Skip to content

Privacy policy

Privacy statement for the membership register

Privacy statement for the participant register

Privacy statement for the volunteer and representative register

Privacy statement for the job applicant register

Privacy statement for the membership register

1. General 

Data Controller: 
Kansalaisareena ry (Business ID 0972562-2) 
Sturenkatu 11 
00510 Helsinki 
Contact person: 
Marjo Salmela 
marjo.salmela@kansalaisareena.fi 
044 972 0754 

2. Purpose and legal grounds for the processing of personal data 

A ‘data subject’ refers to a person who has joined the Kansalaisareena ry membership and/or who is the membership contact person of a member community of Kansalaisareena ry. The legal grounds for the processing of personal data are the compliance with the obligations laid down in the Associations Act (503/1989) and the contractual need to carry out the membership of the data subjects. 

Purposes of use of personal data include: 

  • informing about the meetings of the association and other member gatherings 
    • invoicing of membership fees 
    • event invites and surveys 
    • communication related to advocacy activity of voluntary activity

3. Data content of the register and retention periods 

Data is collected from the data subjects themselves with a web or paper form, or via email. 

The register may include following personal data: 

– name and contact details of the member: phone number, email address, home address, and home municipality 

– name and address of the member community and name, email address and phone number of the contact person of the member community 

– invoicing details and paid/unpaid membership fees 

The data of a resigned or suspended member will be erased from the register as the resignation/suspension has been approved in the meeting of the board of directors of Kansalaisareena ry. 

4. Disclosure and transfers of data 

We utilise Aallon Helsinki Oy in the processing of personal data. Data is not regularly disclosed to other external parties. Data can be disclosed in so far as it has been agreed with the data subject. 

Data may be transferred outside the European Union or the European Economic Area only on the grounds required by the data protection legislation, for example, when the service providers process personal data on the behalf of Kansalaisareena ry. 

5. Principles concerning protection of the register 

The processing of the register is carried out with caution, and appropriate measures are taken to protect the data to be processed. We take care that the stored data, access rights, and other personal data are processed confidentially, and all processors of personal data are bound by confidentiality. 

We use the following protection mechanisms to ensure the safety of the processing of personal data: 

– Access to digital content requires submitting a personal username and password. The systems are also protected with firewalls and other technical mechanisms. 

– Access to data and the right to use them is only reserved to certain employees of the data controller whose job description includes processing membership data and to certain processors of personal data authorised under contract. 

– Paper documents are stored carefully and disposed by respecting information security after the data have been transferred to electronic systems. 

– The personnel authorised to process personal data has been advised to follow the correct protocol regarding data protection. 

– Digital content is regularly backed up. 

6. Data subject’s rights 

The data subject has the right to: 

– verify the data stored in the register concerning them and demand rectification of any incorrect data or have incomplete data completed; 

– receive a summary about the data concerning them within a month after submitting a request and transfer their data from one system to another;

– withdraw their consent on which the processing of data has been based on and demand the controller to erase any data concerning them from the system; 

– receive a notification of a security breach if it is likely that the breach creates a great risk to an individual’s rights and freedoms;

– demand restriction of the processing of data concerning them or fully prohibit the processing of their data in certain circumstances; and

– file a complaint to the data protection supervisor if the data subject sees that the up-to-date data protection legislation has been violated with respect to the processing of their data. 

7. Contact information 

If you wish to use your rights or you have questions about the processing of personal data, please contact the person specified in the section 1 of the register by email. We can disclose personal data from the register only to data subjects whose identity has been verified. 

Privacy statement for the participant register

1. General 

Data Controller: 
Kansalaisareena ry (Business ID 0972562-2) 
Sturenkatu 11 
00510 Helsinki 
Contact person: 
Marjo Salmela 
marjo.salmela@kansalaisareena.fi 
044 972 0754 

2. Purpose and legal grounds for the processing of personal data 

A ‘data subject’ refers to a person who has signed up for an event organised by Kansalaisareena ry. The legal grounds for the processing of personal data is the contractual need to carry out the participation of the data subject to an event. With regard to sensitive data (diet, mobility limitations and need for an interpreter or other personal support), the legal grounds is the data subject’s own consent. 

Purposes of use of personal data include: 

  • informing about events 
    • ordering services related to an event to a data subject 
    • invoicing entry fees if an event has an entry fee

3. Data content of the register and retention periods 

Data is collected from the data subjects themselves with a web form or via email. 

The register may include the following personal data: 

– name and contact details of the data subject: phone number, email address, and home municipality 

– data subject’s background community 

– data subject’s age 

– data subject’s diet, mobility limitations, and need for an interpreter on other personal support 

– invoicing details and paid/unpaid participation fees 

The data that has become redundant for their intended purpose or outdated will be anonymised or deleted by respecting information security. In addition to this, if there is no justification for the processing of the data, the data in question will be anonymised or deleted respectively. In principle, data is deleted or anonymised after an event, and no later than within a year after the event. 

4. Disclosure and transfers of data 

We utilise Aallon Helsinki Oy in the processing of personal data. Data is not regularly disclosed to other external parties. Data can be disclosed in so far as it has been agreed with the data subject. 

