Skip to content
English

Privacy Policy

Privacy Policy – Lahden Vapaaseurakunta

Version: 16 April 2026

Controller

Lahden Vapaaseurakunta (The Evangelical Free Church in Lahti)
Business ID: 0222184-3
Vesijärvenkatu 38
15140 Lahti, Finland

General

Our activities require us to collect and process personal data relating to you. We are committed to safeguarding your privacy and protecting your personal data.

This Privacy Policy explains what personal data we collect, why and how we collect it, the legal basis for processing, who processes the data, how it is protected, and what rights and control you have over your personal data.

Lahden Vapaaseurakunta (The Evangelical Free Church in Lahti) processes personal data in accordance with this Privacy Policy and applicable legislation.

Purpose of processing personal data

We may collect and process personal data for the following purposes:

  1. maintaining the membership register (full and family members) and the Lahen Vapis community register;
  2. organising activities;
  3. monitoring our activities;
  4. communicating with individuals involved in or interested in our activities.

Categories of personal data collected

We may collect the following categories of personal data:

  1. contact details (such as name, email address, telephone number and address);
  2. personal details (such as gender, date of birth, allergies and marital status);
  3. family-related information (such as wedding date and family members);
  4. participation data (such as teams, small groups, volunteer roles and communication);
  5. information about newsletter subscriptions;
  6. information about access rights;
  7. service usage data (such as written messages, projects and settings);
  8. your profile image.

Sources of personal data

We collect personal data from publicly available sources, from you directly in connection with contact or use of services, and from your representative or other shared third parties.

Legal basis for processing

There is always a legal basis required by law for the collection and processing of your personal data. We process your data either with your consent, for the performance of a contract, to fulfil legal obligations, or on the basis of another legitimate interest.

These interests must not override your interests, rights or freedoms.

Recipients of personal data and disclosures

Your personal data is processed by members of the church elders/board, staff, and volunteers in the performance of their duties. In events organised together with other communities, the data is also processed by persons designated by the partner organisation.

Parts of the processing of personal data have been outsourced to third parties, such as information systems used for storing and processing personal data. In such cases, we ensure that the confidentiality of your personal data is preserved and that the information security of these systems is appropriately managed.

Your personal data is processed using the following information systems and in accordance with the following data protection policies:

  1. MailChimp (internal and external communication, etc.) About Mailchimp, the EU/Swiss Privacy Shield, and the GDPR: https://eepurl.com/dyikdv;
  2. Google, Llc. Security. Privacy Policy. Security and Compliance. (file storage and sharing, etc.);
  3. HubSpot, https://legal.hubspot.com/privacy-policy (website communication, cookies, data collection via forms, etc.);
  4. Microsoft Office -environment;
  5. Flomembers, https://flomembers.fi/ (maintenance of the Lahen Vapis community register).

Your data is not disclosed to third parties in other cases except to fulfil contractual or legal obligations and claims or when required by a competent authority.

Transfers outside the EU/EEA

As a rule, your data is not transferred outside the European Union (EU) or European Economic Area (EEA).

If personal data is processed using systems located outside this area, we ensure that the providers meet the security requirements required by law.

Processing of children’s data and special categories of data

The register may contain personal data of children under the age of 16.

In such cases, the controller ensures reasonable measures to verify parental consent or approval. Users of the data are bound by confidentiality.

The register may contain sensitive data relating to registered individuals, such as marital status, participation in the activities of a religious community, or other similar necessary information.

In such cases, the controller ensures reasonable measures to verify consent or approval. Users of the data are bound by confidentiality.

Data storage and security

Personal data is stored confidentially. Access to personal data is restricted through different levels of access rights.

Risk minimisation

Archiving of paper documents: The use of printouts is minimised. Printouts containing personal data are properly destroyed. Members of the board, staff, and volunteers have been informed about good data security practices.

Data breaches: The controller’s ability to influence how well users maintain the level of data security is limited to advising good practices. Access rights of event leaders to personal data of their event end when the event ends.

Theft of technical devices: Computers are protected with passwords. Data is not stored unnecessarily on devices.

Use of cookies

We use cookies on the website to develop our operations and to ensure the functionality of the site.

Cookies are small text files stored on your device. Through cookies, we obtain anonymous information about how the website is used. We may use this information to develop services and the site, analyse usage, and target and optimise marketing.

If you do not accept the use of cookies, you can block them in your browser settings. In such cases, the website may not function as intended.

Your rights

You have the right and possibility to influence your personal data in the following ways:

  1. Right of access — you can find out whether we process your personal data and what data we process;
  2. Right to rectification — you can update incorrect, outdated or incomplete data;
  3. Right to restrict processing — you can define what data we may process, for how long, and how;
  4. Right to data portability — you can receive your data in a commonly used format and transfer it to another service provider;
  5. Right to be forgotten — you can request deletion of your personal data unless processing is necessary to fulfil legal or contractual obligations;
  6. Right to object — you can object to the processing of your personal data unless we have a legitimate and justified reason or legal obligation;
  7. Right to lodge a complaint — you can contact the Data Protection Ombudsman.

You can exercise these rights by contacting: office@lahenvapis.fi

Updates to this Privacy Policy

We may make changes to this Privacy Policy as our activities or legislation change.

Changes take effect when the updated Privacy Policy is published. We recommend reviewing this policy periodically.

If changes invalidate the legal basis for processing, your personal data will be deleted or the legal basis will be updated as required by law.

Contact details

Jari Alatalo

Administrative Director

Email: office@lahenvapis.fi

Postal address:

Lahden Vapaaseurakunta
Vesijärvenkatu 38
15140 Lahti, Finland