Privacy policy

Data Controller

Name: Paradox Museum Helsinki / Science4all Oy Ltd
Business ID: 3414662-2
Address: Fabianinkatu 29, 00100 Helsinki

Person Responsible for Register Matters / Data Protection Officer

Company: Paradox Museum Helsinki / Science4all Oy Ltd
Name: Laura Suihkonen
Email: helsinkimm@paradoxmuseum.com
Address: Fabianinkatu 29, 00100 Helsinki

Name of the Register

User and marketing register of the online service

Legal Basis and Purpose of Processing Personal Data

The legal basis for processing personal data in accordance with the EU General Data Protection Regulation is the data subject’s consent (documented, voluntary, specific, informed and unambiguous). The purpose of processing personal data is to maintain customer relationships, marketing, and service development. The data is not used for automated decision-making or profiling.

Data Content of the Register

The data stored in the register may include: website addresses, IP address of the network connection, user accounts/profiles in social media services, organization and contact details, information about ordered services and changes to them, and other information related to the customer relationship and ordered services. We retain user data only for as long as necessary to fulfill the purposes defined above, in accordance with applicable legislation. IP addresses of website visitors and cookies necessary for the functioning of the service are processed based on legitimate interest, for example to ensure information security and to collect statistical data on website visitors in cases where they may be considered personal data. Consent is requested separately for third-party cookies when necessary.

Regular Sources of Information

The data stored in the register is obtained from the customer through, for example, messages sent via website forms, email, telephone, social media services, agreements, customer meetings, and other situations where the customer provides their information. Contact details of representatives of companies and other organizations may also be collected from public sources such as websites, directory services, and other companies. The website uses Google Analytics and other analytics tools to generate reports on the use of our website so that we can improve our website and services. More information about Google Analytics is available at http://www.google.com/analytics. You can opt out of Google Analytics tracking by installing a browser add-on from https://tools.google.com/dlpage/gaoptout.

Regular Disclosures of Data and Transfers Outside the EU or EEA

Data is not regularly disclosed to other parties. Data may be published to the extent agreed with the customer. As a rule, we do not transfer data outside the EU or EEA. Data is not transferred to the United States without the explicit consent of the data subjects.

Principles of Register Protection

Due care is taken in processing the register, and data processed through information systems is appropriately protected. When register data is stored on Internet servers, the physical and digital security of the hardware is properly ensured. The data controller ensures that stored data, server access rights, and other information critical to the security of personal data are handled confidentially and only by employees whose job duties require it.

Right of Access and Right to Rectification

Every person in the register has the right to check their stored data and to request the correction of any incorrect or incomplete data. If a person wishes to review their data or request corrections, the request must be submitted in writing to the data controller. The data controller may, if necessary, request proof of identity. The data controller will respond within the time required by EU data protection legislation (generally within one month).

Other Rights Related to the Processing of Personal Data

A person in the register has the right to request the deletion of their personal data (“right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as the right to restrict processing in certain situations.

Requests must be submitted in writing to the data controller. The data controller may, if necessary, request proof of identity. The data controller will respond within the time required by EU data protection legislation (generally within one month).

The supervisory authority is the Office of the Data Protection Ombudsman. Contact details:
Visiting address: Ratapihantie 9, 6th floor, 00520 Helsinki
Postal address: P.O. Box 800, 00520 Helsinki
Telephone: +358 29 56 66735
Prepared on 10 March 2026. Last updated on 10 March 2026.