,” “we,” “us,” or “our”) collects, use and protect your personal data when you interact with our services, website, or platforms. By using our services, you agree to the terms outlined below.

This policy applies to you if you are:

  1. A customer or representative of a customer (“Customer”)
  2. A user of Diploi’s services (“User”)
  3. A prospective customer or their representative (“Prospect”)
  4. A representative of a business partner (“Partner”)
  5. A visitor to our website or platforms (“Visitor”)

Important Notes:

  1. Diploi acts as a data controller for personal data processed under this policy.
  2. When Customers use our services to store/process third-party data, Diploi acts as a data processor. In such cases, the Customer (or their client) remains the data controller.
  3. We are not responsible for the privacy practices of third-party websites linked to our services.

Personal Data We Collect

(A) Customers

When you sign up for our services or enter an agreement, we collect:

  1. Basic contact details: Name, email, company name.
  2. Service-related data: Contract details, service start/end dates, billing information (e.g., credit card details, invoices, payments) and records of interactions (e.g., support requests, feedback).

Why we need this: To fulfill contracts, provide services and comply with legal obligations. Failure to provide required data may prevent us from delivering services.

Additional data for events/webinars: Dietary preferences, attendance records, or topic interests (collected voluntarily during registration).


(B) Users

We collect two types of data:

  1. User Data: Provided directly by you (e.g., name, email, billing details, communications with our team).
  2. Technical Data: Automatically collected via cookies and analytics tools (e.g., IP address, browser type, geographic location, URLs visited).

Purpose: To improve service functionality, personalize your experience and ensure security. Technical data may be combined with user data to enhance service delivery.


(C) Prospect Customers

We collect:

  1. Contact details: Name, email, company name.
  2. Interaction data: Marketing responses, webinar/event attendance, or information from public sources (e.g., LinkedIn, Discord).

Sources: Direct submissions (e.g., contact forms), third-party lead generators, or your engagement with our content (e.g., downloading resources).


(D) Partners

We process:

  1. Basic contact information: Name, email, phone number, company name.
  2. Interaction records: Communications (e.g., emails, Slack messages), event registrations, or submissions via forms.

Purpose: To manage partnerships and share relevant service updates.


(E) Visitors

We use cookies to collect:

  1. Usage data: Pages visited, browser type, device information.
  2. Consent-based tracking: Analytics and marketing cookies, by default consent is assumed as “denied” and we do not request or capture data that would require consent.

We process your data based on:

  1. Contractual necessity (e.g., delivering services).
  2. Legitimate interests (e.g., marketing, fraud prevention).
  3. Consent (e.g., non-essential cookies).

Data Retention & Security

  1. We retain data only as long as necessary for the purposes outlined here or to comply with legal obligations.
  2. Data is secured using industry-standard measures (e.g., encryption, access controls).

Your Rights

Under GDPR, you may:

  1. Access, correct, or delete your data.
  2. Restrict processing or object to direct marketing.
  3. Request data portability.
  4. Withdraw consent (where applicable).

To exercise these rights, contact us at privacy@diploi.com

Updates & Contact

We may update this policy periodically. Changes will be posted on our website and communicated via email.


(A) Customers and Users

Purposes of Processing

  1. Service Delivery & Contractual Obligations
    Provide access to services, manage user credentials, process payments and resolve support requests.
  2. Customer Relationship Management
    Share updates about new features, schedule meetings, or invite you to Diploi-hosted events/webinars.
  3. Communication
    Send service-related updates, promotional materials, or event invitations.
  4. Service Improvement
    Analyze aggregated usage data to enhance functionality and user experience.
  5. Compliance
    Ensure adherence to Diploi’s Terms of Service and legal regulations.
  1. Legitimate Interests: Business operations, service development and marketing.
  2. Contractual Necessity: Fulfilling obligations under customer agreements.
  3. Consent: For optional communications (e.g., newsletters).
  4. Legal Obligations: Reporting unlawful activities or regulatory compliance.

(B) Prospect Customers

Purposes of Processing

  1. Generate sales leads, promote Diploi services and build brand awareness.
  2. Profile Prospects based on interactions (e.g., website visits, webinar attendance, content views).
  1. Legitimate Interests: Business development and marketing.

