Privacy policy

The Research Institute of the Finnish Economy Etla conducts research based on statistics, registers, surveys and interviews, publishes research studies, reports and memorandums, and organises meetings, seminars and other events.

Invitees to events organised by Etla include representatives of financiers, other stakeholders, collaboration partners and the media. In addition to publications and events, we communicate on our activities through channels such as the website, newsletters and by mail.

In its research, Etla makes use of both public and private sources of information and processes anonymised and pseudonymised as well as identified or identifiable personal data.

In this privacy statement, we explain how we use the data in our research and utilise the data of our partners and stakeholders for the purposes of communication and organising events.

Data controller

Elinkeinoelämän tutkimuslaitoksen kannatusyhdistys r.y.
Business ID: 0211067-6
Address: Arkadiankatu 23, FI-00100 Helsinki
Telephone: +358 (0)9 609 900

Contact person for the data controller

Markku Lammi
Arkadiankatu 23 B, 00100 Helsinki

Purpose and legal basis of processing personal data

Etla processes large quantities of data for the purpose of conducting various research for the benefit of the Finnish economy. We are a non-profit, independent economic research institute and conduct exclusively non-commercial research.

We also process the personal data of our partners and stakeholders and visitors to our website. The purpose of processing personal data is to communicate and share details on Etla’s activities, extend invitations to events and carry out other needs related to Etla’s activities (such as offering open positions). We process data exclusively for the purposes of conducting and maintaining research and communicating on our research through various channels.

In processing personal data, we comply with Finnish data protection legislation.

We collect personal data for research purposes mainly from data subjects themselves, typically by means of surveys and interviews. We also collect data from various public and private registers. The updating of data collected in this way is carried out either manually or by automated means.

The legal bases for processing personal data are the following clauses of Article 6 of the EU General Data Protection Regulation:

  1. a) you have given consent to the processing of your personal data for one or more specific purposes;
  2. b) processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
  3. f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by your interests or fundamental rights which require protection of personal data.

Etla and its partners also have so-called “legitimate interests” under the EU General Data Protection Regulation, such as the right to promote our activities by means of communication and holding various events. On the basis of our legitimate interest, we may, for example, send newsletters and invitations using your contact details. Other legitimate interests that serve as basis for processing your personal data include research, development of our activities, and analyses and statistics for the purpose of services maintenance.

We also process personal identity numbers for the purpose of identifying authorised representatives of companies for statistical research. The right to process personal identity numbers is based on Section 13 of the Personal Data Act, and we are committed to processing them only for the purposes of historical or scientific research or statistics.

We process personal data in the registers covered by this privacy statement for the duration specified in the privacy notices of each research project, or for as long as a customer relationship or comparable relationship exists between us and the data subject, or for as long as processing is justified on the basis of our legitimate interests described above.

Categories of personal data

In research use

Our registers intended for research purposes may contain the following categories of personal data collected for research use:

Name, telephone number, email address, employer, title, address/work address, other public information about the employer, IP address, work history and competences as supplied by the data subject, data subject’s evaluation of their occupation, employer and industry, sex, education, board memberships and position within the company. For the purpose of identifying authorised representatives of companies for statistical research, we process basic information reported in the Trade Register that may include personal identity numbers.

In communications

We maintain registers on customers, invitations, and contact details and enrolments.

Our registers may contain the following personal data for the purposes of public and private communications:

Name, telephone number, email address, employer, title, address/work address, other public information about the employer, IP address, information on participation at events hosted by Etla, information on communications targeted at the data subject and replies, such as invitations to events.

Our IT system records log data on events.

In addition to the above, job and internship applications include the following identifying data: date of birth, educational institute, date of graduation, academic transcript, work experience and free-form cover letter.

Regular sources of personal data

For the purpose of communication, we collect data from public sources and from data subjects who themselves contact Etla. For research purposes, we purchase from Asiakastieto Oy the following basic personal data reported in the Trade Register by authorised representatives of companies: position or role within the company, personal identity number (date of birth in the case of non-Finnish representatives) and email address. The email addresses of authorised representatives of companies have also been collected directly from the websites of companies.

Data subjects’ right of erasure, access and rectification of data

You have the right to access your personal data or demand their rectification or erasure in accordance with and within the limits of applicable data protection legislation by mailing a written and signed request for access, rectification or erasure to the controller’s contact person. If you choose to use your right to erase your personal data and we are not entitled or obligated to continue their processing under data protection legislation, we can no longer, as the controller, comply with a possible prohibition on direct marketing as we retain no information on the data subject whose data has been erased.

Transfers and disclosures of data

In research use

We will not transfer personal data outside the EU or EEA. We will not provide, sell or otherwise disclose your personal data to third parties unless explicitly stated otherwise in the research plan and the request for consent.

In communications

We will not transfer personal data outside the EU or EEA.

We will not provide, sell or otherwise disclose your personal data to third parties with the exception of the following.

We may disclose your personal data to third-party processors for the purpose of providing services to us. Such services may include marketing, software services and event production. We will not allow third parties to process the data for purposes other than the provision of the specified services to us in accordance with this privacy statement and applicable data protection legislation.

We will disclose your personal data to our partners with whom we organise joint projects, such as events.

At our discretion, we may disclose the personal data of participants in our events to other participants in the same event if this is appropriate due to the nature of the event (such as events organised for stakeholders).

Principles of protection of personal data

As the data controller, we employ the appropriate technical and organisational security measures in order to safeguard your personal data.

Access to the personal data filing system is permitted only to employees who have the right to process the data by virtue of their duties. Each employee has their own username and password to the system. The data are stored in databases which are protected with firewalls, passwords and other technical means. The databases and their backup copies are situated in locked facilities, and access to the data is permitted only to designated persons.

Manually maintained and/or processed data are situated in facilities with restricted access by outsiders.

Retention period of personal data

We retain personal data for as long as is necessary for carrying out the purposes specified in this privacy statement.

Possible disputes

In the event that a dispute arises between the data subject and controller concerning a matter related to the filing system and the dispute is not resolved within a reasonable period of time, the data subject has the right to lodge a complaint with the supervisory authority. Office of the Data Protection Ombudsman, Ratapihantie 9, 6th floor, 00520 Helsinki, P.O. Box 800, FI-00521, Helsinki

Other terms and conditions

The registers covered in this privacy statement and the processing of personal data retained in them shall be subject to Finnish law and EU law directly applicable in Finland, such as the EU General Data Protection Regulation.

We are continuously developing our operations and may make changes to our policies for processing personal data. If necessary, we will amend this privacy statement to reflect the changes in our policies.

The amendments may also be due to changes in legislation. We recommend that you revisit the content of this privacy statement regularly.

Our cookie policy

We collect data on the use of our website by means of cookies and other similar technologies. We use these technologies to develop our website and improve user experience. Cookies can be used to identify and count the browsers that visit our website. Data collection technologies similar to cookies include the browser’s local storage and application and device identifiers.

Amendments to the privacy statement

Etla continuously develops its operations and therefore reserves the right to amend this privacy statement by an announcement on its website.