Privacy Policy

Last updated on 16th of February 2026.

We take privacy and GDPR very seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

What data do we collect?

You can check which data we are legally bound to collect from PRH.fi (see Section 11).

Personal Data

  • Name
  • Residency & country
  • Email address
  • Alias/nickname
  • Payment information
  • Any other information you voluntarily provide in our member application form or the member registry FloMembers, eg. home address or phone number
  • Any other information you voluntarily provide when you order our merchandise
  • Any other information you voluntarily provide when filling any of the other forms we might have on this website. These forms are provided by Google.

FloMembers also generates the following data:

  • Membership ID
  • Registration date
  • Member status
  • Contact log which shows the emails we have sent you
  • An audit trail of your profile information

When registering to any of our events, we receive the following data from you:

  • Name / nickname
  • Email
  • Ticket ID
  • If ticket was used or not

How will we use your data?

HelSec collects your data so that we can:

  • Process your orders and event signups
  • Manage your membership
  • Communicate with you
  • Comply with legal obligations

We process your personal data based on:

  • Your consent
  • Compliance with legal obligations

How do we store your data?

Your membership data is stored in our member registry FloMembers, which has servers in UpCloud and Hetzner cloud.

HelSec ry will keep your membership information for the current membership year + 180 days. Once this time period has expired, we will delete your data from our database.

Any data you voluntarily provide through the Support Request form will be kept for 180 days.

Any data you voluntarily provide through the volunteer application form will be kept for the current year + 180 days.

We are legally obligated to store accounting and financial records for 6–10 years, which may include your payment details.

Marketing, analytics, cookies?

We don’t like marketing and we assume you don’t either. We dont use any marketing or analytic cookies, or other such tracking technologies on our site. Our ticket registration uses one functional cookie.

We contact you only in important matters such as the annual membership fee or any upcoming events, statutory meetings etc.

Sharing Your Information

Upon registering for official meetups, our support members may require a list of participants in advance for security reasons, to know who is in the building during the meetup.

Some of your accounting and financial records are processed and stored by third-party service providers. In our case, we use Netvisor and an accounting firm to manage these records on our behalf. These third parties handle your information strictly for the purposes of accounting and compliance with legal obligations, and we ensure that they adhere to appropriate data protection standards.

Other than that, we do not share your information with anyone outside the HelSec board and a few trusted volunteers. These volunteers work in our support team and they help you regain access to your HelSec account should you have any issues.

What are your data protection rights?

Every member is entitled to the following:

  1. The right to access – You have the right to request HelSec ry for copies of your personal data. You may also access your member data in FloMembers.
  2. The right to rectification – You have the right to request that HelSec ry correct any information you believe is inaccurate. You also have the right to request HelSec ry to complete the information you believe is incomplete. You may also correct your data in FloMembers.
  3. The right to erasure – You have the right to request that HelSec ry erase your personal data, under certain conditions.
  4. The right to restrict processing – You have the right to request that HelSec ry restrict the processing of your personal data, under certain conditions.
  5. The right to object to processing – You have the right to object to HelSec ry’s processing of your personal data, under certain conditions.
  6. The right to data portability – You have the right to request that HelSec ry transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at contact@helsec.fi

Third-Party Services

Our website may contain links to third-party websites. We are not responsible for their privacy practices.

How to contact us

If you have any questions about HelSec Ry’s privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us: contact@helsec.fi