Data privacy

Register and Privacy Policy

This is the register and privacy policy of Saamelaistaiteen tuki ry drawn up in accordance with the EU General Data Protection Regulation (GDPR). Drawn up on 18 October 2023. Last modified on 18 October 2023.

1. Data controller

Skabmagovat/Saamelaistaiteen tuki ry

Sámi Cultural Centre Sajos

Menesjärventie 2

99870 Inari

2. Contact person in charge of the register

Aimo Aikio

+358 40 0164 198

3. Name of the register

Stakeholder register (filmmakers, press and volunteers)

The following data will be collected, as appropriate:

  • first name and surname
  • contact information
  • nationality
  • social security number or date of birth
  • job title
  • place of work or organisation

4. Legal basis and purpose of the processing of personal data

Lawfulness of the processing of personal data under the EU General Data Protection Regulation is based on

– the consent of the data subject (documented, voluntary, individualised, deliberate and unambiguous)

– legitimate interest of the data controller (customer relations with filmmakers before a contract and recruitment of volunteers).

The purpose of processing personal data is to communicate with stakeholders and to maintain customer relations.

Data is not used for automated decision-making, profiling or marketing.

5. Data content of the register

Data stored in the register includes data subject’s name, position, company/organisation, contact information (phone number, email address, address) and other data pertaining to customer relations and services provided.

The IP addresses of website visitors and cookies that are necessary for the functionalities of the service are processed on the basis of a legitimate interest in order to, inter alia, ensure data security and collect statistics on website visitors in cases where such data can be considered personal data. Consent will be requested separately for third-party cookies where necessary.

6. Regular sources of data

The data stored in the register is obtained from data subjects through, inter alia, messages sent via web forms and through email, telephone, social media channels, contracts, customer meetings and other situations where data subjects provide data pertaining to them.

Data pertaining to the contact persons of companies and other organisations can also be obtained from public sources, such as websites, directory services and other companies.

7. Regular disclosures and transfers of data outside the EU or EEA

Data is not regularly disclosed to other parties. However, data may be published if it has been agreed upon with the data subject and if it’s necessary for service operations.

Data may be transferred outside the EU or EEA by the data controller. Data will not be transferred to the United States without the data subject’s consent. By accepting the use of cookies on the website, the user agrees to the following.

We use the following services on our website: Google Forms, Google Analytics and Meta.

Transferring or disclosing data outside the EU or EEA when using Google Forms and Google Analytics:

  • Personal data contained in these services may be transferred outside the EU. Google complies with the EU Commission’s standard clauses to ensure the necessary level of data protection when personal data is transferred outside the EU. Saamelaistaiteen tukiyhdistys ry has accepted the EU standard clause as an additional privacy term in its contract with Google. For more information on the personal data collected by Google Forms, please visit

Transferring or disclosing data outside the EU or EEA when using Meta:

8. Principles of register protection

The register is handled with due diligence and the data processed using information systems is protected with appropriate methods. Where register data is stored on servers connected to internet, the physical and digital information security of the equipment used is ensured to an appropriate degree. The data controller shall ensure that the stored data as well as the rights of access to the servers and any other data that is critical in terms of personal data security are handled confidentially and only by employees whose job descriptions include these tasks.

9. Right of access and the right to rectification

Each data subject included in the register has the right to review the data pertaining to them stored in the register and to request rectification of any incorrect data or completion of any incomplete data. If a data subject wishes to review the data pertaining to them stored in the register or to request rectification of said data, they must send their request to the data controller via email. Where necessary, the data controller may ask the data subject to verify their identify. The data controller shall respond to the data subject within the time specified in the EU General Data Protection Regulation (within one month in general).

10. Other rights pertaining to the processing of personal data

The data subjects have the right to demand the erasure of any personal data pertaining to them from the register (“the right to be forgotten”). Niin ikään rekisteröidyillä on muut EU:n yleisen tietosuoja-asetuksen mukaiset oikeudet kuten henkilötietojen käsittelyn rajoittaminen tietyissä tilanteissa. All requests must be sent to the data controller via email. Where necessary, the data controller may ask the data subject to verify their identify. The data controller shall respond to the data subject within the time specified in the EU General Data Protection Regulation (within one month in general).

This privacy statement was last updated on 15.01.2024 and applies to citizens and legal permanent residents of the European Economic Area and Switzerland.

In this privacy statement, we explain what we do with the data we obtain about you via We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:

  • we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
  • we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
  • we first request your explicit consent to process your personal data in cases requiring your consent;
  • we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
  • we respect your right to access your personal data or have it corrected or deleted, at your request.

If you have any questions, or want to know exactly what data we keep of you, please contact us.

1. Purpose, data and retention period

We may collect or receive personal information for a number of purposes connected with our business operations which may include the following: (click to expand)

2. Sharing with other parties

We only share or disclose this data to processors for the following purposes:

3. Cookies

Our website uses cookies. For more information about cookies, please refer to our Cookie Policy

4. Disclosure practices

We disclose personal information if we are required by law or by a court order, in response to a law enforcement agency, to the extent permitted under other provisions of law, to provide information, or for an investigation on a matter related to public safety.

If our website or organisation is taken over, sold, or involved in a merger or acquisition, your details may be disclosed to our advisers and any prospective purchasers and will be passed on to the new owners.

We have concluded a data Processing Agreement with Google.

5. Security

We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorized access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.

6. Third-party websites

This privacy statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.

7. Amendments to this privacy statement

We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.

8. Accessing and modifying your data

If you have any questions or want to know which personal data we have about you, please contact us. You can contact us by using the information below. You have the following rights:

  • You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
  • Right of access: You have the right to access your personal data that is known to us.
  • Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
  • If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
  • Right to transfer your data: you have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
  • Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.

Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.

9. Submitting a complaint

If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the Data Protection Authority.

10. Contact details

Skábmagovat / Saamelaistaiteen tuki ry
Saamelaiskulttuurikeskus Sajos
Menesjärventie 2
Phone number: +358400164198