Privacy statement

This is a statement on the processing of your personal data pursuant to the EU’s General Data Protection Regulation (679/2016).

Controller

Joona Väänänen

email address: [email protected]

Communication regarding privacy matters

Joona Väänänen

email address: [email protected]

We request that users contact the person listed hereinabove for all questions related to the processing of personal data and situations related to the exercising of your rights.

Basis and purpose of processing personal data

The legal basis for the processing of personal data is the controller’s legitimate interest based on the user relationship between the user and the controller, the user's consent, an assigment given by the user or other appropriate connection.

The purposes of processing personal data include improvement of the website's user experience, administration and management of user relationships, and enabling of contacts required by the service. For example, the user may be asked for information, such as one's name, on the website's forms, and the information may be supplemented with the user's unique identifier.

Regular data sources

The personal data to be processed is regularly received from the user themselves.

Personal data being processed

The controller only collects personal data concerning the users that is essential and relevant for the purposes explained in this privacy statement.

The following data concerning the users is processed:

  • Name
  • The user's unique identifier
  • Other information provided by the user

Additionally, the website is protected by Google's reCAPTCHA, for which Google's privacy policy is applied.

Disclosure of personal data

Personal data is generally not disclosed to third parties. The user's unique identifier, however, may be used for the website's analytics, which is collected in a third-party service.

Data may also be disclosed to the authorities due to legal requirements.

Transfers of personal data to third countries

As a rule, personal data will not be transferred outside of the EU and the European Economic Area.

As an exception to this, some of the third-party service providers in use on the website are established outside the European Economic Area, so their processing of personal data will involve a transfer of data outside the European Economic Area. In such situations the transfer will be implemented in accordance with the European Commission’s decision on the adequacy of privacy protection.

Protection of personal data

The controller processes personal data in a manner that aims to ensure the appropriate security of the personal data, including their protection against unauthorised processing and accidental loss, destruction or damage.

The controller uses appropriate technical and organisational safeguards in order to achieve this goal; these include the use of firewalls, encryption techniques and safe equipment rooms, appropriate access control, careful management of data system user IDs, and providing instructions to the persons participating in the processing of personal data.

Retention period for personal data

The controller will process the personal data for only the necessary period. At the end of this period, the controller will delete or anonymise the data in accordance with the deletion processes it follows.

The controller may have an obligation to process some personal data belonging to the filing system for longer than stated above in order to comply with the legislation or authority requirements.

Profiling

The processing of personal data contains profiling. Profiling refers to the automatic processing of personal data wherein the data is used to assess specific characteristics of the user. The users are profiled in order to better target direct marketing and other communications to suit their interests.

Rights of the user

Right to request access to personal data

The user has the right to receive confirmation regarding whether personal data concerning them is being processed and, if it is, the right to receive a copy of their personal data.

Right to rectification

The user has the right to request that inaccurate and erroneous personal data concerning them be rectified. The user also has the right to supplement incomplete personal data by submitting the required additional information.

Right to erasure

The user has the right to request erasure of personal data concerning them if

  • a. the personal data is no longer required for the purposes for which they were collected; or
  • b. the personal data has been unlawfully processed.

Right to restriction of processing

The user has the right to restrict the processing of personal data concerning them if

  • a. the user contests the accuracy of their personal data;
  • b. the processing is unlawful and the user opposes the erasure of the personal data and requests the restriction of its use instead; or
  • c. the controller no longer needs the personal data for the purposes of the processing, but it is required by the user for the establishment, exercise or defence of legal claims.

Right to object

The user has the right to object, on grounds relating to their particular situation, at any time, to processing of personal data concerning them.

The controller shall no longer process the user's personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the user or for the establishment, exercise or defence of legal claims.

Where personal data is processed for direct marketing purposes, the user has the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right not to be subject to a decision based solely on automated processing

The user shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

The above shall not apply if the decision is necessary for the creation or execution of an agreement between the user and the controller, or if it is based on the explicit consent of the user.

Right to data portability

The user has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller.

Right to lodge a complaint with a supervisory authority

The office of the Data Protection Ombudsman, operating under the Ministry of Justice, is the national supervisory authority for personal data matters. You have the right to bring your case to the supervisory authority if you consider that the processing of personal data concerning you is in violation of applicable law.

Amending the privacy policies

The controller is continuously developing its activities and may therefore be required to amend and update its privacy policies when necessary. The amendments may also be based on changes in the legislation concerning data protection.

If the amendments include new purposes for the processing of personal data or otherwise introduce substantial changes, the controller will provide an advance notification of them and, if necessary, request consent.

Cookie declaration