This document describes the handling of your personal data as required by the European Data Protection Regulation (GDPR) and the Finnish Data Protection Act (untranslated). This translation is provided for convenience only. The original text in Finnish shall apply. Please read the terms of use, too.
1. About us
Suomen Sukellushistoriallinen yhdistys ry. – Historical Diving Society Finland
https://www.sukellushistoriallinenyhdistys.fi
recipient@sukellushistoriallinenyhdistys.fi (recipient is info)
Registration number (prh.fi): # 206.526
2. What personal data is collected and why
We collect personally identifiable information such as
- name or nickname, email address, profile picture,
- comments and discussion forum messages you post, details of the forms you fill (including your profile would you register an account), the photos and other media you submit, metadata included, and the posts and pages you create,
- the network address of the device you are using (IP address) and information provided by your browser (such as browser version, languages, operating system, cookies, etc.)
- data required by Akismet and Google reCAPTCHA to identify spam registrations and spam messages.
to ensure the security of our site, and to facilitate commenting, discussion, contacting, sign-on, and other typical functionality of a blog / website / forum. In the membership application form we ask for information needed to manage your membership. In addition, we collect statistics about visitors to our site. Read more below.
Commenting
If you leave comments on the site, we collect the data on the form (including your email address) and your network address (IP-address) and data reported by your web browser. This helps us identify and block spam. In addition we will use your (anonymized) email address to fetch your possible avatar (picture) from the Gravatar-service. Read more below. The privacy policy of Gravatar can be found at https://automattic.com/privacy/.
Contact forms
The forms you submit will be stored and also relayed to our email inbox at Google mail. These messages are further forwarded to the personal email accounts of selected administrators. Such ordinary email messages are unencrypted. We cannot offer encrypted email communications at the moment (encrypted channels, e.g. instant messengers or telephone, are available on request). We collect your IP-address and data reported by your browser to identify and block spam. Forms include a reCAPTCHA check to tell humans and robots apart. Data collected by reCAPTCHA is not stored at our site. Read more below.
Discussion forums
If you create an account on our discussion forums, we will collect the information you provide us and set cookies as is explained in the “Cookies” section below for general sign-up or registration. The forum account and the blog / website account are the same thing.
If you post on our discussion forums, we collect the messages you write (and images and other media you upload, metadata included), your IP address, and the information reported by your browser in the same way as when commenting. This information is used to facilitate discussion and to identify and prevent spam messages as is done when preventing comment spam, too.
Email lists
If you subscribe to emails from the editor or alerts about new content, we will save your name and email address, as well as your selected mailing lists, to maintain mailing lists and send emails. reCAPTCHA -verification is used on the subscription form. We do not store the information it collects. Read more about reCAPTCHA below.
Using Google or Facebook to sign on
Nextend Social Login. When you register an account, sign in to an account, or link your account to social media (Facebook, Google), your name, email address, profile image, social provider identifier, and access token will be collected from a third party (Facebook, Google). This information is stored on our website. The access token is used to identify your account and messages, and to protect your data. Data will be removed from our website when you delete your account from WordPress.
If you sign in with Google, we will get your name and email address from Google, as well as your potential profile picture, and Google will know that you visited our site.
If you sign in with Facebook, we will get your name and email address from Facebook, as well as your potential profile picture, and Facebook will know that you visited our site.
Activities while logged in
Whether you’re logged in as a reader, contributor, writer, editor, or administrator, and whether you’re signed in with an email address and password, or through Google or Facebook, your activity will be logged so everyone knows what others have done and collaboration gets smoother. The event log is displayed on dashboard. Please, contact our website administrator for further information on logging., please contact our webmaster. If you publish something, you will be mentioned as the author.
Media
If you upload images (or other media) to this site, you may want to avoid uploading files that contain location information (EXIF GPS). Site visitors can download and view location information from images on the site. Also note that keywords and other metadata (EXIF, IPTC) stored in the images are also available to the viewers. There may also be metadata in other file types besides images. The uploaded files are generally available to the whole world. Make sure you have permission to publish location information.
