Privacy Statement

Privacy Statement

Members, volunteers and network 

This privacy notice contains information for data subjects of Fiskars Local History Society (Fiskars hembygdsförening r.f.), in compliance with the Data Protection Act (10 ja 24 §) and the EU’s General Data Protection Regulation (GDPR).

1. Registrar

Fiskars Local History Society/Fiskars Museum

Åkerraden 26 
10470 Fiskars
Finland

2. Contact-person in register-related matters 

Membership Registry of the Society

Cecilia Bruncrona
cecilia@elimo.fi
+358 40 825 4884

The Customer Service, Network and Volunteers Register of Fiskars Museum

Museum Director Emi Ingo
emi.ingo@fiskarsmuseum.fi
+358 45 353 8381

3. Name of registers

The Membership Register of Fiskars Local History Society
The Register of Volunteers of Fiskars Museum
The Customer Service and Network Register of Fiskars Museum

4. Purpose and legal basis for processing of personal data 

The processing of personal data in the register is based on fulfilling the purpose of the Associations Act (503/1989): to keep a membership registry, to create activities to the members, inform members, to collect membership dues and to acquire funding. The information can also be used to document memberships that have ceased.

The purpose of processing the personal data is the administration of volunteers, contacts and spreading information. The purpose of the personal data concerning customers and networks is spreading information and marketing.

Legal basis: 

Associations Act (503/1989) 26.5.1989 https://finlex.fi/sv/laki/ajantasa/1989/19890503 (in Swedish). The Act requires that a membership registry is kept.

The EU’s General Data Protection Regulation, Article 6, paragraph 1f. In some cases, processing of personal data is mandatory to ensure the interests of the data subject. For example, to inform the customers and network of the Fiskars Museum about events, services, news or other matters of public interest.

The EU’s General Data Protection Regulation, Article 6, paragraph 1a. When the data subject has given his or her consent for the processing of the personal data for one or several specific purposes.

5. Register data content

The registrar processes personal data such as:

  • first name and surname, date of birth and mother tongue 
  • postal address, e-mail address and telephone number 
  • information about the membership, its duration and the payment of membership dues
  • information about electronic communication

The registrar decides on regular basis, with respect to prevailing legislation, which is the most appropriate way of storing the personal data. Membership data and information about partners of co-operation is stored for the duration of the contract or membership, and expires at the latest 10 years after the agreement has ceased. Information that has been collected with the consent of the data subject is stored until further notification of its removal.

6. Standard sources of information and data contents

The information has, for example, been collected by the registrar as a result of membership enrolment, when the data subject has handed over personal information to the registry or started working as a volunteer. As far as networks are concerned, information can also be gathered from reliable public sources.

7. Information transfer, disclosure and recipients 

Fiskars Local History Society transfers information only to those service providers that are needed, such as  the technical support of the registry, for billing members for membership dues or other fundraising causes, for communicating with members and networks, to produce activities for members and to support administrative services of the Society.

No personal data is transferred outside the EU or the EEA. 

8. Principles of register protection

Electronically processed material:

Personal data is collected in databases which are protected by firewalls, passwords and other technical means. The data is handled only by authorized personnel. Each user has been issued a unique user name and password to the system. Work stations and equipment used for storing the personal data or where security copies are, are password-protected.

The personal data has not been classified as secret, though it is not publicly available.

Manually processed material:

The material is kept at Fiskars Museum or in private quarters of board members or the register-controlling person’s home in supervised and locked spaces.

9. Third-party

We use services provided by a third-party. The third-party organizations have been carefully selected with regard to their compliance with the EU’s General Data Protection Regulation (GDPR). These third-parties are in the Unites States and they comply with the EU-US Privacy Shield Framework adopted to the EU’s Privacy Statement. The services provided may include cookies to optimize site functionality and to give the best possible user experience, to market or contact other third-party.

Familiarize yourselves with the use of cookies here.

9.1. WP Engine

Hosting services of the website are provided by WP Engine. WP Engine is committed to comply with the EU’s Privacy Statement. WP Engine offers 24/7 protection to websites, HTTPS-protection, regular updates, storing of personal data in databases which are protected by firewalls, encryption. The access to the databases is limited to authorized users only.

Read more of WP Engine and the terms here.

9.2. Google Analytics

Google Analytics Service is used to track website traffic. The service stores cookies from the user’s platform, for example, to track and report website traffic. The information may also be used to create sales and marketing forecasts. Cookies are files stored on the computer designed to hold a small, specific amount of data about a specific website or client. Cookies often contain an anonymous, personal identification code enabling the service provider to identify and count the number of clients using the interface.

More information about the terms of Google Analytics is found here.

9.3. Manage the use of cookies

You can easily remove any cookies that have been created in the cookie folder of your computer browser or by changing the browser’s cookie settings. Disabling the cookies can affect the user friendliness of our website. Please learn how we use cookies here.

10. Right of inspection

A data subject has the right to request the controller:

  • to provide access to personal data concerning him or her and information on how this data is used 
  • to review information concerning him or her stored in the database 
  • to demand that data stored on him or her is corrected if wrong
  • to remove information, provided that there is a legal ground 
  • to withdraw a consent or object to the processing of the personal data based on the consent of           the data subject 
  • to object to the processing of the personal data or to demand restrictions on it 
  • to lodge a complaint to the supervisory authority regarding his or her personal data

11. Changes in data protection

The information of this Privacy Statement can be amended according to changes in the activities or in legislation.

