Privacy Policy

General provisions

  1. The purpose of this Regulation is to establish the procedure for processing and ensuring the security of personal data of the organization’s clients. Client – an individual to whom services are provided.
  2. The purpose of this Regulation is to prevent and detect violations legislation in the field of personal data protection, eliminating the consequences of such violations. Personal data or personal data is information relating directly or indirectly to an identified or identifiable individual, which may be provided to other persons.

Processing of Personal Data

  1. This Regulation on the processing and protection of personal data of clients of an organization located on the domain name was developed on the basis of the updated rules for the processing of personal data dated May 25, 2018, established by the General Data Protection Regulation (EU regulation 2016/679) dated April 27, 2016.
  2. The Regulations establish the procedure for receiving, recording, processing, accumulating and storing documents containing information related to the personal data of the organization’s clients.
  3. Personal data is confidential information.
  4. The organization carries out the following list of actions with the client’s personal data: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (providing, access, entrusting processing to another person), “pseudonymization”, depersonalization, blocking , removal, destruction.
  5. The organization processes personal data of clients for the purposes of:
  • conclusion at the initiative of the Client (member of the organization, volunteer, registered participant of a webinar, event, participant in a program or course within the framework of projects) and execution of contracts (for participation in clubs, sections, courses, programs or events), the other party of which is the Client;
  • providing clients with consulting services on working with electronic devices, municipal services and other services related to interaction with government agencies in Finland;
  • provision of information services;
  • providing invoices to an email or postal address.

  6. The organization processes personal data of clients to solve the following tasks:

  • providing services to the organization's clients;
  • maintaining contact with the Client, as a rule, if such a need arises and in his preferred way.

  7. Personal data – any information relating to a directly or indirectly identified or identifiable individual (subject of personal data). Personal data of clients or personal data subjects means any information relating to a directly or indirectly identified or identifiable individual (subject of personal data), including his last name, first name, gender, year, month, date and place of birth, address of residence , contact numbers, other information necessary for the organization to fulfill its obligations in accordance with current legislation. This information is collected solely with the consent to the processing of personal data of the subject of personal data and in accordance with the principle of minimization (using the minimum necessary amount of data to achieve the set goals).

  8. The organization processes the following personal data of clients:

  • contact details of participants in programs, webinars, events and volunteers: last name, first name; Email; contact phone number.
  • For members of the organization and participants of paid events, the postal address and payment details are additionally collected.
  • For course participants, when issuing a participant certificate, a personal identification code (henkilötunnus) is indicated.

  9. Special personal data of clients is not processed.

  10. Biometric personal data of clients is not processed.

  11. Cross-border transfer of personal clients is not possible.

Principles of processing personal data.

When processing Clients’ personal data, the organization adheres to the following principles:

  • conscientiousness and legality of the purposes and methods of processing personal data;
  • compliance with the legality of obtaining, processing, storing, as well as other actions with personal data; - compliance of the volume and content of processed personal data and methods of processing personal data for the purposes of processing;
  • the reliability of personal data, their relevance and sufficiency for the purposes of processing, the inadmissibility of processing personal data that is excessive in relation to the purposes stated when collecting personal data;
  • the inadmissibility of combining databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
  • restriction of the processing of personal data when achieving specific and legitimate goals, prohibition of the processing of personal data incompatible with the purposes of collecting personal data.
  • storing personal data in a form that makes it possible to identify the subject of personal data for no longer than required by the purposes of their processing, unless the storage period for personal data is established by current legislation.

Personal data is subject to destruction or depersonalization upon achievement of the purposes of processing or in the event of the loss of the need to achieve these purposes, unless otherwise provided by current legislation.

Information about the implemented requirements for the protection of personal data.

The organization takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in relation to personal data.

Collection (receipt), processing of personal data, storage of personal data.

Personal data of a client (organization member, program participant, webinar) is obtained only personally from clients or their legal representatives. Personal data of registered program participants is obtained by filling out a form on the website, in registration form services and are not checked.

When providing his data in the Form, the client (member of the organization, participant of the program, webinar) gives the organization consent to the processing of his personal data.

Processing of personal data occurs in both manual and automated ways. Employees with access to personal data receive only the information they need to perform specific job functions.

