Register and Privacy Notice – HÄLY 2026 website 

This is the register and privacy notice of the HÄLY 2026 website operated by LSPEL, prepared in accordance with the EU General Data Protection Regulation (GDPR). Prepared on 02.01.2026. Last updated on 02.01.2026. 

1. Data Controller 

Länsi-Suomen Pelastusalan Liitto ry, 

Kerosiinintie 26, 20360 Turku, Finland 

Email: toimisto@lspel.fi 

Phone: +3582 511 7711 

2. Contact Person for the Register 

Kimi Uutela, Data Protection Officer for the Camp, HÄLY 2026 

Email: kimi.uutela@haly2026.fi 

Phone: +358400490609 

3. Name of the register 

LSPEL Camp (HÄLY 2026) – Website User and Contact Register 

4. Legal Basis and Purpose of Processing Personal Data 

The processing of personal data is based on the EU General Data Protection Regulation (GDPR) and applicable Finnish legislation, on the following grounds: 

  • Consent: the use of cookies, analytics tools, and embedded media content (e.g. YouTube videos) is based on the user’s consent.  
  • Legitimate interest of the data controller: ensuring the technical functionality of the website, maintaining information security, analysing website usage, and processing communication-related enquiries. 

The purposes of processing personal data are: 

  • Ensuring the functionality and usability of the website 
  • Collecting visitor statistics and developing the website 
  • Responding to contact requests 
  • Maintaining website security 

Personal data is not used for automated decision-making or profiling. 

5. Categories of Personal Data 

In connection with the use of the website, the following personal data may be processed: 

  • Technical connection data (IP Address, browser information) 
  • Approximate location data based on the IP address 
  • Usage data collected through cookies and analytics 
  • Data provided via the contact form (e.g name, email address, and message content) 

Data submitted via the contact form is delivered directly by email to: eija@haly2026.fi 

The data is not compiled into a broader register and is not used for any other purposes.

Data retention: 

  • Data submitted via the contact form is retained for maximum of one (1) year 
  • Technical and analytics-related data is retained in accordance with the retention periods defined by the respective service providers 

6. Regular Sources of Data 

Data is obtained from website users when they use the website or submit enquiries via the contact form. 

In addition, certain data is generated automatically during the technical use of the website (e.g. IP address and cookie data) 

No data is collected from public sources or social media services. 

7. Regular Disclosures of Data and Transfers Outside the EU/EEA 

Personal data is not regularly disclosed disclosed to third parties. 

However, the website uses the following third-party services: 

  • Google Analytics for analysing website usage 
  • Cookiebot for cookie management 
  • YouTube for embedded video content 

These service providers process data in accordance with their own privacy policies. 

Personal data may be transferred outside the EU or EEA only where the service provider applies data protection mechanisms compliant with EU data protection legislation (e.g. Standard Contractual Clauses) 

8. Data Protection and Security Principles 

Due care is exercised in the processing of personal data, and data processed through information systems is adequately protected. 

Access to personal data is protected by user’s credentials and passwords, and access is limited to persons whose duties require such access. 

Data submitted via contact form is accessible only to the designated email recipients. 

9. Right of Access and Right to Request Correction 

Every individual whose data is stored in the register has the right to access their personal data and to request correction of any inaccurate data or the completion of incomplete data. If a person wishes to review the personal data stored about them, or request a correction, the request must be submitted in writing to the data controller. Requests may be sent by email to kimi.uutela@haly2026.fi or by post to the office of Länsi-Suomen Pelastusalan Liitto ry. The data controller may request proof of identity when necessary. The data controller will respond to the request within the time limits set by the GDPR (typically within one month). 

10. Other Rights Related to the Processing of Personal Data 

Individuals whose data is stored in the register have the right to request the deletion of their personal data (“right to be forgotten”). Registered individuals also have other rights under the GDPR, such as the right to restrict the processing of their personal data in certain situations. The data controller may request proof of identity when necessary. The data controller will respond to requests within the time limits set by the GDPR (typically within one month). Individuals also have the right to lodge a complaint with a supervisory authority if they believe their personal data has been processed unlawfully. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman: www.tietosuoja.fi