Privacy policy

The Summer Services complies with the EU General Data Protection Regulation (GDPR) in the processing of personal data. Privacy notices are available in the systems in use and at the various service points of different operations.

Read our privacy notices:

Privacy policy for the Suviseurat.fi website

Updated 28.5.2026

Controller

Suomen Rauhanyhdistysten Keskusyhdistys ry
The Central Association of Finnish Associations of Peace (SRK)
Y-tunnus (Business ID): 0210188-4
Kiviharjunlenkki 7, 90220 Oulu
Phone number: 040 149 3530
Email: srk@srk.fi

Contact person

Henna Pärkkä
Contact information: tietosuoja@srk.fi
Additional contact information: 040 7667 583

Name of the register

Summer Services website suviseurat.fi

Purpose of processing personal data

The information in the register is used to monitor and improve the use of the website.

Description of the contents of the register

The website automatically collects technical usage data during visits to the site. No data is collected through forms or user registration. The information collected varies depending on the type of cookie and may include the following:

Essential cookies store the user’s choices regarding cookie settings as well as the selected language for the duration of the session. These cookies do not collect personally identifiable information.
Statistical cookies (Google Analytics 4) collect anonymized usage data, such as approximate location, browser and device information, user behavior on the website, and a randomly generated user identifier. This data does not enable the identification of an individual person.
Marketing cookies (Meta Pixel) collect information about user behavior on the website, as well as browser and device data. Meta may combine this information with the user’s Facebook or Instagram profile if the user is logged in to those services. Marketing cookies are activated only with the user’s consent.
Social media embeds (Smash Balloon, Flickr) load content directly from the servers of social media platforms such as Facebook, Instagram, YouTube, and Flickr. These platforms may place third party cookies to collect browser and user behavior data. The embeds are activated only with the user’s consent.

More detailed information about the cookies in use can be found in the cookie notice: Evästekäytäntö (EU).

The website may publish contact details for the purpose of enabling contact. Information sent through these contact channels is not stored on the website, but is forwarded directly to the recipient. The recipient processes the messages in accordance with the organisation’s practices.

Legal basis for processing

Consent

Description of recipients of personal data

WordPress Foundation – Website traffic
Google LLC – Website analytics (GA4)
Complianz B.V. – Website cookie service
Meta Platforms Ireland Ltd (Meta Pixel) – Advertising measurement and targeted advertising
Smash Balloon LLC – Social media feeds
SmugMug Inc. – Social media feeds
System administrators of the information systems of the SRK office and the communications committee of the Summer Services organization
Chair of the Summer Services executive committee and SRK’s Summer Services specialist – Possible contacts through the website contact details

Data source

From the data subject
From other sources

Description of data sources

The data is collected automatically when the data subject uses the website, as well as through third party services such as analytics and marketing tools.

Is providing personal data required? And consequences of refusing to provide personal data.

Providing personal data is not required by law or by contract, and using the website does not require the user to provide personal data. Refusing the use of analytics cookies does not prevent the use of the website, but it may affect the availability of certain functions.

Data rentention period

Technical and necessary cookies: Complianz stores the cookie consent information for 365 days, after which consent is requested again. The WordPress Multilanguage language selection cookie is deleted at the end of the session, meaning when the browser is closed.
Google Analytics 4: Event data is retained for 2 months and user data for 14 months.
The respective platforms are independently responsible for the retention periods of data generated through social media embeds, in accordance with their own privacy policies. The controller cannot influence these retention periods. More detailed information can be found in each platform’s own privacy policy:
- Meta: facebook.com/privacy/policy
- YouTube: policies.google.com/privacy
- Flickr: flickr.com/help/privacy
Server logs: The website’s static content is distributed through AWS CloudFront. Visitors’ IP addresses are not collected or stored in server logs.
Contacts: Any personal data accumulated through contact requests is transferred directly to the recipient and is not stored through the website. The recipient is responsible for determining the retention period for these messages.

Transfer of Personal Data Outside the EU or EEA

The third party services used by the website transfer data outside the EU and the EEA in the following ways:

Google LLC (Google Analytics 4): Data is transferred to the United States. The transfer is based on the EU Standard Contractual Clauses and the EU, U.S. Data Privacy Framework, to which Google has committed. More information about Google’s privacy practices is available at: policies.google.com/privacy.
Meta Platforms Inc. (Meta Pixel): Data is transferred to the United States. The transfer is based on the EU Standard Contractual Clauses and the EU, U.S. Data Privacy Framework, to which Meta has committed. More information about Meta’s privacy practices is available at: facebook.com/privacy/policy.
Smash Balloon LLC (social media embeds): Data may be transferred to the United States. Smash Balloon LLC’s privacy policy does not specifically confirm that the company has committed to the EU Standard Contractual Clauses or the Data Privacy Framework. More information is available at: smashballoon.com/privacy-policy.
Awes.me, Inc. d/b/a Flickr, Inc. (Flickr image embeds): Data is transferred to the United States. The legal basis for the transfer is the EU Standard Contractual Clauses and the Data Privacy Framework between the EU and the United States, to which Flickr has committed. More information about Flickr’s privacy practices is available at: flickr.com/help/privacy.
Social media platforms (Facebook, Instagram, YouTube, Flickr): Social media embeds load content directly from the servers of the respective platforms. As a result, the platforms may collect data in accordance with their own privacy policies. These transfers are carried out under the responsibility of the respective service providers.

Are automated decisions made based on the data?

Right to withdraw consent

Cookie settings can be changed, and consent can be withdrawn at any time through the cookie banner at the bottom of the page. The use of cookies can also be blocked in the browser settings.

Other rights of the data subject

Right to restriction of processing
Rights of access to personal data
Right to correct your personal data
Right to delete your personal data

How the data subject can exercise their rights

Because the website does not actively collect identifiable personal data, data subjects cannot be identified in relation to analytics data. For access requests and other requests, the data subject may be asked to provide sufficient information to verify their identity. The data subject can exercise their rights by contacting tietosuoja@srk.fi by email.

Right to file a complaint

Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State where they have their habitual residence or place of work, or where the alleged infringement took place, if the data subject considers that the processing of their personal data infringes the General Data Protection Regulation.