Updated 30.9.2020

Privacy Statement 
Administration of Collections


This privacy notice contains information for data subjects of Fiskars Local History Society, in compliance with the Data Protection Act (10 ja 24 §) and the EU’s General Data Protection Regulation (GDPR).

1. Registrar

Fiskars Local History Society /Fiskars Museum/Pohja Local History Archive
Åkerraden 26 
10470 Fiskars
Finland

2. Contact person in register-related matters 

Amanuensis Maria Ollikainen
maria.ollikainen@fiskarsmuseum.fi
+358 45 353 8391

Pohja Local Historical Archive, archival register

Archivist Jonas Selenius
arkivet@fiskarsmuseum.fi
+358 44 050 0854

3. Name of register

The register of Fiskars Museum’ s Collections
The register of Pohja Local Historical Archive

Forms of register:

Electronically processed material: Collecte, collections management database.

Analogically processed material: donations, loan requests, old files and diaries, requests for images and photographs, images arranged according to site or use, cataloged and uncataloged archival material.

4. Purpose and legal basis for processing of personal data 

The processing of personal data in the register is based on the necessity to handle the collections of the Museum and the archives and fulfilling the purpose of Museums Act (1992).

Legal basis: 

Museums Act (1992/729), Amendments 1996/1166, 1998/644, 2005/877 and decrees of the Finnish Government on Museums 2005/1192

The EU’s General Data Protection Regulation, Article 6, paragraph 1e, according to which the processing of personal data is necessary in tasks of public interest.

Finnish Data Protection (1050/2018) Act § 4

5. Register data content

The registrar processes personal data in the handling of the collections related to items, images and archival material. The following data is stored in the system:

  • name, sex, date of birth and death 
  • place of birth and residence 
  • education, occupation and title 

The registrar may also process personal data in the handling of the collections such as: 

  • information about donators such as name, address, telephone number, e-mail address, date of birth and place or occupation 
  • information about loan requests such as names, addresses, telephone numbers and e-mail addresses. 
  • information about who handled the request.

Personal data is retained permanently. The information is not public. 

The personal data included in the metadata of collections is necessary to ensure the reliability, integrity, usability and preservation of collections and archival documents. Information about the creators of collections is an important part of the metadata describing the origin and context of the collections. Information about creators is often needed to find and use the collections and their information content. Information about the author of the material may be necessary to assess the reliability and evidential value of the collections and their information content.

The controller also processes personal data in the context of archiving activities. Some archive collections contain the names, addresses and personal identity numbers of living persons. According to section 4 of the Finnish Data Protection Act, the controller has the right to process research and cultural heritage material and related metadata containing personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, in a manner proportionate to the public interest objective pursued. The public interest mission of archives and museums is to preserve and make accessible cultural heritage and research material.

6. Standard sources of information

The information has been collected by the registrar as a result of the work of the Museum or research, documents or archival information, and has in many cases been collected from the customers themselves or received via donations.

7. Information transfer, disclosure and recipients 

As a rule, no information is disclosed to third-parties. No personal data is transferred outside the EU or the EEA. Personal data may be transferred to researchers or to customers conducting research in the Museum’s collections system.

Where necessary, the controller will classify archival material containing personal data in order to protect the personal data of data subjects from unauthorised use. The classified archival material will be available for scientific research even during the period of confidentiality (unless otherwise agreed with the donor/creator of the material in question). In that case, the use of the material will be carefully documented and the purpose of the use of the material will be clarified.

According to Section 35 of the Finnish Data Protection Act, archive and museum staff have a duty of confidentiality when carrying out activities involving the processing of personal data.

8. Principles of register protection

Electronically processed material:

Personal data is collected in the Collecte database and is protected by a firewall, passwords and other technical means. This data is handled only by authorized personnel. Each user has been issued a unique user name and password to the system. Authorization to the system is granted by the main user responsible for the handling of the museum’s collections systems. The database logs store information on who has edited, added and/or deleted data.

The personal data has not been classified as secret, though it is not publicly available.

Analogically processed material:

The material is kept in locked and restricted areas. Only the staff of the archive and the museum have access to the archive premises, where archival material containing personal data is catalogued, stored and destroyed. No personal data contained in the archival material will be published in any form whatsoever. The organisation and cataloguing of archival material is one of the safeguards for the processing of personal data. In the process of arranging and cataloguing, the research or cultural heritage value of the personal data is assessed and unnecessary personal data is removed. Unnecessary archival material containing personal data is removed and always destroyed in a secure manner.

9. Right of inspection

A data subject has the right to request the controller:

  • to provide access to personal data concerning him or her 
  • to review information concerning him or her stored in the database 
  • to demand that data stored on him or her is corrected if wrong
  • to remove information provided that there is a legal ground 
  • to withdraw a consent or object to the processing of the personal data based on the consent of the data subject 
  • to object to the processing of the personal data or to demand restrictions to it 
  • to lodge a complaint to the supervisory authority regarding his or her personal data

10. Changes in data protection

The information of this Privacy Statement can be amended according to changes in legislation.

Updated 20.5.2025