Data may be transferred outside the European Union or the European Economic Area only on the grounds required by the data protection legislation, for example, when the service providers process personal data on the behalf of Kansalaisareena ry. 

5. Principles concerning protection of the register 

The processing of the register is carried out with caution, and appropriate measures are taken to protect the data to be processed. We take care that the stored data, access rights, and other personal data are processed confidentially, and all processors of personal data are bound by confidentiality. 

We use the following protection mechanisms to ensure the safety of the processing of personal data: 

– Access to digital content requires submitting a personal username and password. The systems are also protected with firewalls and other technical mechanisms. 

– Access to data and the right to use them is only reserved to certain employees of the data controller whose job description includes processing participant data and to certain processors of personal data authorised under contract. 

– The personnel authorised to process personal data has been advised to follow the correct protocol regarding data protection. 

– Digital content is regularly backed up. 

6. Data subject’s rights 

The data subject has the right to: 

– verify the data stored in the register concerning them and demand rectification of any incorrect data or have incomplete data completed; 

– receive a summary about the data concerning them within a month after submitting a request and transfer their data from one system to another;

– withdraw their consent on which the processing of data has been based on and demand the controller to erase any data concerning them from the system; 

– receive a notification of a security breach if it is likely that the breach creates a great risk to an individual’s rights and freedoms;

– demand restriction of the processing of data concerning them or fully prohibit the processing of their data in certain circumstances; and

– file a complaint to the data protection supervisor if the data subject sees that the up-to-date data protection legislation has been violated with respect to the processing of their data. 

7. Contact information 

If you wish to use your rights or you have questions about the processing of personal data, please contact the person specified in the section 1 of the register by email. We can disclose personal data from the register only to data subjects whose identity has been verified. 

Privacy statement for the volunteer and representative register

1. General 

Data Controller: 
Kansalaisareena ry (Business ID 0972562-2) 
Sturenkatu 11 
00510 Helsinki 
Contact person: 
Marjo Salmela 
marjo.salmela@kansalaisareena.fi 
044 972 0754

2. Purpose and legal grounds for the processing of personal data 

A ‘data subject’ refers to a person who is a volunteer of Kansalaisareena ry or who has shown their interest in the voluntary activity of Kansalaisareena ry and to a person who has been chosen as a representative in the board of directors of Kansalaisareena ry. With regard to representatives, the legal grounds for the processing of personal data are the obligations under the Associations Act (1989/503) and Accounting Act (1997/1336), and with regard to volunteers, the data subject’s own consent. 

Purposes of use of personal data include: 

  • agreeing on voluntary tasks and other communication concerning volunteering 
    • ensuring the quality and development of voluntary activity 
    • monitoring, analysing and statistics of voluntary activity 
    • writing certificates of voluntary activity 
    • event invites and surveys 
    • administration of the association 
    • travel expenses 

3. Data content of the register and retention periods 

Data is collected from the data subjects themselves with a web or paper form, via email, or in meetings. 

The register may include the following personal data: 

– name and contact details of the data subject: phone number, email address, home address, and date of birth 

– data subject’s educational and work background 

– voluntary tasks and agreed and executed voluntary and representative tasks in which the data subject is interested

– other data submitted by the data subject 

– social security number regarding representatives 

Personal data is stored for no longer than necessary for the purposes for which the personal data is processed. The data is updated and their timeliness is verified regularly. During verification, all unused and outdated data will be erased. 

4. Disclosure and transfers of data 

Data is not regularly disclosed to other external parties. Data can be disclosed in so far as it has been agreed with the data subject. 

Data may be transferred outside the European Union or the European Economic Area only on the grounds required by the data protection legislation, for example, when the service providers process personal data on the behalf of Kansalaisareena ry. 

5. Principles concerning protection of the register 

The processing of the register is carried out with caution, and appropriate measures are taken to protect the data to be processed. We take care that the stored data, access rights, and other personal data are processed confidentially, and all processors of personal data are bound by confidentiality. 

We use the following protection mechanisms to ensure the safety of the processing of personal data: 

– Access to digital content requires submitting a personal username and password. The systems are also protected with firewalls and other technical mechanisms. 

– Only certain employees, whose job description includes processing of data of volunteers, of the data controller have the right to access and use data. 

– The employees authorised to process personal data have been advised to follow the correct protocol regarding data protection. 

– Paper documents are stored carefully and disposed by respecting information security after the data have been transferred to electronic systems. 

– Digital content is regularly backed up. 

6. Data subject’s rights 

The data subject has the right to: 

– verify the data stored in the register concerning them and demand rectification of any incorrect data or have incomplete data completed; 

– receive a summary about the data concerning them within a month after submitting a request and transfer their data from one system to another;

– withdraw their consent on which the processing of data has been based on and demand the controller to erase any data concerning them from the system; 

– receive a notification of a security breach if it is likely that the breach creates a great risk to an individual’s rights and freedoms;

– demand restriction of the processing of data concerning them or fully prohibit the processing of their data in certain circumstances; 

– file a complaint to the data protection supervisor if the data subject sees that the up-to-date data protection legislation has been violated with respect to the processing of their data. 

