Privacy Policy

Name of the register

6Aika: HIPPA – Wellbeing and better service housing through digitalisation / company- and personal data register

Who we are

The address of our web page:

Contact person of the project and register:Toini Harra, project manager, Metropolia University of Applied Sciences, Myllypurontie 1, 00920 Helsinki. E-mail: toini.harra(at), tel: +358 40 334 6102.

Controller:Metropolia University of Applied Sciences Ltd, Company ID 2094551-1

The person in charge of the Controller:Riitta Konkola, principal, CEO

The person in charge of the register:Riikka Harju, Head of department, Metropolia UAS, Myllypurontie 1, 00920 Helsinki, riikka.harju(at)

Data protection officer:Tuulia Aarnio, Metropolia UAS, PO BOX 4000, 00079 Metropolia

What kind of personal data we collect and why 

We collect information related to our website and its wordpress platform, as well as information related to project activities for the functionality of the co-operation in the project.

Data related to this project and how it is protected:

Personal data groups to be processed

  • If the data to be processed is not directly received by the data subject (Article 14), the controller must inform the data subjects about the personal data groups to be processed. We will process the basic information related to the themes of the project (see the section Content of the Register). If you have not specifically provided information or permission to provide it to us on request, we will not process any information showing race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health information, sexual orientation or behavior, or genetic and biometric data for identification.

Purpose of the use of the personal data

In the registry, we process personal information about our customers, partners, reference groups, and potential customers and their representatives. The information is used for collaboration, customer communication and project information.

Content of the Register

We collect information about your name, phone, email, address and other information provided by you as well as business IDs. We use cookies to collect measurable data about the visitors which we use, for example, when designing our marketing. In this way, we can target our communications as accurately as possible.

The following information can be saved from the data subject (you as a registered person):

  • Name, email and title / area of ​​responsibility of the person
  • Company name, contact information, business ID and industry
  • Information on customer relationship, collaboration and communication (e.g., ordering and canceling project services, feedback, and audio-visual recordings of events)
  • Internet behavior information on HIPPA web sites and services and social media platforms
  • Marketing and promotional information, such as marketing activities directed at the data subject and participation in them (eg participation in workshops, competitions, training and events)
  • Technical data and cookies and related information sent to the data subject´s  browser

Data sources of the Register

Collecting name and other contact information is based on a customer relationship or other connection to the HIPPA project. We collect information when signing an agreement, signing up, or using the services of the HIPPA project. We can approach people either through a newsletter or by email. If you do not want to be in contact with us in these ways, you can announce it immediately or cancel the newsletter through the link in it.

We collect personal information mainly from you. We may also receive personal information from your employer or other person who will sign you up in an event or training we offer.

We also track cookies. Your visit on HIPPA website leaves a track, IP address. Personal data may also be purchased for non-recurring marketing use from outside HIPPA project. We can also collect personal information from public sources.

Disclosure of information

Information is not disclosed to a third party for marketing purposes. For some of our training, we use external training providers or platforms for sharing and discussing educational materials. In such a case, we may disclose your necessary information, such as your name and email address to the service provider. For some of our training, you can get a third-party certification at the end of your training. In such a case, we may disclose the information you need to issue the certificate, such as your name, to the issuer of the certificate.

Transfer of data outside the EU or the EEA

We may use service providers who may have access to your personal information outside the EU / EEA area, such as the United States, to process your personal information. We will ensure that shipments are properly and lawfully enforced in accordance with the law on the processing of personal data.

In all circumstances, we will only transfer your personal information outside the EU / EEA area on one of the following legal grounds:

  • The European Commission has decided that an adequate level of data protection has been ensured in the recipient country concerned
  • we have taken appropriate safeguards to transfer your personal information using the standard data protection clauses approved by the European Commission. You then have the right to receive a copy of these standard phrases by contacting us; or
  • you have given your explicit consent to the transfer of your personal data, or there is another legitimate ground for transferring your personal data outside the EU / EEA area, such as the Privacy Shield Scheme approved by the European Commission for the United States.

Register protection and retention of personal data

We respect the confidentiality of your personal information. The register is stored in a database protected by firewalls, passwords and other technical means, accessible to authorized persons of the HIPPA project.

  • We will keep the data until the end of the project (31.12.2020) and 2 years after the end of the project for a possible follow-up project.
  • Obsolete and unnecessary information will be disposed in an appropriate manner. We will only retain personal information for as long as it is necessary for the purposes of processing the personal data specified in this Privacy Notice. Due to the obligations of the Accounting Act or other applicable law, the data may need to be kept longer than the aforementioned period.

Rights of the data subject

You have the right at any time to oppose the processing of your personal data for direct marketing purposes. Each direct email sent by the HIPPA project has a legal link to prevent direct mail from being sent to you in the future.

