Integrity policy

FRISTADEN R.F phone number: +358 46840 64 23

Purpose of the membership register and the legal basis
The purpose of the membership register is to enable and document the association's activities and organization as well as to realize the rights and obligations of the association and its members. 

Den rättsliga grunden för medlemsregistret är nationell lagstiftning finns stadganden i föreningslagen och bokföringslagen.

Section 11 (8.5.2020/336) /Föreningslagen/finlex 

"Member list A list of the members of an association must be kept. Each member's full name and place of residence must be included in the list. The association's members must, upon request, be given the opportunity to take part in the information mentioned in subsection 1. 

A member who shows that his or her advantage as a member of the association requires it has the right to also see other information recorded in the list. The disclosure of information from the membership list is otherwise subject to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Directive 95/46/EC (general data protection regulation) and the data protection act (1050/2018).

Personal data controller for the personal data in the list referred to in subsection 1. is the association. In a registered association, the board of directors or, if the association is unregistered, the chairman, chairman of the board or someone else who manages the association's affairs is responsible for the performance of the duties of the data controller." 

Recipient of personal data 
The personal data is handled by the association's board, member secretary, treasurer and bookkeeper. 

Storage period
The data is stored as long as the membership continues and is then deleted. 

Personal rights
Persons included in the membership register have the right to request access to and correction of their information. As long as the membership continues, it is not possible to request deletion of your data or to limit or object to the processing. 

Persons who are included in the member register have the right to lodge a complaint with the Data Protection Authority. 

Obligation to provide information

The Association Act requires that the association maintains a list of all members. If the information is not provided, it is not possible to be a member of the association. The webshop on the website Fristaden r.f with FO number 3138498-3 based in Finland processes personal data provided by the customer to fulfill and also confirm the conditions for processing electronic orders and deliveries and for the necessary communication during a statutory period.

General provisions

1. The personal data controller, in accordance with the GDPR  (hereinafter referred to as the "Regulation") is Fristaden r.f., FO number 3138498-3, based in Finland (hereinafter referred to as the "Personal Data Controller");

2. The contact details for the Personal Data Controller are: e-mail:, tel.: +358-468406423 3. Personal data is any information relating to an identified or identifiable natural person.

The source of personal data

1. The personal data controller processes personal data obtained with the consent of the customer and collected through the contract to purchase and fulfill the electronic order created in the web shop.

2.The personal data controller only processes identification and contact information for the Customer that is necessary for the contract to be fulfilled.

3. The personal data controller processes personal data for shipping and accounting and for the necessary communication between the contracting parties during the time required by law. Personal data will not be made public and will not be transferred to other countries.

Purpose of data processing 

The personal data controller processes personal data of the customer/member for the following purposes: 

1. Registration on the website Fristaden r.f in accordance with chapter 4, section 2 of the GDPR;

2. To fulfill the electronic order created by the customer/member (name, address, email, phone number);

3. To comply with laws and regulations arising from the contractual relationship between the Customer/Member and the Personal Data Controller;

;4.Personal data is necessary for contract/membership to be procured. Contracts/memberships cannot be entered into without personal data.

Duration of storage of personal data 

1. The Personal Data Controller stores personal data for the period necessary to fulfill the rights and obligations arising from the contractual relationship between the Personal Data Controller and the Customer and for 3 years after the conclusion of the agreement.

2.The personal data controller must delete all personal data after the end of the period required for the storage of personal data.

3. The storage period for personal data in connection with a membership is stored for as long as the membership continues and is deleted thereafter. 

Recipient and personal data controller of personal data 

Third parties that process personal data of the Customer are subcontractors of the Personal Data Controller. The services of these subcontractors are indispensable for the contract to be implemented, to purchase and process the electronic order between the Personal Data Controller and the Customer. 

The subcontractors of the Personal Data Controller are: 

  • Webnode AG (e-shop system);
  • Desky (Fakturerings/medlemsregister program)
  • Google Analytics (webbplatsanalys);

Clients rights

In accordance with the regulation, the customer has the following rights: 

1. the right of access to personal data;

2. the right to rectification of personal data;

3. the right to delete personal data;

4. the right to object to the processing of personal data;

5. the right to data portability; 

6. the right to withdraw consent to the processing of personal data in writing or via e-mail sent to:

7. the right to lodge a complaint with the supervisory authority in the event of a suspected breach of the regulation.

Security of personal data

1. The personal data controller ensures that all technical and organizational security measures are taken to protect personal data;

2. The data controller has taken technical security measures to ensure data storage spaces, in particular secure access to the computer with a password, use anti-virus software and perform regular maintenance of the computers.

Final provisions

1. By placing an electronic order on the website, the Customer confirms that it has been informed of all the conditions for personal data and accepts them in full;

2. The Customer accepts these rules by ticking the checkbox in the order purchase form;

3. The personal data controller can update these rules at any time. New, updated version must be published on its website.

The rules enter into force on 03.11.2020 


Article 13 of the GDPR in its entirety 

Information to be provided if the personal data is collected from the data subject 

1. If personal data relating to a registered person is collected from the registered person, the personal data controller must, when the personal data is obtained, provide the registered person with information about the following: 

a) Identity and contact details of the person in charge of personal data and, where applicable, of his representative.

b) Contact details for the data protection officer, where applicable.

c) The purposes of the processing for which the personal data is intended and the legal basis for the processing. 

d) If the processing is based on Article 6.1 f, the legitimate interests of the personal data controller or a third party.

e) The recipients or the categories of recipients who will have access to the personal data, where applicable. 

f) In applicable cases, that the data controller intends to transfer personal data to a third country or an international organization and whether a decision by the Commission on adequate level of protection exists or is absent or, in the case of the transfers referred to in Article 46, 47 or Article 49(1) second paragraph, reference to suitable or appropriate safeguards and how a copy of them can be obtained or where these have been made available.

2. In addition to the information referred to in point 1, the personal data controller shall, when collecting the personal data, provide the data subject with the following additional information, which is required to ensure fair and transparent processing:

a) The period during which the personal data will be stored or, if this is not possible, the criteria used to determine this period.

b) That there is a right to request from the personal data controller access to and correction or deletion of personal data or limitation of processing concerning the registered or to object to processing and the right to data portability.

c) If the processing is based on Article 6.1 a or Article 9.2 a, that there is a right to withdraw consent at any time, without this affecting the legality of the processing based on the consent, before this was withdrawn.

d) The right to lodge a complaint with a supervisory authority.

e) Whether the provision of personal data is a statutory or contractual requirement or a requirement that is necessary to enter into a contract and whether the data subject is obliged to provide the personal data and the possible consequences of not providing such data.

f) The existence of automated decision-making, including profiling according to Article 22(1) and 22(4), whereby at least in these cases, meaningful information must be provided about the logic behind and the meaning and anticipated consequences of such processing for the data subject.

3. If the personal data controller intends to further process the personal data for a purpose other than that for which it was collected, the personal data controller shall, prior to this further processing, provide the data subject with information about this other purpose as well as additional relevant information according to point 2. 

4. Points 1, 2 and 3 shall not be applied if and to the extent that the data subject already has the information."


Please note that this text does not constitute legal advice, but is a simplification of current law. The provider cannot be held responsible for how the information may be used or for the fact that the text is not updated. The right to changes is reserved.