Legal
Privacy Policy
Last updated: 13 June 2026
This Privacy Policy explains how Mira Kivistö (“we”, “us”, “our”), operating under the brand Reinvent Your Next Chapter™, collects, uses, shares and protects personal information when you visit this website, contact us, or participate in our coaching programs.
We are committed to handling personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), the Finnish Data Protection Act (1050/2018) and, where applicable, U.S. state privacy laws including the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA) and comparable state legislation.
1. Data Controller
Consulting Talents & Events ConTe Oy (2297336-4), Finland.
Email: mira.kivisto@conte.fi
For all privacy-related requests, please use the email above with the subject line “Privacy Request”.
2. Personal Data We Collect
We collect only the data necessary to provide and improve our services:
- Contact details you submit (e.g. name, email address, phone number, company) when you book a discovery call, send us an email, or fill out a form.
- Coaching data you choose to share during sessions, intake forms or assessments (including Reiss Motivation Profile® and SHL Competency Assessment results when applicable).
- Billing information (name, address, VAT/tax identifiers) when you purchase a program. Card data is processed directly by our payment providers and never stored on our servers.
- Technical data automatically collected by your browser when you visit the site: IP address (truncated), device type, browser type, referring URL, pages viewed, approximate location (country/region) and timestamps.
- Cookies and similar technologies — see Section 8.
We do not knowingly collect personal data from children under 16. We do not collect special categories of personal data (e.g. health, biometric, genetic, racial or ethnic origin, political opinions, religion) unless you voluntarily disclose it during a coaching engagement, in which case it is handled with strict confidentiality.
3. Purposes and Legal Bases for Processing (GDPR Art. 6)
- To deliver coaching services and respond to enquiries — performance of a contract (Art. 6(1)(b)) or pre-contractual steps at your request.
- To send service emails, scheduling and program-related updates — performance of a contract.
- To send marketing emails or newsletters — your prior consent (Art. 6(1)(a)), which you may withdraw at any time.
- To comply with legal, tax and accounting obligations — legal obligation (Art. 6(1)(c)).
- To secure, maintain and improve the website, and to defend legal claims — legitimate interests (Art. 6(1)(f)).
4. How We Share Personal Data
We do not sell or rent personal data. We share data only with vetted processors that help us run the business, under written data processing agreements where required:
- Website hosting and analytics providers.
- Email, scheduling and CRM providers.
- Payment processors and accounting/tax service providers.
- Assessment providers (Reiss Motivation Profile®, SHL®) when you opt in.
- Authorities or advisors when required by law, court order, or to protect our rights.
5. International Data Transfers
Some of our service providers are located outside the European Economic Area, including in the United States. When transferring personal data outside the EEA, we rely on appropriate safeguards under GDPR Chapter V, primarily the European Commission’s Standard Contractual Clauses (2021/914) and, where applicable, the EU– U.S. Data Privacy Framework. You may request a copy of the relevant safeguards by contacting us.
6. Data Retention
- Discovery call and enquiry data: up to 24 months after last contact.
- Active client coaching records: for the duration of the engagement and up to 5 years afterwards for follow-up and dispute resolution.
- Accounting and invoicing records: 6 years (Finnish Accounting Act) or longer where required by U.S. tax law.
- Marketing data: until you withdraw consent or after 24 months of inactivity.
7. Your Rights Under the GDPR
If you are located in the EEA/UK, you have the right to:
- Access your personal data and receive a copy.
- Rectify inaccurate or incomplete data.
- Request erasure (“right to be forgotten”) where applicable.
- Restrict or object to processing, including direct marketing.
- Data portability for data you provided to us.
- Withdraw consent at any time, without affecting prior lawful processing.
- Lodge a complaint with your national supervisory authority. In Finland this is the Office of the Data Protection Ombudsman (tietosuoja.fi).
To exercise any of these rights, email mira.kivisto@conte.fi. We respond within 30 days.
8. Cookies and Analytics
We use only strictly necessary cookies to operate the site and, where you consent, privacy-respecting analytics to understand aggregate traffic. You can control cookies through your browser settings and through any cookie banner shown on the site. Where required, analytics is deployed in a way that does not enable cross-site tracking.
9. Your Rights Under U.S. State Privacy Laws
If you are a resident of California, Virginia, Colorado, Connecticut, Utah or any other U.S. state with comparable legislation, you have the right to:
- Know what personal information we collect, use, disclose and (if any) sell or share.
- Access and obtain a portable copy of your personal information.
- Request correction of inaccurate information.
- Request deletion of your personal information, subject to legal exceptions.
- Opt out of the “sale” or “sharing” of personal information and of targeted advertising. We do not sell or share personal information for cross-context behavioral advertising as defined by the CCPA/CPRA.
- Non-discrimination for exercising any of these rights.
- Designate an authorized agent to make a request on your behalf (we may verify the agent’s authority and your identity).
To submit a request, email mira.kivisto@conte.fi with the subject line “U.S. Privacy Request”. We will verify your identity using information already on file and respond within the timeframes required by the applicable law.
10. Security
We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration and disclosure, including encryption in transit, access controls, vendor due diligence and regular review of security practices. No system is fully secure, and we cannot guarantee absolute security.
11. Children
Our services target adult professional women. We do not knowingly collect personal data from anyone under 16 (EEA/UK) or 13 (U.S.). If you believe we may have collected such data, please contact us and we will delete it promptly.
12. Third-Party Links
The site may contain links to third-party websites (such as LinkedIn or our online store). Those services have their own privacy policies, and we are not responsible for their content or practices.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by updating the “Last updated” date above and, where appropriate, by additional notice (e.g. by email).
14. Contact
Questions about this Privacy Policy or our data practices? Email mira.kivisto@conte.fi.