Privacy policy Helsinki

Privacy policy for photography commissions awarded by the City of Helsinki through tendering.

Kuvaverkko stores and handles personal data in accordance with the EU GDPR and the current Personal Data Act (523/1999).

We may update this privacy policy from time to time by publishing a new online version of it. Therefore, we recommend that you read through our privacy policy when using our services.

Policy creation date: 18 January 2019

1. Registry holder

Kuvaverkko Oy
Business ID 10586551

2. Contact person

Juuso Siniketo

3. Name of the registry

Registry based on the customership between the City of Helsinki and Kuvaverkko or other appropriate connection.

4. The registry’s purpose of use

The legal basis for handling personal data, according to the EU General Data Protection Regulation, is:
–    Legitimate interest (customership)
–    Permission
Kuvaverkko will only handle personal data to the extent required to deliver the Service and only while the contract remains in effect. Kuvaverkko will not combine personal data with any other material in its possession or transfer personal data to third parties.

5. The data content of the registry

The data recorded in the registry includes:
Basic information, such as
–    first and last names
–    contact information (post address, email address, phone number) Information related to the customership or other appropriate connection, such as
–    image files
–    information concerning the registration (password and login)
–    information concerning order history, including payment methods and debt collection
–    reclamations, feedback and other communications and measures related to the customership or other connection, including recorded phone calls and the registrant’s actions in social media services related to the registry holder
–    marketing bans
–    marketing measures targeted at the registrant and their use
–    cookies and data concerning the registrant’s terminal and online actions (such as IP address) learned and collected with cookies or similar technologies

6. Registry protection

Kuvaverkko complies with an inherent default data protection system when producing, developing and delivering its Service. This means that the data protection principles are applied even to the early phases of data handling and that the requirements of the GDPR are complied with throughout the process of personal data handling.

A. Manual material

If paper forms have been used to sign up for a photo session, the information on these forms will be recorded after the session and the forms will be placed in a locked container.  The material will then be transported to a controlled waste management facility, where it is crushed and shredded and turned into material for tissue paper manufacturers.

B. Information saved into the information systems

Data contained in the registry and handled electronically is protected by firewalls, passwords and other technical means commonly approved in the field of information security. We will guarantee that the stored information and server access rights, as well as other personal data critical to data safety, are handled on a confidential basis and by only those employees whose roles include the handling of said data.

7.  Right of access and the right of requesting corrections

Kuvaverkko will ensure that the personal data it handles is in a commonly used, machine-readable form that allows for it to be automatically transferred from one system to another.
Every person included in the registry has the right to check their personal data that has been saved in the registry and request that any errors or omissions be rectified. If a person wants to check their personal data that has been stored in the registry or request a correction, they must send a request via email to asiakaspalvelu[at] The registry holder may ask proof of identity from a person submitting such a request, if necessary. The registry holder will reply to the Customer within a time period specified in the General Data Protection Regulation (typically within a month).

8. Right to be forgotten

A person whose data has been stored in our registry has the right to request that this data be removed from the registry.
All such requests must be sent via email to asiakaspalvelu[at]
The registry holder may ask proof of identity from a person submitting such a request, if necessary.
The registry holder will reply to the Customer within a time period specified in the General Data Protection Regulation (typically within a month).

9. Regular information sources

The registry’s regular information sources are the registered people themselves when they sign up for photo sessions or use Kuvaverkko’s online shop. You can provide information about yourself when registering, purchasing photo products or using Kuvaverkko’s other services, for example, or when participating in marketing campaigns. Additionally, we may collect data through the terminals you use, with the help of cookies or similar technologies.

10. Concerning data assignment and transfer

Kuvaverkko shall not assign or transfer the data in its customer information registry for any other purposes than debt collection and, upon request, to the people in question or authorities.
Kuvaverkko will also not transfer any personal data it has received outside the EU or EEC area.

Kuvaverkko will publish group and friend photos in its online shop and deliver copies of them to all the people in the photos and/or their guardians.

This registry statement will always be available at