Customers' personal data is stored in paper and electronic form. In electronic form, the personal data of participants is stored in the personal data information system, as well as in archival copies of the databases of these systems. When storing personal data of participants, organizational and technical measures are observed to ensure their safety and exclude unauthorized access to them in accordance with the requirements of current legislation.

Transfer of personal data to third parties.

Transfer of personal data to third parties is possible only with the consent of the program participant, except in cases where such an obligation arises as a result of the requirements of the current legislation of Finland or upon receipt of a request from authorized government bodies. In this case, the organization limits the transfer of personal data to the requested volume. In this case, the program participant is notified of the fact of transfer of his personal data to a third party, if possible.

Rights, duties and responsibilities

The subject of personal data has the right:

  • demand clarification of your personal data, their blocking or destruction if the data is incomplete, outdated, unreliable, illegally obtained or not necessary for the stated purpose of processing, as well as take measures provided by law to protect your rights;
  • demand a list of your personal data processed by a non-profit organization;
  • receive information about the terms of processing of your personal data, including the periods of their storage;
  • appeal to the authorized body for the protection of the rights of personal data subjects or in court against unlawful actions or inactions during the processing of his personal data;
  • to protect their rights and legitimate interests, including compensation for losses and (or) compensation for moral damage in court;
  • other rights provided for by current legislation.
  • To exercise the right to clarify incomplete and outdated personal data, you can contact the Organization’s data protection officer. write to info(at) and explain what personal data you are talking about. In some cases, stored information can be destroyed by written postal request to Tietosuojavastaava, addressed to Graniittitie 9, 0710 Helsinki.

If the subject of personal data refuses to provide information and/or sign consent to the processing of personal data, the organization reserves the right to refuse the registering party to participate in the program.

The responsibility of the organization's employees who have access to personal data for failure to comply with the requirements of the standards governing the processing and protection of personal data is determined in accordance with current legislation and internal documents of the organization.

Features of data processing for the needs of the site 


If a visitor leaves a comment on the site, we collect the data indicated in the comment form, as well as the visitor's IP address and browser user-agent data for the purpose of spam detection.

An anonymized string generated from your email address (“hash”) may be provided to the Gravatar service to determine if you are using it. Gravatar's privacy policy is available here: . Once a comment is approved, your profile picture will be publicly visible in the context of your comment.

media files

If you are a registered user and upload photos to the site, you may want to avoid uploading images with EXIF metadata, as they may contain your GPS location data. Visitors can extract this information by downloading images from the site.


If you leave a comment on our site, you may opt-in to saving your name, email address and website in a cookie. This is done for your convenience, so as not to fill in the data again when re-commenting. These cookies are stored for one year.

If you have an account on the site and you log in, we will set a temporary cookie to determine if your browser supports cookies, cookies do not contain any personal information and are deleted when you close your browser.

When you sign in to your account, we also set several cookies with login details and screen settings. Login cookies are stored for two days, screen settings cookies for a year. If you choose the "Remember me" option, your login information will be stored for two weeks. When you log out of your account, the login cookies will be deleted.

When editing or publishing an article in the browser, an additional cookie will be stored, it does not contain personal data and contains only the ID of the post you edited, expires after 1 day.

Embedded content from other websites

Articles on this site may include embeddable content (such as videos, images, articles, etc.), such content behaves in the same way as if the visitor has visited another site.

These sites may collect data about you, use cookies, embed additional third party tracking, and monitor your interaction with embedded content, including interaction tracking if you have an account and are logged into that site.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long do we keep your data

If you leave a comment, the comment itself and its metadata are stored indefinitely. This is done in order to detect and approve subsequent comments automatically, instead of queuing them for approval.

For users who register on our site, we store the personal information that they indicate in their profile. All users can see, edit or remove their profile information at any time (except for the username). The website administration can also see and change this information.

What are your rights to your data

If you have an account on the site or if you have left comments, you can request an export file of the personal data that we have stored about you, including the data you provided. You can also request that this data be deleted, this does not include data that we are required to keep for administrative, legal or security purposes.

Where is your data sent

User comments may be checked by an automatic spam detection service.

Final provisions

Auringontalo ry provides unlimited access to the Regulations on its official website

This Regulation is subject to change and addition in the event of the emergence of new legislative acts and special regulations on the processing and protection of personal data.

Control of compliance with the requirements of this Regulation is carried out by the Information Protection Officer.

en_GBEnglish (UK)