EN | FI

Privacy policy

---

1. Privacy and security

This website does not

• set or use any cookies, including third-party cookies¹,
• store any additional information in your browser, either temporarily or permanently²,
• use any web trackers (scripts that derive information about you),
• use any web beacons (single-pixel images),
• load any scripts from third-party servers,
• access your browsing history,
• access the geolocation provided by your device,
• access your microphone or camera,
• collect any non-essential information about your device, operating system, browser, browser extensions, time zone, installed software, fonts, or graphics rendering features,
• scan your device or your network to find open TCP or UDP ports,
• send any data to any third party websites or servers,
• attempt to fingerprint your browser instance, but it requests the orientation and the dimensions of your display to improve the layout of the pages,
• require you to use the Do Not Track (DNT) privacy preference setting available in certain browsers, or
• participate in any profiling activity that is based on your browsing behaviour (such as FLoC*) or interest-based advertising framework (like Topics*).

This website loads fonts from Google Fonts*.

This website contains links to external websites. All such links are marked with the external link symbol *.

2. Location and hosting

This website is located in the Netherlands, in the European Union. Hosting³ service is provided by Digital­Ocean*.

3. Transport level security and cer­tifi­cates

This website uses only known secure TLS protocols and only known secure cipher suites, see IT Security Guidelines for Transport Layer Security*. The TLS (SSL) certificates are provided by Let's Encrypt*, world's largest non-profit certificate authority, run by the Internet Security Research Group ISRG*.

4. Data collection

Stored and published data

The purpose of this website is to record the stories of the website owner's family, including ancestors, their spouses, and their first- and second-generation descendants and their spouses. The data recorded for each person consists of the following:

• name of the person, including possible previous name(s) and alias name(s),
• year of birth and possibly the year of death,
• possibly one or more photographs or other visual representations of the person, and
• a short text describing the person's life story and relations to other persons whose data may or may not be recorded on this website.

The recorded information is gathered by personal communication or from public sources. No data of living persons, including their relation to other persons, is recorded, processed or published without their explicit consent.

Website visitor data

The web server that provides this website creates log files. These files log visitors when they visit the website. The information collected by the log files for each page visit includes the following:

• a date and time stamp,
• Internet protocol (IP) address of the visitor as seen by the server,
• address of the page requested,
• browser type and version used by the visitor,
• visitor's operating system, if the information is available,
• a status code (success, redirection, forbidden, not found, error), and
• the number of bytes transferred.

As a visitor's IP address can potentially be associated with a data subject (person), the IP addresses are therefore treated as personal data as defined by the EU General Data Protection Regulation* (GDPR, EUR-Lex*).

This website does not collect any other personal data.

5. Data usage

Stored and published data

The publication of the data recorded about the persons described in section 4 constitutes the main purpose of this website. The processing of this data of living persons is lawful on the ground that the data subjects have given consent to the processing of their personal data for this specific purpose: recording their personal data described in section 4 and publishing it on the Internet on this site. See GDPR Article 6 - Lawfulness of processing*.

As the recorded data, or a part of it, is published on the Internet, it can be transferred or used anywhere.

Website visitor data

The log files are required to monitor and maintain the security of the website and to troubleshoot and maintain the website server. The collection and processing of the log data is necessary for the purposes of the legitimate interests of the website owner, see GDPR Article 6 - Lawfulness of processing*. Logged data is never sold, shared or given to any third parties, or moved across the borders of the EU.

6. Data retention

The data recorded about persons described in section 4 is intended to be stored indefinitely. Corrections and amendments may be made from time to time.

The log files are encrypted within 24 hours of their creation with a hybrid cryptosystem based on AES PDF* and RSA PDF*. All logs are purged after 15 days at the latest.

7. Your rights

You have the following rights to your personal data, see GDPR Chapter 3 - Rights of the data subject* for details:

• right to access your data,
• right to get your data rectified,
• right to get your data erased (“right to be forgotten”),
• right to restrict the processing of your data,
• right to get notified regarding rectification, erasure, and restriction of processing of your data,
• right to transfer your data without hindrance to another controller, and
• right to object the processing of your data, to request that the data not be processed at all.

If you think your data protection rights have been violated, you can, as a citizen or resident of any of the countries represented in the European Data Protection Board* (EU countries, Iceland, Liechtenstein, and Norway), file a complaint with any national Data Protection Authority*, or contact the website owner.

The owner and controller (within the meaning of GDPR Article 4*) of the website is Petri Kutvonen*. To exercise your rights in relation to your personal data, send an e-mail to contact@kutvonen.net. The data processor (also defined by GDPR Article 4*) is Petri Kutvonen, not the the hosting provider Digital­Ocean*.

8. Compliance

Besides the GDPR, this website is compliant

• with the Finnish Data Protection Act (non-binding translation PDF*).
• with the Article 82 of the French Data Protection Act* (unofficial translation PDF*),
• with the Guidelines PDF* (unofficial translation PDF) of the French Data Protection Authority CNIL* about cookies and other trackers, and
• with the California Online Privacy Protection Act*.

Articles 84-86 of the French Data Protection Act on deceased persons seem to apply only to French citizens and/or to data processing taking place in France, as there are no similar Articles in the Finnish Data Protection Act or in the GDPR.

The California Consumer Privacy Act (CCPA)* does not apply to this website.

In the UK, the UK GDPR UK Data Protection Act 2018* is still in force, but the government has announced that the UK is departing from it and is moving to a less stringent regulation.

9. Privacy policy changes

The right to revise this privacy policy to make it more accurate is reserved. The Privacy policy link will always take you to the current policy.

_______________
Notes

1. Your browser or a browser extension (not the website) might set site-specific cookies.
2. Your browser or a browser extension might do this.
3. The hosting service provider does not process personal data on behalf of the controller, but provides a technical platform for the data processor to process them.

Last revised August 6, 2023