Cookies
A cookie is a small piece of information that a webpage saves in your browser. Its contents can be read back later, so when you return to the webpage (or go to the next page), your previous activity is remembered. A cookie can also record the information that is needed repeatedly (such as preferred language or logged in status). Cookies are used both by WordPress itself and its add-ons. You can view cookies (in Firefox: Web Tools> Storage Inspector> Cookies or press SHIFT + F9). If you wish, you can also delete cookies.
When you arrive at our site or change the language of the site, a cookie named pll_language will be saved on your browser. That cookie contains the primary language (or the default language or the language you have chosen from the language menu in our page). It allows us to display every page in the selected language without you having to select the language again on each page. This cookie will remain in your browser for a year unless you explicitly delete it. Next, a cookie named Cookie_consent_status will be set to record whether you allow tracking cookies or not. That selection has no effect on saving the language cookie, though (as it is not a tracking cookie).
If you leave a comment, you can choose to save your name, email address, and url address in the cookie. This feature is convenient, because your information is remembered and automatically inserted when you post a comment again. The cookie is deleted after a year or when you manually remove the cookie or all cookies from your browser. Cookie names: comment_author_ {HASH}, comment_author_email_ {HASH} and comment_author_url_ {HASH}.
If you log in, we will set a temporary cookie named wordpress_test_cookie that is used to test whether your browser supports cookies or not. This cookie does not contain any personal information and will be deleted when the browser window is closed. We also set cookies (wordpress_logged_in_ {HASH}, 2 wordpress_sec_ {HASH}, wp-settings- {UID}, wp-settings-time- {UID}) that save your login and display settings. Login cookies will be removed at the end of the session (when you log out or your session automatically expires in two days). Cookies related to display settings, wp-settings- [UID] and wp-settings-time- [UID], will be removed after one year. If you choose “Remember Me” during login, your login information will be stored for two weeks. If you sign out, the login cookies will be deleted.
If you sign in with your Facebook or Google account, a cookie named SESSnsl will be set during sign-in. This cookie set by the Nextend Social Login plugin is used to protect communication and to redirect the user to the correct page after login. This cookie is not used for user tracking. Read how Google uses the information it gathers and read about Facebook’s practices.
In addition, some cookies are used to store display settings of the statistics on the dashboard, such as the time period shown in the graph and case (gadwp_wg_default_dimension, gadwp_wg_default_metric, gadwp_wg_default_swmetric).
If you publish an article or edit an existing one, a cookie containing the article ID will be stored in the browser. The cookie expires in one day.
Statistics collected on our pages also require the use of cookies. Cookie names: _ga, _gid, _gat. Read more about how to deny Google Analytics in the Analytics chapter below.
Content embedded from other sites
Articles on this site may contain embedded content (such as Google’s Youtube videos, other videos, linked images, articles, etc.). Opening (viewing) embedded content equals to actually visiting that third party site.
These sites may collect information about you, uses cookies, embed third-party tracking cookies and monitor your interaction with the embedded content, including monitoring your actions as a logged in user.
Analytics
We collect statistics about the use of our site with Google Analytics. We collect, among other things, demographic data (such as age group and gender) and user interests. We see the results as anonymous statistics showing, for example, the age distribution of visitors, the country / locality distribution, the number of visitors at different times of the day and much more. Check out Google Analytics (demo account; instructions; sign in with your Gmail account). When we learn to know what kind of people and from what countries visit us, we can improve our site and our operations. Learn more about how Google uses the information it gathers. You can disable tracking by clicking the link below.
Google Analytics opt-out. Ask not to be tracked.Disable Google Analytics
Read more in section 6. Where we send your information outside the EU / EEA.
3. With whom we share your information
Web hotel and audit
Our web pages are hosted by Zoner Oy (Pakkalankuja 6, 01510 Vantaa) in Helsinki and in Espoo. Zoner’s technical staff (including technical support) has access to the information stored on our website. Security audits can be conducted on our site. In this case, necessary protection of personal data will be taken care of.
