Privacy Policy

Contact Person

Administrative Secretary Virpi Peurakoski
Address: Kirkkotanhuantie 1, P.O. Box 2, 33471 Ylöjärvi
Phone: +358 44 786 8122
Email: virpi.peurakoski@evl.fi

Data Protection Officer

Mika Akkanen
Address: Näsilinnankatu 26, 33100 Tampere
Phone: +358 50 441 1567
Email: tietosuojavastaava.tampere@evl.fi

Name of the Register and Data Subjects

Privacy statement concerning the processing of personal data in Ylöjärvi Parish’s online services. We process personal data of participants in our activities and their guardians.

Purpose and Legal Basis for Processing Personal Data

Article 6 of the EU General Data Protection Regulation (GDPR). The administration of parish activities and service billing. The legal basis is legitimate interest, participation in activities, and the individual’s consent to the processing of their personal data (GDPR 6.1.f).

The data is used to enable participation in activities, to use parish services, or to contact us digitally. Feedback can also be given anonymously via the feedback form. Personal data submitted via feedback forms is only used to respond to the inquiry.

Data Categories and Content of the Register

Registration for parish activities is possible through the online service, in which case personal data of registrants is collected. Personal data provided in contact requests (e.g., booking a baptism or feedback form) is used to respond.

Registers used in parish activities

• Lists of registered participants and attendees: names and contact details (address, phone number, email)
• Billing information (camps, excursions)
• If necessary: dietary allergies and health information

Privacy statement for the registration system provider (Vitec Katrina) applies.

Data Sources

Data is obtained from participants with their consent. Registration forms are also stored in the parish’s customer management register (Katrina).

Disclosure of Data

Data is accessed by parish employees responsible for the activities and by financial administration staff for billing purposes, to the extent required by their duties. Data is disclosed to the customer upon request.

Stored data is restricted to the controller’s own use and is not disclosed to third parties without the individual’s consent and proper justification.

The parish may transfer non-personal statistical data to the Church’s statistical system.

Personal data is not transferred outside the EU or EEA.

Data is confidential under the Data Protection Act (2018/1050, Section 35).

Data may be disclosed to authorities when required by law. In case of accidents or incidents, data may be disclosed to healthcare personnel and insurance companies. Data is shared only with explicit consent or based on legal requirements.

Customers have the right to review their personal data. Requests must be made in a signed or otherwise verified document, or in person at the data controller’s office. Identity will be verified before releasing the data. Data will be provided in writing upon request.

Access requests are fulfilled without delay and are free once per year. Access may only be denied in exceptional cases (e.g., if disclosure could pose a serious risk to the individual’s health, treatment, or the rights of others).

Data Protection Measures

Access rights are defined and granted only as required for employees’ duties. Access is controlled through personal usernames and passwords, and usage is monitored. Persons handling personal data are bound by statutory confidentiality obligations. Personal data is processed carefully and securely.

Confidential data transmitted over public networks is encrypted using technical measures (SSL encryption).

Data Backup Responsibility

Data backups are managed by the Tampere IT Regional Center and, in part, parish staff.

Data Retention Period

Participant data is stored for the duration of the activity period or as long as the person participates.

• Personal data related to camps, trips, and events is stored for two years
• Data related to accidents or incidents is stored for ten years from the report
• Billing data is retained as required by accounting legislation

Rights of the Data Subject

The data subject has the right to:

• access their personal data
• correct inaccurate data and complete incomplete data
• request deletion of outdated data
• withdraw consent where processing is based on consent
• transfer data from one system to another (when based on consent, agreement, and automated processing)
• be informed of data security breaches
• lodge a complaint with the national supervisory authority if they believe their data is processed in violation of GDPR

These rights belong to the individual or their guardian.

No automated decision-making or profiling is carried out based on personal data.

The Data Protection Officer assists with exercising these rights.

Contact Details of the Supervisory Authority

Office of the Data Protection Ombudsman
Website: www.tietosuoja.fi
Visiting address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: P.O. Box 800, 00531 Helsinki
Phone: +358 29 56 66700
Email: tietosuoja@om.fi

Accessibility reviewed on April 23, 2026