Privacy Policy

Effective Date: February 25, 2026

ISHA-Turku/Åbo ry (“we,” “us,” or “our”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, and protect your personal information when you visit our website and when you register via our forms (such as the “Become the ISHA INSIDER!” form), in accordance with the EU General Data Protection Regulation (GDPR).

1. Data Controller

The entity responsible for processing your personal data is:

2. What Personal Data We Collect & Why We Collect It

We respect your privacy and do not use any analytics tools to track your behavior on our website. We only collect information that is strictly necessary for communication and site functionality:

A. The “Become the ISHA INSIDER!” Form & Other Contact Forms

  • What we collect: Your name, email address, and your preferences regarding newsletters, WhatsApp Community invitations, and volunteering.
  • Why: To add you to our register, send you newsletters, invite you to groups based on your explicit consent, and process any general inquiries you send us.

B. Essential Website Functionality & Server Logs

  • What we collect: Our website (built on WordPress) automatically collects basic technical data required to keep the site secure and functional. This includes your IP address, browser type, and timestamp of your visit.
  • Why: This data is collected solely for security purposes (e.g., preventing cyber attacks and spam) and hosting stability. This processing is based on our legitimate interest in maintaining a secure and functional website.

C. Comments (If enabled on our site)

  • What we collect: When visitors leave comments on the site, we collect the data shown in the comments form, as well as the visitor’s IP address and browser user agent string to help spam detection.
  • Why: To allow discussion and prevent spam. An anonymized string created from your email address (a hash) may be provided to the Gravatar service to see if you are using it. After approval of your comment, your profile picture is visible to the public in the context of your comment.

3. Embedded Content from Other Websites

Articles and pages on this site may include embedded content (e.g., videos, images, social media feeds). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These external websites (such as YouTube or Instagram) may collect data about you, use cookies, and monitor your interaction with that embedded content, especially if you have an account and are logged in to that external website.

4. Data Sharing and Third-Party Processors

We treat your data securely and confidentially. Your personal data is only accessed by authorized board members or officials of ISHA-Turku ry. We never sell your data. We only share necessary data with trusted third-party service providers (Data Processors) to operate our site and communications:

  • Website Hosting: To host and maintain our WordPress site securely.
  • Communication Tools: Services like Mailchimp (for newsletters) or WhatsApp (for community groups).
  • Spam Detection: Automated spam detection services (e.g., Akismet) may check visitor comments or form submissions.

5. Data Storage and Retention

  • INSIDER form data: Kept securely for as long as you remain an active subscriber. If you withdraw your consent, your data is permanently deleted from our mailing lists without undue delay.
  • Comments: If you leave a comment, the comment and its metadata are retained indefinitely so we can recognize and approve follow-up comments automatically.
  • Server logs: Security logs containing IP addresses are typically deleted automatically by our hosting provider after a short period (usually 14 to 30 days).

6. Your Data Protection Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Ask us to correct or update any inaccurate information.
  • Right to Erasure (“Right to be Forgotten”): Ask us to delete your personal data at any time.
  • Right to Withdraw Consent: Withdraw your consent at any time (e.g., unsubscribing from the newsletter).
  • Right to Restrict or Object: Limit or object to how we process your data.

7. How to Opt-Out or Contact Us

If you wish to opt-out of our communications, withdraw your consent, or exercise any of your GDPR rights, please contact us at: ishaturku@gmail.com.