Privacy policy

1. Privacy and security

This website does not

This website loads fonts from Google Fonts*.

This website contains links to external websites. All such links are marked with the external link symbol *.

2. Location and hosting

This website is located in the Netherlands, in the European Union. Hosting3 service is provided by Digital­Ocean*.

3. Transport level security and cer­tifi­cates

This website uses only known secure TLS protocols and only known secure cipher suites, see IT Security Guidelines for Transport Layer Security*. The TLS (SSL) certificates are provided by Let's Encrypt*, world's largest non-profit certificate authority, run by the Internet Security Research Group ISRG*.

4. Data collection

Stored and published data

The purpose of this website is to record the stories of the website owner's family, including ancestors, their spouses, and their first- and second-generation descendants and their spouses. The data recorded for each person consists of the following:

The recorded information is gathered by personal communication or from public sources. No data of living persons, including their relation to other persons, is recorded, processed or published without their explicit consent.

Website visitor data

The web server that provides this website creates log files. These files log visitors when they visit the website. The information collected by the log files for each page visit includes the following:

As a visitor's IP address can potentially be associated with a data subject (person), the IP addresses are therefore treated as personal data as defined by the EU General Data Protection Regulation* (GDPR, EUR-Lex*).

This website does not collect any other personal data.

5. Data usage

Stored and published data

The publication of the data recorded about the persons described in section 4 constitutes the main purpose of this website. The processing of this data of living persons is lawful on the ground that the data subjects have given consent to the processing of their personal data for this specific purpose: recording their personal data described in section 4 and publishing it on the Internet on this site. See GDPR Article 6 - Lawfulness of processing*.

As the recorded data, or a part of it, is published on the Internet, it can be transferred or used anywhere.

Website visitor data

The log files are required to monitor and maintain the security of the website and to troubleshoot and maintain the website server. The collection and processing of the log data is necessary for the purposes of the legitimate interests of the website owner, see GDPR Article 6 - Lawfulness of processing*. Logged data is never sold, shared or given to any third parties, or moved across the borders of the EU.

6. Data retention

The data recorded about persons described in section 4 is intended to be stored indefinitely. Corrections and amendments may be made from time to time.

The log files are encrypted within 24 hours of their creation with a hybrid cryptosystem based on AES PDF* and RSA PDF*. All logs are purged after 15 days at the latest.

7. Your rights

You have the following rights to your personal data, see GDPR Chapter 3 - Rights of the data subject* for details:

If you think your data protection rights have been violated, you can, as a citizen or resident of any of the countries represented in the European Data Protection Board* (EU countries, Iceland, Liechtenstein, and Norway), file a complaint with any national Data Protection Authority*, or contact the website owner.

The owner and controller (within the meaning of GDPR Article 4*) of the website is Petri Kutvonen*. To exercise your rights in relation to your personal data, send an e-mail to contact@kutvonen.net. The data processor (also defined by GDPR Article 4*) is Petri Kutvonen, not the the hosting provider Digital­Ocean*.

8. Compliance

Besides the GDPR, this website is compliant

Articles 84-86 of the French Data Protection Act on deceased persons seem to apply only to French citizens and/or to data processing taking place in France, as there are no similar Articles in the Finnish Data Protection Act or in the GDPR.

The California Consumer Privacy Act (CCPA)* does not apply to this website.

In the UK, the UK GDPR UK Data Protection Act 2018* is still in force, but the government has announced that the UK is departing from it and is moving to a less stringent regulation.

9. Privacy policy changes

The right to revise this privacy policy to make it more accurate is reserved. The Privacy policy link will always take you to the current policy.

  1. Your browser or a browser extension (not the website) might set site-specific cookies.
  2. Your browser or a browser extension might do this.
  3. The hosting service provider does not process personal data on behalf of the controller, but provides a technical platform for the data processor to process them.

Last revised August 6, 2023