We respect and value your privacy and we are committed to protecting it. This privacy policy contains information about what personal data we collect, what are the key principles of processing the data and what rights you have relating to your personal data.

GRETA processes your personal data in compliance with this privacy policy and applicable laws, so we ask you to read this policy carefully. We may do updates to this privacy policy from time to time associated with the development of our project procedures or changes in applicable laws. Updated privacy policy can be found on our website, so we ask you to visit this page from time to time.

By using our website or contacting us, you accept that we process your personal data according to this privacy policy. 

For what purposes is personal data collected and used?

We collect, store and process your personal data only for predefined purposes. The main purposes for processing personal data are:

  • project communications (newsletters and event invitations) and responding to contact requests.

What data you collect about me and from which sources?

We collect personal data about you mainly from yourself when you contact us or use our services. In addition to this, we may collect personal data about you from public sources and registers, such as organisational websites and social media channels. We also collect personal data about our website visitors with Google Analytics, so that we could analyze our website use, develop it further and for targeting relevant marketing content for our customers and website visitors.

Typically we may get the following personal data directly from you:

  • Name
  • Email address
  • Telephone number

Personal data from public sources:

  • Name
  • Email address
  • Telephone number

What is the basis for processing your personal data?

We make sure that we always have a legal basis to process your personal data. We may process your data on several different bases. Firstly, we may process your data to fulfil and execute a contract and to meet legal obligations. Secondly, we may process your data also to further our legitimate interests, which is operating and developing our research project. 

Who processes my personal data and is it transferred to anyone else?

Primarily your personal data is processed by people within our project. We may also outsource some parts of the processing to third parties, such as the data systems used to store and process personal data (MailChimp, Google Drive, Microsoft Teams). In these situations, we make sure with contracts and otherwise that the confidentiality of your personal data is secured and data is otherwise processed lawfully. We may also disclose information to fulfil our other contractual or legal obligations or when a legal authority requires a disclosure. 

Is my data transferred outside the EU?

By default, your data is not transferred outside the EU. Possible transfers would concern only such situations, where some of the servers where our data is stored are located outside of the EU (e.g. Mailchimp, Google Drive, Microsoft Teams). In these situations, we make sure that your data is transferred and processed in a legal manner with adequate safeguards.

How long is my data stored?

We will not store your personal data for a longer period than is necessary for its purpose or required by contract or law. All personal data will be stored five years after the end of the research project. We also intend to keep your data up to date.

How is my data stored and kept secure?

Your data is stored on the servers provided by our service providers, which are secured according to general industry standards and practices. We consider and keep your personal data confidential and do not disclose them to anyone else than those who need it for their work or confidentially to our customers based on contracts we have made with them. Access to your personal data has been protected with user-specific logins, passwords and user rights. 

Is it mandatory to provide personal data? What happens if I don’t give it to you?

If you don’t provide us some of your personal data or allow processing of it, it is very likely that we cannot contact you and involve you in our research project. If you don’t want us to process your data, we ask you to not provide us any personal data. 

Does your website use cookies and what are those?

We use cookies on our website to provide the best possible user experience for our website visitors. Cookies are small text files that are placed on a web user’s computer and are designed to hold a modest amount of data particular to a user and a website. Cookies give us information on how users use our website. We may use cookies to develop our website, analyze website use as well as target and optimize marketing efforts. If you do not wish to receive cookies, you may set your web browser to disable them. Please note that most browsers accept cookies automatically. If you disable cookies, you should understand that certain services on our website may not function correctly.

What rights do I have relating my personal data?

Withdraw your consent

If we process personal data based on your consent, you can at anytime withdraw your consent by notifying us, for instance by sending email to

Access to data

You have the right to have confirmed if we are processing your personal data and also to know what data we have about you. In addition, you have right to some supplemental information described in the law about the processing activities.

Right to have errors corrected

You have the right to request that we correct any inaccurate or outdated personal data we have about you.

Right to prohibit direct marketing

You have the right to request that your personal data is not processed for direct marketing purposes by sending us email to

Right to object processing

If we process your personal data based on public interest or our legitimate interest, you have the right to object processing of your data, to the extent that there is no such significant other reason that would override your rights or the processing is not necessary for handling legal claims. Please notice that in this situation we may not be able to serve you anymore. 

Right to restrict processing

In certain situations you have the right to require that we restrict processing of your personal data.

Right to data portability 

If we process your personal data based on your consent or fulfilling of a contract, you have the right to require a transfer of the data you have provided to us to another services provider in a commonly used electronic format.

How can I use my rights?

You can execute and use your rights by contacting us, for instance by sending email to Remember that we need to also verify your identity. If you consider that the processing of your personal data is not lawful, you can always also make a notification to a supervisory authority. 

Can this privacy policy be updated?

We may make updates to this privacy policy when our operations change or develop. Also changes in law may make it necessary to update this privacy policy. The changes become valid once we have published them in the form of an updated privacy policy. Therefore, please visit this page and read this privacy policy from time to time. 

Who can I contact in privacy matters?

Contact details:
Anne Himanka
Project GRETA, Data Protection Officer