Privacy Policy

Version: 1.2
Last changes: 19.02.2026

Controller

The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

Vihreä Pourusmäki ry
Kuisemantie 150
36660 Laitikkala
Finland
Vihreä Pourusmäki ry website

For privacy-related inquiries, please contact us via the contact form on our website or via the official contact email published there.

Scope of this Policy

This Privacy Policy applies to the digital services operated under the European Permaculture Network (EuPN), including:

• Permaculture Network
• Permateachers
• the EuPN community forum
• the EuPN Nextcloud instance
• related newsletter services

Principles of Data Processing

We process personal data in accordance with the GDPR and applicable Finnish data protection law.

We collect and process personal data only where:

• it is necessary for providing our services,
• you have given consent,
• it is required to comply with legal obligations, or
• it is based on our legitimate interest in operating secure and stable digital infrastructure.

We do not sell personal data and do not use it for advertising purposes.

Registration and User Accounts

When registering on our websites or services, we collect:

• email address
• username
• profile information voluntarily provided

Purpose:

• account creation
• access to member features
• communication regarding platform services

Retention:

• Data is stored as long as the account remains active.
• Users may request deletion of their account at any time.

Public Content (Profiles, Forum, Comments)

Registered users may publish content such as:

• profile information
• project descriptions
• event listings
• forum posts
• comments

Please note:

• This content may be publicly visible.
• Users are responsible for the information they choose to publish.
• Upon account deletion, personal data will be deleted unless retention is required for legal or integrity reasons (e.g., preserving discussion structure in the forum).

Nextcloud Services

EuPN provides a Nextcloud instance for file storage and collaboration.

Data processed may include:

• files uploaded by users
• metadata (timestamps, file size, user ID)

Purpose:

• document storage
• collaboration within EuPN activities

Access:

• Access is restricted to authorized users.
• Administrative access is limited to system administrators.

Retention:

• Files remain stored until deleted by the user or account removal.

Newsletter

We send newsletters up to six times per year.

Data collected:

• email address
• optional name (if provided)

We use a double opt-in procedure. You may withdraw consent at any time via the unsubscribe link.

Retention:

• Until unsubscribe.

Cookies and Analytics

Session Cookies

We use session cookies required for website functionality.

Matomo Analytics

We use self-hosted Matomo Analytics.

• IP addresses are anonymized.
• No personal profiling is conducted.
• Data is used solely for improving the website.
• Opt-out available.

Server Log Files

Our hosting provider automatically collects server log data, including:

• IP address
• browser type and version
• access time
• requested pages

Purpose:

• security
• system stability
• abuse prevention

Retention:

• Log files are retained for a limited period (typically 45 days), unless required for legal reasons.

We have data processing agreements in place with service providers where required.

Embedded Third-Party Content

We embed external services such as:

• YouTube
• Vimeo
• OpenStreetMap

When such content is loaded, data (including IP address) may be transmitted to the respective provider.

Some providers may process data outside the EU.

Please consult the respective providers’ privacy policies for details.

Data Transfers Outside the EU

Where third-party providers are located outside the EU/EEA, data transfers are based on appropriate safeguards under GDPR, such as Standard Contractual Clauses.

Data Retention

We retain personal data only as long as necessary for:

• providing services
• fulfilling legal obligations
• protecting system integrity

Retention periods depend on the type of data and purpose.

Your Rights

Under the GDPR, you have the right to:

• access your personal data
• request rectification
• request erasure
• request restriction of processing
• object to processing
• request data portability
• withdraw consent at any time

You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman.

Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

• encrypted connections (HTTPS)
• access controls
• limited administrative access
• secure hosting infrastructure

Automated Decision-Making

We do not conduct automated decision-making or profiling.

Changes to this Policy

We may update this Privacy Policy when necessary to reflect legal or technical changes. The latest version will always be available on our website.

Continued use of the platform after updates constitutes acceptance of the revised Privacy Policy.

Server Log files

Our hoster has access to the servers logfiles. In that logfiles all for the webserver necessary information is stored, for example your IP, your browser type and version, whether or not a connection was made, etc. Those logfiles are kept for some time and in case of violation of law they will be handed out.

Data we collect when you use the website's services

Registration

In order to use some features of this website registration is necessary. During the registration process you have to provide a valid e-mail address. We don't share your e-mail address with 3rd parties.

Newsletter

We offer a newsletter that we send 4 times a year. We use our own software and we use a double-opt in. If you receive a newsletter from us but you haven't subscribed please info [at] permaculture-network [dot] eu (contact us via mail.)

Contact form

The information you provide by using the contact form is solemnly used to get in contact with you.

Comments

We only offer the possibility to post comments to registered users. See "Registration".

3rd party content providers

Videos

We use different video providers. Those providers might place their own tracking and they have their own privacy policy. Youtubes' is at https://support.google.com/youtube/answer/7671399?hl=en. Vimeos' is at https://vimeo.com/privacy

Maps

We use OpenStreetMap to geocode the addresses displayed at the places & events. By that the address is transmitted to OpenStreetMap and then send back to us as geocode. We use OpenStreetmap, an OpenSource tool, to display map data. We run our own OpenStreetMap proxy server to display the tile images.