Privacy statement for web participants

This privacy statement outlines how we store and process personal data of participants who participate in our strategy dialogues and similar web-based co-creation processes.  

Data controller 

Fountain Park Oy 

Fredrikinkatu 47, 4th floor 

00100 Helsinki 

Business ID (Finland): 1632083-4 

Data protection contact 

E-mail: dataprotection@fountainpark.com 

Register name 

Response database. 

Purpose and legal basis for processing 

Processing of personal data is based on our legitimate interest of fulfilling our obligations toward our customers and/or fulfilling contract terms agreed upon with our customers. 

Asking questions and collecting responses from various respondent groups is a core part of our business. We process answers predominantly as anonymous data, and if responses can be connected to personal information we inform participants in advance. 

Collected and stored data 

  • All participants of strategy dialogues: 
  • IP-address of the device used. This will never be connected to responses given from this address nor to any data stored by third parties.  
  • Technical information about software used by participant, such as operating system, browser and their respective versions 
  • Occasionally we use email addresses provided by our customers to send out invitations to participate in Strategy dialogue or similar activity. On those occasions, our customer is the controller and we act as a processor according to our contractual obligations to the controller, including data protection provisions, and our own data protection procedures. 
  • Strategy Dialogue and similar processes for co-creation may also store other personal information explicitly provided by participants, such as: 
  • Email address 
  • Telephone number 
  • Name 

Data sources 

IP-address must to be saved for technical reasons, otherwise displaying content to a participant is not possible. 

Personal information provided by participants is always voluntary, and is not a precondition for participation. 

Email addresses of participants provided to us for sending out invitations come from our clients, who act as data controllers.  

Data storage and processing 

IP-addresses of participation sessions are stored permanently but are not used in any analysis or processing of data, and cannot be accessed by our staff in the fulfillment of their normal duties 

Possible personal information provided by participants is stored a maximum of 6 months after the project in question has ended.  

Possible email-addresses used in sending out email invitations or notifications are erased when the project is closed. They do remain stored in email server logs, which cannot be accessed by third parties or our staff in the fulfillment of their normal duties. 

Transfers of personal data outside EU/EEA 

In general, we do not transfer any personal information except to authorities fulfilling their legal duties. Data is analyzed as anonymous, so participants’ personal information is not connected to their other responses except when it has been agreed upon with our client and participants have been informed in conjunction with their participation.  

Only exception to the aforementioned is when our client is located outside EU/ETA and some or all participants are EU or ETA citizens AND we have requested participants to provide personal information AND they have consented to do so while aware that the data may be stored outside EU/ETA. 

All information provided by participants is stored on servers located in Finland. Technical information (IP address, operating system, browser version) logged for software development and application stability monitoring purposes may be stored outside Finland but will remain inside EU/ETA area or with service providers in the United States who are compliant with EU-U.S. Privacy Shield framework.  

Protecting data 

Access to system is limited to only those of our employees who need to access project data in their work. Each approved user has a personal user identification and password to the system. All information is collected in databases that are protected by firewalls, passwords and other means covered by data protection by design and default. 

Data is processed under contract by processors who follow our mutual agreements on data protection and processing. Mainly these are hosting providers, who host and manage our servers  

Cookies and tracking 

We do not use cookies or other tracking methods in Strategy Dialogue and similar services. For the purpose of continuous development of the service we may observe and record participation sessions using GDPR-compliant technical solutions, in which case the content of participants’ answers are hidden or obscured and this information will not be connected to any personal data.  

Your legal rights 

It is very unlikely that we would have any personal information on you, but in any case you have the following rights under GDPR legislation, which you can exercise by sending a message to dataprotection@fountainpark.com.  

Right to access 

You have a right to check what personal information we have on you. If you observe inaccuracies or deficiencies, you can request us to correct the information. Since we collect information only as part of an interactive process, we appreciate if you can provide us with some details to when and where we might have collected personal information on you. 

Right to object 

You have a right to object to the processing of your personal data if you feel that we have processed your personal information illegally as whole or in parts.  

Right to prevent direct marketing 

We never sell or otherwise transfer your personal information to third parties, and we do not use participants’ information for direct marketing purposes. You nevertheless have a right to forbid us from using your information for direct marketing purposes Within the context of an individual project, we may send updates and remainders of that project, from which you can opt out by responding to that message. That opt-out covers mails concerning that particular project, but does not prevent you from being invited to participate in some other Strategy Dialog or similar, if you happen to be legally in some other organization’s stakeholder register. 

Right to erasure 

If we have personal information on you, you can request the erasure of that information.   

Right to appeal 

If you feel that we are in breach of data protection statutes when processing your information, you have a right to file a complaint with the Finnish data protection authority (www.tietosuoja.fi) 

Changes to this document 

Fountain Park Oy reserves the right to modify this statement without notifying potentially affected persons. Visit our pages to check for updates.