Embedded content
Read more in section 2. Information is shared with Google at least when you view Youtube videos. Youtube Terms of Service and Google Privacy Policy.
Publishing articles and pages on Facebook
If you allow an article or page written by you (as a content provider) to be published on Facebook too, the whole article or an excerpt of it or a link to it will be published on Facebook. Please note this if you are creating private content. Publication is at your discretion.
Fetching your Gravatar picture
The anonymized hash of your email address (if you have given one) can be sent to Gravatar to detect whether you are a Gravatar user or not (so that your icon can be retrieved and displayed). The hash sent is basically an anonymous identifier, but it connects you to your potential Gravatar account and the personal information you have chosen to store there. The Gravatar service is provided by Automattic Inc. Gravatar’s Privacy Statement can be found at https://automattic.com/privacy/.
Denying automatically generated content
Our site has been created for people’s pleasure and benefit. Because automatically generated content endangers this purpose, we try to identify and prevent comments, account registrations, forum posts and form submissions made by automated programs (“robots”, “bots”). This is also aimed to prevent unauthorized advertising, which is a violation of the terms of use. This protection is provided by Akismet, which is produced by Automattic Inc., as well as by the reCAPTCHA service (Completely Automated Public Turing Test) by Google llc., henceforth referred to as “Google”.
Data sent to Google
According to our knowlede, Google is provided with a reference URL, IP address, visitor activity on our website, information about the operating system, browser, language, time on site, cookies, cascading style sheets, and javascript, user input (for example keyboard usage data) and mouse movements in the reCAPTCHA area.
The IP address sent in connection with reCAPTCHA verification is not associated with other Google user data unless the user is logged in to their Google account while using the reCAPTCHA. Use of information collected through the reCAPTCHA service is subject to Google’s Terms of Service: https://www.google.com/intl/en/policies/privacy/
Data sent to Akismet
A link to the privacy policy of the automated Akismet spam protection service is also available on the comment form. By commenting, you accept your comment to be externally reviewed. On the other hand, posting a comment is a publishing decision, so sending the comment text for review does not compromise your privacy. However, your name / username, email address, this web pages address, your IP address, and data reported by your browser will also be sent.
Analytics
Google Analytics. Information generated by the use of cookies on our pages will be transferred to and stored on Google systems. The uniquely identifying part of users IP address is removed before the address is sent to Google for statistics. Google may provide information collected by Google Analytics to third parties as required by law (including non-Finnish law) or when a third party is processing data on behalf of Google. Under Google Analytics Terms of Use, Google does not associate registered IP addresses with any other information stored on Google.
4. Retention period of data
We reserve the right to remove information at our discretion. This is especially true for contents that violate the terms of use. Without any limitation, we can also remove other information at the discretion of the administrator.
If you leave a comment, the comment and its metadata will be retained until further notice. This allows us to automatically detect and approve your subsequent comments instead of keeping them in a pre-check queue (your first comment will be pre-checked to prevent junk mail; advertising is forbidden in our comments). Comments are public.
Submitted forms. The retention period of the data you submit using forms will depend on the content of the message. If you provide us with public information (such as a diving history museum web address) to be included on our website, it will be retained as long as we see fit. The retention period of membership application data is in turn bound to the duration of the membership. Membersip application data will not get shared. Data submitted through other forms will be retained until the recipient (our member of staff of the association) decides to remove the information (i.e. email) received or until you request it to be deleted. Deletion request is deleted when data is deleted.
If you register an user account, we will store your profile information until you delete your account. All users have the opportunity to see, edit and delete their personal information at any time. Only the user name cannot be changed. Webmasters (administrators) can view and edit user profile information. If you sign in to our website / discussion forum with Google or Facebook IDs, we will retain the information until further notice, and we will create an account that you can use without the above-mentioned IDs (you will receive a password using your password recovery).
If you participate in a discussion on our forum, we will keep your messages together with their associated metadata and the files you upload until further notice. Old messages are not automatically deleted from the forum, but are kept publicly available. Discussion is public.
