Privacy policy


1 Controller of the data file

Association of Visual Communication Designers in Finland Grafia ry (“Grafia ry”)

2 Contact person for issues related to the data file

Katri Soramäki
Uudenmaankatu 11 B 9
00120 Helsinki, Finland
tel. +358 (0)9 601 942, email [email protected]

3 Name of data file

Data file for the contact requests on Grafia ry’s website

4 Purpose of processing personal data

Personal data are stored to allow the organisation to react to the membership applications filed through the website and to monitor website traffic.

5 Content of the data file

The applicant can submit the following personal data via the website:

  • Name
  • Email address
  • Contact details
  • Place of birth
  • Profession
  • Employer data
  • Employment history
  • Work samples
  • Referees

In addition to the above, we also record the time and date of the messages.

6 Regular sources of data

The data for the data file are received either directly from the users or via the traffic on the website.

7 Regular disclosers of data

The data file is maintained and managed by Crasman Oy, which processes the personal data on behalf of Grafia ry. The data are also processed using Google Analytics which transfers data to Google LLC.

8 Disclosure of data outside the EU and EEA

Personal data are not transferred or disclosed outside the European Union or the European Economic Area. As an exception to this, Google Analytics, which transfers data on website traffic to Google LLC operating under the EU-US Privacy Shield framework, is used on the website.

9 Principles of data security

Access to personal data is limited to the controller and named individuals. Only the named individuals have the right to process and maintain information in the data file. The users are bound by confidentiality.

Crasman Oy’s data network and IT devices containing the data file are protected by a firewall and other technical measures. The IT devices are located in a locked facility under surveillance.

10 Right of access

Every data subject has the right to access their personal data held in the data file.

Requests for accessing the data must be submitted in writing in the form of a personally signed letter or in person at the premises of the controller of the data file. The request must be addressed to the contact person.

Requests for access are not subject to a fee when submitted no more than once a year (12 months).

11 Right to demand rectification

Every data subject has the right to demand the correction of inaccurate data stored in the data file.

Requests for data rectification should be made in writing and with sufficient specificity: the request must include the name of the data subject and the inaccurate and accurate information. The request is to be addressed to the controller.

12 Website traffic statistics

Statistics are anonymously compiled on website traffic with the help of log files and cookies. Visitors’ personal data are not linked with traffic statistics.