Last updated April 2, 2026.
1. What personal data we collect
1.1. The feedback form
When you send us feedback, we collect your name, e-mail address and the message.
1.2. Basic website functionality and security
We also collect the following information from visitors to support basic website functionality and related security:
1.2.1. Akismet service
We use Akismet service to prevent spam on our website. You can review the Privacy Policy of Akismet (https://akismet.com/privacy/).
1.2.2. Wordfence service
We use Wordfence service to protect our website from misuse and security breaches. To this end, the service monitors user behavior and the origins of the website visitors. You can review the Privacy Policy of Wordfence (https://www.wordfence.com/privacy-policy/).
1.2.3. Comments
When visitors leave comments on the site, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
1.2.4. Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
1.2.5. Cookies (if not included in other sections)
If you leave a comment on our site, you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
We will also use a set of cookies to confirm that you have accepted our Privacy Policy. These cookies will expire in one year.
1.2.6. Embedded content from other websites
Articles and other parts of this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor had visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.
2. How we use your data
Website data is used only to support basic functionality and security.
Feedback information is used only to answer the message and react on it.
The legal bases for processing are:
– Consent: Submitting feedback and leaving comments are voluntary actions constituting consent to data processing. Consent may be withdrawn at any time.
– Legitimate interest: Website security monitoring and spam prevention (Wordfence, Akismet).
3. How long we retain your data
Comments and their metadata are retained for the operational lifetime of the website, as they form part of the site’s content.
Feedback form data is retained for a maximum of 36 months after the last communication, then deleted.
4. What rights you have over your data and the deletion of the data
4.1. The basic website functionality and security
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
4.2. The feedback form
We will delete your feedback and related personal data on your request within 30 days, unless retention is required by law.
4.3. Right to lodge a complaint
If you believe that the processing of your personal data violates data protection regulations, you have the right to lodge a complaint with the Office of the Data Protection Ombudsman (tietosuojavaltuutetun toimisto).
5. What data we give to third parties and international transfers
We aim not to pass on your information to third parties. However, the information relating to the basic functionality and security of the website may be relayed to third parties in the manner described above.
Feedback responses are handled via our e-mail service, which processes the content of the message and the sender’s e-mail address.
Parts of the website’s technical infrastructure are provided by companies based in the United States, including Wordfence and Akismet. Personal data (such as IP addresses) may be transferred to these providers as part of the website’s normal operation. See Section 1.2 for links to their privacy policies.
6. How we protect your data
The data will be stored in a secure and password-protected digital environment. Outside persons do not have access to the data. The digital security measures of the website and collected data will be maintained up-to-date. Heikki Saxén, the chairman of the board of the insititute, will be in charge of the data and its privacy. You can best contact him through the feedback form.