Data protection statement 2020 of the network service

1. General information about the data protection statement

Kirkkopalvelut ry (The Church Resources Agency; hereinafter referred to as ‘Service provider’) has committed to protect the privacy of the users of the network service (hereinafter referred to as ‘Service’), also maintained by the Service Provider, in accordance with the Personal Data Act (523/1999), Information Society Code (917/2014) and other applicable legislation and regulations laid down by the authorities, in their up-to-date versions.

By using the Service, the user (hereinafter referred to as ‘User’) agrees to the terms of use (hereinafter referred to as ‘Terms’) included in this data protection statement. If the User does not agree with the Terms, the User must immediately stop using the Service.

2. Collected personal data

The Service Provider collects only such personal data about the User that are necessary for the purposes described in the section 4 of the Terms. Following personal data is collected and processed:

Personal information about the User:

  • contact details, such as name, address, phone number, and email address

  • registration information required by the user account, such as username, screen name, password, and other possible identifiers of the User

  • information about the User’s demographic group, such as age, gender, title or profession, and mother tongue

  • communication between the User and the Service Provider, such as contacts, feedbacks, and requests

  • recorded customer service calls

  • information about the User’s profile and interests

  • consents and authorisations

  • refusals

  • other information collected with the User’s consent

Observed data on service use:

  • information related to the identified User’s service use, such as the activity and browsing data of the service features

  • cookies and information collected with other similar techniques, such as the web page viewed prior to accessing the Service, terminal device model, personal device or cookie identifier, communication channel (desktop computer, mobile browser, application), browser version, IP address, session ID, session time and duration, screen resolution, and operating system

  • all other information the User submits or uploads to the Service (for example, the information the User fills in a web form or a photo the User uploads to the Service)

The Service Provider stores data in the marketing register on

  • the User’s name, title or profession, age, gender, and mother tongue

  • the identifier linked to the User

  • volunteer task and donation history, and

  • contact information for contact purposes

3. Sources of the collected data

The main sources of the personal data collected of the User are

  • information submitted by the User themselves when registering in the Service or updating the user profile

  • information about service use obtained by the techniques described in these Terms

  • The Service Provider also collects data from the registers of the parishes or churches and parish unions and other customers of the Service, provided that these customers have the right to disclose information, and from other public registers, such as the Finnish Population Information System.

4. Purpose of the personal data collection

The Service Provider collects personal data for predefined purposes only, and these purposes can be categorised as following:

  • management, activity, maintaining and improving of the Service

  • developing and personalising the Service and products and services related to it

  • answering to questions and carrying out requests

  • other communication with the User

  • fulfilment of the legal obligations of the Service Provider

  • other purposes authorised by the User

  • other purposes that are in accordance with the applicable legislation

5. Storing of personal data

The Service Provider stores personal data only if necessary, to carry out the purposes specified in the section 4 in accordance with the legislation and regulations from the authorities in force.

If the User has not logged in their user account for a long time, typically in 12 months, the data concerning the User is primarily deleted, transferred to a permanent archive register or changed so that the User can no longer be recognised from it.

Despite the procedures mentioned above, the information that the User has published about themselves will remain on public sections, such as on online forums.

In addition, the Service Provider stores personal data in compliance with the legislation in force.

6. Processing of personal data

In principle, the employees of the Service Provider are responsible for the processing of personal data.

If the Service Provider has outsourced the processing of personal data to a third party, the Service Provider ensures that personal data is processed appropriately in accordance with applicable legislation and regulations from the authorities.

It is not intended to transfer personal data outside EU/EEA. If personal data would be transferred outside EU/EEA later on, the Service Provider will make sure that the personal data in question is protected according to the privacy legislation in force, for example, by using standard contractual clauses of the European Commission.

7. Disclosure of personal data

The Service Provider does not sell, rent, or disclose the User’s personal data to third parties in other situations than in those described in the section 7.

Personal data can be disclosed to third parties if the User has expressed their consent.

The Service Provider can be obligated to disclose personal data in compliance with the legislation in force and with an order issued by a competent authority or other party.

Personal data can be disclosed for scientific or historic research whereupon the data of the User will be made anonymous.

Personal data can be disclosed to parties or advisors related to business reorganisation of the Service, such as asset deals, mergers, and demergers.

8. Protection of personal data

The Service Provider uses the necessary technical and organisational information security policies to protect personal data against unjustified access, disclosure, erasure, or other illegitimate processing.

These policies include using firewalls, encryption technology and safe IT areas, appropriate access control, controlled granting of access rights and supervision of their use, giving instructions to staff participating in personal data processing, and careful selection of subcontractors.

Even though the Service Provider does its best to protect personal data from any possible risk or exposure, it is impossible to create a complete information security in the online environment. Therefore, the User should not provide any sensitive information or information that is not required in the Service.

9. Use of cookies

Cookies are small files which are stored on the User's terminal device. They hold an individual identifier which helps the Service Provider to identify the User and count the web browsers visiting the Service.

The Service Provider can collect data on terminal device and service use through cookies and other techniques, such as utilising the local data repository of the web browser.

10. Data collection of third parties

Third parties refer to parties outside the Service, such as measurement and monitoring service providers and so-called providers of social plugins, such as Facebook, Twitter, and Google+.

Since the third party services as mentioned above are based on data transfer between the Service and the service provided by the third party in question, to the extent the services are provided and utilised in relation to the Service, it is possible that such third parties can collect data on the User by installing cookies on the User’s terminal device.

The Service Provider aims to ensure with contractual agreements, as far as possible, that such third parties comply with the legislation in force.

11. User involvement

Direct marketing restriction: The User has the right to forbid the use and processing of their data for direct advertising, distance sales and other direct marketing by contacting us via email at [email protected].

Data verifying: The user has the right to verify any personal data collected on them and request the rectifying, erasure, or completion of inaccurate, unnecessary, or outdated data by contacting us via email at [email protected].

Disallowing cookies: The user has the possibility to disallow the use of cookies by changing the settings of their browser. Disallowing cookies can affect the user experience.

Clearing cookies: The User can clear cookies from their browser by changing settings. Clearing cookies can affect the user experience.

12. Changing the data protection statement

The Service Provider aims at constantly developing the Service which can necessitate changes concerning these Terms. Changes can also arise from the legislation and regulations laid down by the authorities.

The Service Provider reserves the right to change these Terms. The Service Provider informs about the change of Terms in the Service. The User is therefore advised to regularly review these Terms.

If the User continues to use the Service after having been informed of the relevant changes, the User is deemed to have accepted the updated Terms.

13. Contact information

If you have any enquiries concerning the processing of your personal data, please address them to the personal data controller [email protected] (phone number [phone number]).

You can also send your enquiries to the address:

Kirkkopalvelut ry (The Church Resources Agency)
Data protection
Järvenpääntie 640, 04400 Järvenpää