TurvaRiepu - Privacy Policy
Effective Date: 8th of September 2025
1. Data Controller and Contact Information
TurvaRiepu is an online discussion forum and part of the RIEPU.FI cultural magazine. This policy explains how we process your personal data.
Data Controller: Bjorn Osterman, 16 Hindersbolevagen 21, 22100 Mariehamn, Åland Islands
Location: Mariehamn, Åland Islands, Finland
Email: riepulehti@gmail.com
Website: https://turva.riepu.fi
2. Personal Data We Collect and Legal Basis
We only collect data that is necessary for the Service's operation and security.
Account Registration
When you create an account, we collect your username and email address. We also store an encrypted password, registration date, and IP address. This data is collected to provide access to forum features, prevent abuse, and fulfill legal obligations. Legal basis: contract with the user and legitimate interest (secure service operation).
Social Media Login (OAuth)
If you register or log in through social media, we receive basic information from the service provider (e.g., Google, Facebook, LinkedIn), such as your name and email address. We do not access your social media passwords. Legal basis: consent.
Messages and Comments
When you participate in discussions, we store the content of messages and comments, timestamps, sender IP address, and user agent information. This data is used to display service content, for moderation, and to prevent abuse. Legal basis: legitimate interest.
File Uploads
If you upload images or other files, they are stored on our servers. Note that file metadata may persist, so remove any location data (EXIF) from images before uploading. Uploaded files are visible to other users.
Cookies and Analytics
We use cookies for forum functionality, such as maintaining login sessions and storing your preferences. We do not collect personal data through cookies that would identify you individually. We may use anonymous analytics (e.g., Google Analytics) to analyze website usage patterns. Analytics data is always anonymized. Legal basis: legitimate interest.
3. Data Transfer and Sharing
We do not sell, rent, or otherwise transfer your personal data to third parties for marketing purposes. Data may be shared with the following parties:
Service Providers
We use external service providers (e.g., hosting provider RackNerd, USA) who process data on our behalf. We ensure through contracts that your data is processed lawfully and with adequate security measures.
Authorities
We may be required to disclose data based on law or court orders.
Third-Party Services
We use services such as reCAPTCHA to prevent spam and Gravatar service to display profile pictures. These services have their own privacy policies.
4. International Data Transfers
Our servers are located in the United States. By using the Service, you consent to the transfer and processing of your data in the United States.
5. Data Retention Period
User accounts: Your data is retained as long as your account is active.
Deleted accounts: Personal data is deleted within 30 days of account deletion.
Messages and comments: Messages and comments may be retained for service continuity but are anonymized (your username is removed).
Log files: Security-related log data is retained for a maximum of 12 months.
6. User Rights (GDPR)
GDPR grants you several rights regarding your personal data. You may request at any time:
Right to Access and Rectification
You may request to verify what personal data about you is stored and correct incorrect information.
Right to Erasure ("Right to be Forgotten")
You have the right to request deletion of your personal data. Please note that in some cases we cannot delete all data due to legal requirements.
Right to Data Portability
You may request your personal data in a transferable format for another data controller.
Right to Restrict Processing and Object
You may restrict the processing of your personal data or object to processing based on our legitimate interest.
Exercising Your Rights
Send your request by email to riepulehti@gmail.com with the subject "Privacy - TurvaRiepu".
7. Data Security
We are committed to protecting your personal data. We use appropriate technical and organizational measures, such as encrypted passwords and HTTPS connections. Please note that no data transmission over the internet is completely risk-free.
8. Children's Privacy
The Service is intended for users over 16 years old. We do not knowingly collect or process data from minors.
9. Changes to Privacy Policy
We may update this policy periodically. Changes take effect when published on this page. Continued use of the Service constitutes acceptance of the updated terms.