(C) Partners

Purposes of Processing

  1. Manage partnerships, share service updates and invite Partners to events/webinars.
  1. Legitimate Interests: Strengthening business relationships and service innovation.

(D) Visitors

Purposes of Processing

  1. Analyze website traffic and visitor behavior.
  1. Legitimate Interests: Website functionality and security.

International Data Transfers

Personal data is stored in the EU/EEA. Transfers outside these regions occur only when necessary, such as:

  1. Sharing data with Diploi’s affiliated entities or service providers (Amazon Web Services, Stripe, Linear).
  2. Service health, outage triage and error logging (Sentry)

Safeguards for Transfers:

  1. EU Adequacy Decisions.
  2. Binding contractual agreements requiring third parties to uphold GDPR-level protections.

How We Share Personal Data

Circumstances for Sharing Data

We may share your personal data with third parties in the following situations:


(A) Service Providers & Partners

  1. Share data with third-party vendors to deliver services (e.g., payment processing, customer support tools, analytics). Eg. Partnering with payment gateways like Stripe or cloud storage providers like AWS.
  2. Contracts with service providers and partners, ensuring compliance with GDPR and Diploi’s instructions.

  1. Disclose data if required by law, including:
  • Law enforcement requests (e.g., court orders, subpoenas).
  • Reporting suspected illegal activity (e.g., fraud, security breaches).
  • Addressing emergencies threatening safety.
  1. We will notify you of such disclosures where legally permitted.

(C) Business Transactions

  1. Share data during mergers, acquisitions, or asset sales with involved parties.

  1. Share data for purposes beyond this policy only with your explicit consent (revocable at any time).

Data Retention

We retain personal data only as long as necessary for the purposes outlined here or to meet legal obligations.


(A) Users

  1. Retained while your account is active. Extended retention applies for:
  • Legal requirements (e.g., tax laws).
  • Investigations into breaches of our Terms of Service.
  • Internal reconciliation (e.g., billing disputes).

(B) Customers & Partners

  1. Retained for the duration of the relationship and afterward for:
  • Legal defense or claims.
  • Internal reporting (e.g., financial audits).

(C) Prospect Customers

  1. Retained until deemed no longer a prospect. Databases are reviewed regularly for accuracy.

(D) Visitors

  1. Cookies: Manage or delete via browser settings. Non-essential cookies expire as per your consent preferences.

Your Rights & Responsibilities


Your Rights Under GDPR

You have the right to:

  1. Access: Confirm if we process your data and request a copy.
  2. Portability: Receive your data in a structured, machine-readable format.
  3. Rectification: Correct incomplete, outdated, or inaccurate data.
  4. Restriction: Limit processing under GDPR Article 18 (e.g., contesting data accuracy).
  5. Erasure: Request deletion of your data, unless legally required to retain it.
  6. Withdraw Consent: Revoke consent for processing based on your permission.
  7. Object: Challenge processing based on legitimate interests (GDPR Article 21).

Note: Exercising these rights may impact our ability to provide services (e.g., deleting billing data could disrupt subscriptions).


How to Exercise Your Rights

Submit requests to: privacy@diploi.com
Include in your request:

  1. Full name, company name (if applicable) and email.

Verification: We may ask for additional details to confirm your identity. Response Time: We aim to address requests within 5 days. Repetitive or unfounded requests may be declined.


Direct Marketing

  1. Opt-Out: Unsubscribe using links in marketing emails.
  2. Service Communications: Even if you opt out, we may email Customers/Users about critical service updates (e.g., outages, policy changes).

Lodging a Complaint

You may file a complaint with:
**Office of the Data Protection Ombudsman (Finland) Website: www.tietosuoja.fi

We encourage you to contact us first at [privacy@diploi.com] to resolve concerns promptly.

Security Measures

We protect your data using:

  1. Technical Safeguards: Encryption, firewalls, access controls.
  2. Organizational Practices: Regular audits, staff training and secure facilities.
  3. Your Role: Safeguard account credentials and enable two-factor authentication (2FA) for added security.

Policy Updates

Updates will be posted on our website. Material changes will be communicated in advance via email or service notifications.

Contact Us

For privacy inquiries or to contact our Data Protection Officer:
Email: [privacy@diploi.com]