Skip to main content

Privacy Policy

Version: 1.2
Last changes: 19.02.2026

Controller

The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

Vihreä Pourusmäki ry
Kuisemantie 150
36660 Laitikkala
Finland
Vihreä Pourusmäki ry website

For privacy-related inquiries, please contact us via the contact form on our website or via the official contact email published there.

Scope of this Policy

This Privacy Policy applies to the digital services operated under the European Permaculture Network (EuPN), including:

Principles of Data Processing

We process personal data in accordance with the GDPR and applicable Finnish data protection law.

We collect and process personal data only where:

  • it is necessary for providing our services,
  • you have given consent,
  • it is required to comply with legal obligations, or
  • it is based on our legitimate interest in operating secure and stable digital infrastructure.

We do not sell personal data and do not use it for advertising purposes.

Registration and User Accounts

When registering on our websites or services, we collect:

  • email address
  • username
  • profile information voluntarily provided

Purpose:

  • account creation
  • access to member features
  • communication regarding platform services

Retention:

  • Data is stored as long as the account remains active.
  • Users may request deletion of their account at any time.

Public Content (Profiles, Forum, Comments)

Registered users may publish content such as:

  • profile information
  • project descriptions
  • event listings
  • forum posts
  • comments

Please note:

  • This content may be publicly visible.
  • Users are responsible for the information they choose to publish.
  • Upon account deletion, personal data will be deleted unless retention is required for legal or integrity reasons (e.g., preserving discussion structure in the forum).

Nextcloud Services

EuPN provides a Nextcloud instance for file storage and collaboration.

Data processed may include:

  • files uploaded by users
  • metadata (timestamps, file size, user ID)

Purpose:

  • document storage
  • collaboration within EuPN activities

Access:

  • Access is restricted to authorized users.
  • Administrative access is limited to system administrators.

Retention:

  • Files remain stored until deleted by the user or account removal.

Newsletter

We send newsletters up to six times per year.

Data collected:

  • email address
  • optional name (if provided)

We use a double opt-in procedure. You may withdraw consent at any time via the unsubscribe link.

Retention:

  • Until unsubscribe.

Cookies and Analytics

Session Cookies

We use session cookies required for website functionality.

Matomo Analytics

We use self-hosted Matomo Analytics.

  • IP addresses are anonymized.
  • No personal profiling is conducted.
  • Data is used solely for improving the website.
  • Opt-out available.

Server Log Files

Our hosting provider automatically collects server log data, including:

  • IP address
  • browser type and version
  • access time
  • requested pages

Purpose:

  • security
  • system stability
  • abuse prevention

Retention:

  • Log files are retained for a limited period (typically 45 days), unless required for legal reasons.

We have data processing agreements in place with service providers where required.

Embedded Third-Party Content

We embed external services such as:

  • YouTube
  • Vimeo
  • OpenStreetMap

When such content is loaded, data (including IP address) may be transmitted to the respective provider.

Some providers may process data outside the EU.

Where applicable, safeguards such as Standard Contractual Clauses apply.

Please consult the respective providers’ privacy policies for details.

Data Transfers Outside the EU

Where third-party providers are located outside the EU/EEA, data transfers are based on appropriate safeguards under GDPR, such as Standard Contractual Clauses.

Data Retention

We retain personal data only as long as necessary for:

  • providing services
  • fulfilling legal obligations
  • protecting system integrity

Retention periods depend on the type of data and purpose.

Your Rights

Under the GDPR, you have the right to:

  • access your personal data
  • request rectification
  • request erasure
  • request restriction of processing
  • object to processing
  • request data portability
  • withdraw consent at any time

You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman.

Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

  • encrypted connections (HTTPS)
  • access controls
  • limited administrative access
  • secure hosting infrastructure

Automated Decision-Making

We do not conduct automated decision-making or profiling within the meaning of Article 22 GDPR.

Changes to this Policy

We may update this Privacy Policy when necessary to reflect legal or technical changes. The latest version will always be available on our website.