7. Contact information 

If you wish to use your rights or you have questions about the processing of personal data, please contact the person specified in the section 1 of the register by email. We can disclose personal data from the register only to data subjects whose identity has been verified. 

Privacy statement for the job applicant register 

1. General 

Data Controller: 
Kansalaisareena ry (Business ID 0972562-2) 
Sturenkatu 11 
00510 Helsinki 
Contact person: 
Elina Varjonen 
elina.varjonen@kansalaisareena.fi 
044 240 0051

2. Purpose and legal grounds for the processing of personal data 

A ‘data subject” refers to a person who has applied for a job, work trial or internship at Kansalaisareena ry either by replying to a job advertisement or submitting an open job application. 

The grounds for the processing of personal data is the legitimate interest of Kansalaisareena ry that is based on the appropriate communication between Kansalaisareena ry and the data subject while the data subject applies for the job of Kansalaisareena ry. 

Purposes of use of personal data include: 

  • carrying out and managing recruiting measures 
    • processing of applications 
    • assessing the aptitude of the applicant 
    • communication concerning job search and recruiting 

3. Data content of the register and retention periods 

Data is mainly collected from the data subjects themselves according to the applications they have sent. 

Kansalaisareena ry may, to the extend permitted by law, collect data concerning the data subjects from other sources. If data is collected from other sources than the applicant themselves, in principle, the data subject will be asked for their consent. These other sources may include, for example, sub-contracted person and aptitude assessments.

Only such personal data that is necessary for the aforementioned purposes of use will be registered. 

The register may include the following personal data: 

– entire name and contact details (such as phone number, email address, home address, postal code, city); 

– personal identification (such as year of birth, social security number, and gender); 

– educational information (such as name of the educational institution, degree title, and duration of studies); 

– work experience (such as previous and current employers, job title, and duration of the employment) 

– language skills; 

– possible information about person and aptitude assessments; and 

– job to be applied for; 

– other information submitted by the applicant in their application or resume. 

Personal data is stored for no longer than necessary for the purposes for which the personal data is processed. The data is updated and their timeliness is verified regularly. During verification, all unused and outdated data will be erased. 

The retention period of data may vary according to data groups, and Kansalaisareena ry may be obligated under legislation to storage some data, which is why the exact erasure periods and practices vary. However, Kansalaisareena ry aims at erasing outdated an unnecessary personal data without undue delay. 

4. Disclosure and transfers of data 

Kansalaisareena ry may disclose personal data to the extent permitted and obligated by the up-to-date legislation. In principle, data will be only disclosed with the consent of the data subject or on the grounds required by the data protection legislation, or to authorities, such as tax, distraint and social authorities as specifically laid down concerning data disclosure. Kansalaisareena ry may transfer personal data concerning commissions of Kansalaisareena ry to sub-contractors and service providers processing personal data. 

Data may be transferred outside the European Union or the European Economic Area only on the grounds required by the data protection legislation, for example, when the service providers process personal data on the behalf of Kansalaisareena ry. 

5. Principles concerning protection of the register 

The processing of the register is carried out with caution, and appropriate measures are taken to protect the data to be processed. We take care that the stored data, access rights, and other personal data are processed confidentially, and all processors of personal data are bound by confidentiality. 

We use the following protection mechanisms to ensure the safety of the processing of personal data: 

– Access to digital content requires submitting a personal username and password. The systems are also protected with firewalls and other technical mechanisms. 

– Access to data and the right to use them is only reserved to certain employees of the data controller whose job description includes processing personnel data (job contract, occupational health services, supervisory responsibilities) and to certain processors of personal data authorised under contract. 

– The personnel authorised to process personal data has been advised to follow the correct protocol regarding data protection. 

– Manual content is stored carefully and disposed by respecting information security after the data have been transferred to electronic systems. 

– Digital content is regularly backed up. 

6. Data subject’s rights 

The data subject has the right to: 

– verify the data stored in the register concerning them and demand rectification of any incorrect data or have incomplete data completed; 

– receive a summary about the data concerning them within a month after submitting a request and transfer their data from one system to another;

– receive a notification of a security breach if it is likely that the breach creates a great risk to an individual’s rights and freedoms;

– demand restriction of the processing of data concerning them or fully prohibit the processing of their data in certain circumstances; and

– file a complaint to the data protection supervisor if the data subject sees that the up-to-date data protection legislation has been violated with respect to the processing of their data. 

The data controller may refuse carrying out a demand concerning objectification or erasure only under conditions provided by the law. If the data controller refuses to agree to the demands of the data subject, the data subject has the right to file a complaint to the data protection ombudsman. The data subject also has the right to demand that the processing of contradictory data is restricted until the matter is solved. 

7. Contact information 

If you wish to use your rights or you have questions about the processing of personal data, please contact the person specified in the section 1 of the register by email. We can disclose personal data from the register only to data subjects whose identity has been verified.

Share the article in social media:
Back to the top of the page