Privacy policy

This is Maritime Centre Vellamo’s privacy policy, which is based on the EU General Data Protection Regulation (GDPR).


The policy applies to the processing of personal data at Maritime Centre Vellamo, which houses the Maritime Museum of Finland and the Museum of Kymenlaakso. The organisations providing museums are the Finnish National Heritage Agency/the National Museum of Finland and the City of Kotka, which have signed an agreement to serve as the controller of Vellamo’s data files.


1. Name of data file

Maritime Centre Vellamo’s customer register


2. Controller

Maritime Museum of Finland and Museum of Kymenlaakso
Postal address: Tornatorintie 99 B, 48100 Kotka
Street address: Tornatorintie 99, 48100 Kotka


3. Contact persons responsible for the data file

Development Manager Annika Utriainen, +358 (0)40 674 3692, annika.utriainen(at)
Data Protection Officer Juha Reihe, tietosuojavastaava(at)


4. Purpose and legal basis for processing personal data

We process personal data for the purpose of customer services related to Maritime Centre Vellamo. This may involve contact with interest groups, maintaining customer relationships, service invoicing, operational development, marketing and/or communications. We do not use the data for automated decision-making or profiling.

Legal grounds for the processing of personal data based on the GDPR:

– Controller’s legitimate interest
The data has been obtained on the basis of a customer relationship, GDPR Section 6(1)(b)

– Personal consent
The data has been obtained on the basis of a personal consent, GDPR Section 6(1)(a)

– Possible other contracts
Contracts that involve the data subject or that are instituted upon a third party disclosing information to the controller.


5. Content of the data file and data subject groups

Information stored in the customer data file:
– First and last name
– Address
– Telephone number
– Role/title/status
– Organisation/company/other connection
– E-mail address
– Possible invoicing information

Data subject groups:

– Interest groups of the museums
– Invited guests to exhibitions
– Conference guests
– Customers of the museum shop
– Subscribers to the Vellamo newsletter
– Subscribers to the educational newsletter
– Media contacts
– Marketing register

Period of storing the collected information:
We will only store personal data for as long as it is necessary to perform the tasks for which we require them. We update all personal data every ten years, at which point any unnecessary data are removed. We also remove the relevant information in the event that data subjects remove themselves from the customer register or indicate their wish to do so.


6. Recipients or recipient groups of personal data

We process personal data in the context of invitations and registrations for tour reservations, space reservations and event management for Maritime Centre Vellamo.
As regards customers that require invoicing, we regularly disclose information to Kunnan Taitoa Oy, which handles the invoicing for the Museum of Kymenlaakso and Palkeet, the Finnish Government Shared Services Centre for Finance and HR that handles the invoicing for the Maritime Museum of Finland. In the context of paid services, we disclose information to Sarastia Oy (company handling the payment transactions for the City of Kotka).


7. Regular data sources

We receive all information stored in the data file from the customers themselves through e-mail, telephone, social media services, contracts, customer meetings, public events and other situations where customers disclose their information.


8. Regular information disclosures and transfer outside the EU or EEC

Maritime Centre Vellamo does not disclose customer register data to any parties outside the EU or EEC.


9. Register protection principles

– We take the utmost care in the processing of any personal data in our customer register.
– We utilise data systems to protect the processed data in the appropriate manner.
– In the context of storing registered information on our web servers, we take the appropriate steps to ensure their physical and digital data security.
– We require personal usernames and passwords from anyone accessing the stored data and ensure that every instance of data access is recorded in the register.
– We process the stored data in confidence and ensure that the data is only processed by the employees whose tasks require them to do so.
– All employees who access the service have signed a confidentiality agreement.


10. Right to access and request the rectification of information

You have the right to check any information stored in the date file in relation to you and request the correction or supplementation of any erroneous or deficient information. If you would like to check the data stored on you or request correction, please send a written message to the controller to If necessary, the controller may ask you to verify your identity.


11. Other rights related to the processing of personal data

Right to object
You have the right to object to the processing of personal data if, at any time, you find that we have processed your personal data in violation of the law or that we do not have the right to process certain personal details.

Direct marketing prohibition
At any time, you have the right to prohibit us from using any of your details for direct marketing. We do not sell or otherwise disclose personal data to other parties for direct marketing purposes.

We may purchase digital advertising from providers such as Facebook and Google. However, these companies will never receive your personal data. Furthermore, this kind of advertising is not direct marketing and is instead based on cookies. For more details, please see the section ‘Cookies’.

Right to erasure
If you find that the processing of any information related to you is not relevant for the purpose in question, you are entitled to request that we remove the data in question. Once we have processed the request, we will either delete the information or justify why could not do so. If you disagree with our decision, you have the right to file a complaint with the data protection ombudsman. You also have the right to restrict us from using any contested data for as long as it takes to resolve the matter. If your find that your personal data has been processed unlawfully, you may file a complaint with the data protection ombudsman.

If you would like the data stored on you to be removed, please send a written message to the controller to If necessary, the controller may ask you to verify your identity.