Privacy notice on processing of personal data in the project APRIORA

This privacy notice contains information to be disclosed with the data subject in accordance with Articles 13 and 14 of the General Data Protection Regulation of the European Parliament and Council. The notice contains information on how personal data is collected, used, disclosed and stored in the Finnish Environment Institute (Syke).

Syke has the right to make technical alterations to the privacy notice without notifying the data subject in advance.

Data controller and data protection officer

Finnish Environment Institute (Syke)
Latokartanonkaari 11
00790 Helsinki FINLAND
E-mail address: kirjaamo@syke.fi
Confidential e-mail address: https://securemail.ymparisto.fi 
Tel. +358 295 251 001

Contact details of the data controller:
Lauri Äystö, researcher, firstname.lastname@syke.fi,

and

Data protection officer: tietosuoja@syke.fi

Legal basis for data processing

We process your personal data as it is necessary for the performance of a task based on your written consent (Article 6 section 1 (a) of the General Data Protection Regulation and Data Protection Act (1050/2018).

Collected and processed personal data and the purpose for processing

We collect and process your personal data for organising project events and workshops, and possible targeted contacts.

The personal data collected includes first and last name, email address, phone number, title/position, and organization. Personal data is used for contacting purposes during the project. In Syke the collected personal data is handled by personnel working in the APRIORA project.

Collected personal data will not be used for automatic decision making nor profiling.

Sources of personal data

Personal data is acquired from the data subjects themselves.

Recipients of personal data

Syke may disclose personal data to partners for the purposes of processing personal data.

Syke does not actively transfer or disclose personal data outside the EU or EEA. However, Syke can use software service providers such as Microsoft in its operations, which most of the time operate as cloud services. This data is considered to be effectively transferred outside the EU/EEA, regardless of where the data is located.

On 10 July 2023, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework. The adequacy decision permits the transfer of data from the EU and EEA to participating companies in the US without additional safeguards.

The adequacy decision applies to transfers of personal data made to US companies that have committed to the safeguards specified in the arrangement. The adequacy decision cannot be used as an instrument for the transfer of personal data between public sector entities.

Syke ensures that the service providers it uses are on the list maintained by the European data protection authorities. https://www.dataprivacyframework.gov/list  

Protection of personal data

As the data controller, Syke has taken technical and organisational measures necessary to protect your personal data and requires these measures of any service providers used by it. Personal data is collected, for example, using Webropol program, whose privacy notice can be found at https://webropol.co.uk/privacy-policy/.

Storing of personal data

Personal data will be stored in electronic form for the time necessary for Syke to fulfil the purposes of processing described in this notice. The data will be deleted immediately when it is no longer needed. However, according to the filing plan, the data will be deleted no later than 10 years after.

All unnecessary data will be deleted without delay using effective and safe methods.

Your data protection rights related to processing of personal data

In this notice, we aim to provide an extensive explanation about processing of personal data in connection for its purposes. If anything regarding our processing of personal data is unclear, you may send in further questions to the contact person or Syke's data protection officer.

You have the following rights in accordance with the General Data Protection

Regulation:
You have the right to know how your data is processed and for what purpose.
You have the right to receive a copy of your personal data being processed.
You have the right to deny us to process or continue to process your personal data.

If any of your personal data processed by us is inaccurate, you may request us to rectify the inaccurate and faulty data. When we rectify data based on your request, we are obliged, if possible, to inform all recipients to whom the personal data has been disclosed of the rectification of the personal data.

You have the right to restrict the processing of your personal data based on a specific personal situation at any time.

You also have the right to lodge a complaint with a supervisory authority.

Supervisory authority in Finland is the Office of the Data Protection Ombudsman.  

Addres: Lintulahdenkuja 4, 00530 Helsinki, 800, 00531 Helsinki
e-mail: tietosuoja(at)om.fi
Phone: 029 566 6700
Registry: 029 566 6768
 

Published 26.11.2025 / Updated 27.11.2025