Google analytics. Data gathered about you using Google Analytics for statistics (if you have not denied statistics) will be retained for 38 months, or more than three years.
5. What rights you have to your data
If you have registered an user account on this site or if you have left comments or participated in discussion, you may request a compilation file of your personal information, including any personal information you have provided to us. You can also request removal of your personal information. The right to delete your personal data does not apply to any personal data that we have to keep for maintenance, legal, or security reasons.
6. Where (outside the EU/EEC) does your information get sent?
To learn what information will get sent, please study chapter 3. To whom we share your information.
Automattic
Automattic Inc.
60 29th Street #343
San Francisco, CA 94110
United States of America
In accordance with its Privacy Shield certification, Automattic Inc. announces its compliance with the EU-US Privacy Shield Agreement.
Facebook Inc.
1 Hacker Way
94025 Menlo Park, California
United States of America
In accordance with its Privacy Shield certification, Facebook Inc. announces its compliance with the EU-US Privacy Shield Agreement.
Google LLC
1600 Amphitheatre Parkway
Mountain View, CA 94043
USA
In accordance with its Privacy Shield certification, Google llc. announces its compliance with the EU-US Privacy Shield Agreement.
7. Contact information
Suomen Sukellushistoriallinen yhdistys ry. — Historical Diving Society Finland
Jouko Moisala
firstname.lastname@dnainternet.net
address@sukellushistoriallinenyhdistys.fi, where address is info
8. What security measures do we implement to protect your personal data?
- We offer our site over an encrypted connection to protect your privacy.
- We offer encrypted browsing over HTTPS. SSL/TLS certificates from Let’s Encrypt.
- Encryption is required, not optional; HSTS
- wildcard-ssl-certificates are not used. Hence, some privacy threats are avoided.
- Our site is hosted by a reputable Finnish hosting provider Zoner.fi The servers reside in Finland.
- Administrator passwords are kept hard to guess.
- We use anonymized data for statistics and you can also opt out from usage tracking.
- It is completely optional to log in using Google or Facebook authentication. You can also create a username+password pair locally at our site. During account creation, a reCAPTCHA challenge must be completed, and it send data to Google, but you can also ask our administrators to create you an account.
- Discussion, comments and forms: Freedom of choice: Your IP-address and email, among other things, will be sent to a third party so that we can identify and block spam. You can, however, send the information by email too, or you can ask for an encrypted channel to be set up (e.g. an instant messenger or mobile phone call). Commenting or taking part in discussions is completely at you discretion. If an attempt is made to fetch your profile picture from Gravatar, only an anonymized hash of your email address will be sent.
- We have implemented a number of technical protections.
For privacy we recommend Mozilla’s Firefox Browser and its Private Browsing window, which aims to prevent tracking. It of course also prevents the display of Youtube videos embedded on our pages (if the video address is specified, copy it to another private window), as well as confirming the humanity of a sender of a form, i.e. sending forms, including signing up (use regular email). In addition, you may choose to use a paid privacy service (select an entity you trust; here’s an example). It is also advisable to use a secondary email address (which you can give up if you need to) and enable it to forward to your actual email address.
9. Our course of action in the case of a data breach
In the event of a data breach we will do our best to investigate it and to find out what happened, minimize the consequences, and inform the affected parties by email. Passwords will be reset when the problem has been fixed.
10. Third parties from whom we receive personal data
We will get your Gravatar picture from Automattic’s Gravatar service if you have an account there. If you sign in with Google or Facebook, we’ll get your name, email address, and profile picture from them.
Automated decision making and profiling based on personal data
We do not apply automated decision-making or profiling otherwise than to prevent account registration by automated software; filter spam messages from comments, forms and forum posts; and prevent data breaches. To report false positives, contact us by email and we will remedy the situation.
Relevant legislation
Euroopean General Data Protection Regulation (GDPR)
Suomen Tietosuojalaki (information protection act of Finland)
Laki sananvapauden käyttämisestä joukkoviestinnässä (freedom of experssion in mass media act)