Register- and data protection policy

This is data protection policy of Oktober Oy in accordance with with the EU’s General Data Protection Regulation (GDPR). Compiled 01.06.2021.

  1. The holder of the register

Oktober Oy, Latokartanontie 7 A, 00700 Helsinki, Finland

2. Person responsible of the register

Hannes Vartiainen,

3. Name of the register


4. Legal basis and purpose of the processing of personal data

 LEGAL GROUNDS FOR COLLECTING:  By joining Oktober’s as a supporter of the campaign, we expect a legitimate interest from you and us in informing you of the impact of your actions, such as signing a petition and offering you the opportunity to be more involved in Oktober’s activities. 


REQUIREMENT: If you do not provide this information to Oktober, we will not be able to process your actions or keep you up to date on the impact of your donation. The purpose of the processing of personal data is to compile a petition, to communicate with customers, to establish a customer relationship. 

Personal information may also be used to communicate and market to signatories in matters related to the petition, The Red Ring film or the Red Ring application. The data is not used for automated decision making or profiling. 

5. Informational content of the register

The information stored in the register is: person’s name, position, e-mail address

We will not retain your personal information for longer than is necessary for the purposes listed above, unless we are required to retain your personal information for a longer period in order to comply with legal and regulatory requirements. We will retain all the above information for 12 months after the petition is forwarded.

The IP addresses of the website visitors and the cookies necessary for the functions of the service are processed on the basis of a legitimate interest, e.g. to ensure data security and to collect statistics about visitors to the Site in cases where they may be considered personal data. If necessary, the consent of third-party cookies will be requested separately.

6. Regular sources of information 

The information stored in the register is obtained from the customer e.g. Messages and e-mails sent using web forms. 

7. Regular transfers of data and transfers of data outside the EU or the EEA 

The information is not regularly disclosed to other parties. The information may be published to the extent agreed with the customer. Data may also be transferred by the controller outside the EU or the EEA. 

Data will not be transferred to the United States without the consent of the data subjects. 

8. Registry Security Principles 

The register shall be handled with due care and the information processed by the information systems shall be adequately protected.  When register information is stored on internet servers, the physical and digital security of their hardware is adequately addressed. The controller shall ensure that the data stored, as well as the access rights to the servers and other information critical to the security of personal data, are treated confidentially and only by the employees whose job description it includes. 

9. Right of inspection and right to request correction of information 

Every person in the register has the right to check the information stored in the register and to request the correction of any incorrect information or the completion of incomplete information. If a person wishes to check or request the rectification of data stored about him or her, the request must be sent in writing to the data controller. If necessary, the controller may ask the applicant to prove his or her identity. The controller will respond to the customer within the timeframe set out in the EU Data Protection Regulation (generally within one month). 

10. Your rights related to the processing of personal data 

In accordance with data protection laws, you have certain rights, which you can exercise by contacting us by writing to Oktober Oy, Latokartanon 7 A, 00700 Helsinki, Finland, +358 44 5819 910 or by sending an e-mail to 

You have: 

the right to see the personal information held about you by making a request for verification in accordance with data protection laws. We may charge a reasonable fee if the request is unfounded or unreasonable.

the right to have personal data rectified if they are inaccurate or incomplete.

the right to have your personal data deleted in certain circumstances in accordance with data protection laws; 

the right to request a restriction on the processing of personal data in certain circumstances in accordance with data protection laws; 

the right to ask us not to process your personal data for marketing purposes or for purposes based on our legitimate interests. 

Please note that if you choose to exercise your rights to restrict or delete personal information, we may not be able to use your personal information.