In addition, you have the right, at any time, according to applicable privacy laws to:

  • receive information about the processing of your personal data;
  • access your own information and verify the personal data we process;
  • to require rectification and supplementation of inaccurate and incorrect personal data;
  • require removal of your personal information
  • withdraw your consent and oppose the processing of your personal data to the extent that the processing of your personal data is based on your consent;
  • oppose the processing of your personal data on the basis of your personal specific situation, to the extent that the processing of your personal data is justified by our legitimate interest;
  • receive your personal data in machine-readable form and transfer this information to another registrar, in such cases that you yourself have provided us with the personal data in question, we process the personal data in question on the basis of the agreement or your consent and the processing is performed automatically; and
  • require to restrict the processing of your personal data.

We may ask you to specify your request and verify your identity before processing the request. We may refuse to execute your request on the basis of the applicable law.

You also always have the right to appeal to the relevant supervisory authority or to the supervisory authority of the EU Member State in which you have your residence or place of work if you consider that we have not processed your personal data in accordance with applicable data protection legislation.

You must submit your requests for your rights in writing or by email with the following contact information:

Toini Harra
Metropolia UAS, Myllypurontie 1, 00920 Helsinki
email: toini.harra(at)
tel: +358 40 334 6102

The HIPPA project responds to requests within 1 month of the request unless there are specific reasons to extend the response time.

Changing the Privacy Policy

We are constantly working to improve our services and therefore reserve the right to change this privacy policy by notifying it on this page.

The website and its wordpress-platform:


When site users leave comments on the site, we collect the information in the comment form, as well as the user’s IP address and browser version information to help identify the junk mail.

When visitors leave a comment on this site, we collect information about the IP address and browser version of the information that appears in the comment fields. Anonymised hash created from an email address can be sent to Gravatar to know if the commentator is a user of the service. You can find the Gravatar Privacy Statement at


If you upload images to this site, you should avoid downloading images that have saved location information (EXIF GPS). Site visitors can download and view location information from images on the site.

Contact forms

Through our company contact form, we collect company name and business ID, contact person name, email address, and phone number. We also ask you to tell us how you prefer us to contact you. The form also asks for permission to save data for project use.


If you leave a comment on the site, you can choose to save the name, email address, and url address to the cookie. This feature adds convenience, because the form doesn’t have to be filled in every time you add a comment. The cookie information will be removed from the browser after one year.

If you have an account and log in to the site, we will set up a temporary cookie that determines whether or not your browser supports cookies. This cookie does not contain any personal information and will be deleted when the browser window is closed.

When you log in, we set up a number of cookies that will save your login and display settings. The login cookies will be removed within two days, the cookies associated with the display settings will be deleted within a year. If you choose “Remember Me” during login, your login information will be stored for two weeks. If you sign out, the login cookies will be deleted at the same time.

If you publish an article or edit an existing one, we will store a cookie containing the article ID to be edited in the browser. The cookie expires in one day.

Content embedded in other sites

Articles on this site may contain embedded content (such as videos, images, articles, etc.). Opening embedded content imported from other sites is comparable to the visitor actually visits a third-party site.

These sites may collect information from you, uses cookies, embed third-party tracking cookies and monitor interaction with embedded content, including the monitoring of interaction if and when you are signed in as a user site.


We collect information related to the use of the site through various analytical tools, such as Google Analytics.

To whom we share your information

In principle, we do not share your information with third parties. Possibly, we can tell you about the reference groups of personal data register administrators related to our topic.

How long we keep the information

If you leave a comment, the comment and its metadata will be retained for the time being. This is because we can automatically recognize and accept the following comments instead of keeping them in the moderation queue.We will store user profile information for registered users (if any). All users have the opportunity to see, edit and delete their personal information at any time. Only the user name cannot be changed. Webmasters can view and edit user profile information.

What rights do you have for your information

If you have a user account for this site or have left comments, you can request a compilation file of your personal information, including any personal information you have provided to us. You can also request removal of your personal information. The right to delete your personal data does not apply to any personal data that we have to keep for maintenance, legal, or security reasons.

Where we send your information

Visitors´ comments may be reviewed through an automated spam protection service.

Your own contact information

We will retain your name and email addresses as well as any information you provide on the website’s wordpress platform.

More information

How we protect your personal information

We keep your personal information in a digitally protected service. The information is only visible to project operators.

How we act in case of a data breach

If our register becomes hacked, we will fix the issue within a reasonable time and notify the people in our register.

Automatic decision making and profiling related to personal data

Data is not used for automated decision making or profiling.

Industry related legislation

The Privacy Statement is based on the EU Data Protection Regulation (2016/679, hereinafter referred to as the Data Protection Regulation) and the Personal Data Act (523/1999).