Skip to content

Data Protection Policy

Updated 26.4.2024

1. Purpose and basis for personal data processing

Maintaining and exhibiting the museum’s collections and offering researchers access to archived
Information about the museum’s stakeholder and customers is also needed for information and marketing,
as well as for sending the museum’s publications and invitations.
Personal data is stored only as long as it is necessary, to complete the data processing. It is periodically
checked whether it is still necessary to store the personal data; if not, the personal data is removed. The
documents are preserved according to the city’s archive statute and the Archives Act 831/1994.

2. Data conent of the register

Information necessary for the museum (e.g. information about donors): name, contact information, social
security number/business ID number (the last mentioned for invoicing).
Name, occupation, year of birth (and year of death) of persons appearing in collections and exhibitions, if
necessary family background.
Photographs for documentation purposes (family, school, kindergarten, hospital and similar).
Lists of invited guests: name and address.
Researchers are given access to extensive collections of photographs from the late 19th century to the
present day. Photographs can also be ordered for private use.
Old donor index cards: the name of the donor.
Donation and loan agreements: name and contact details of the contracting party.
The donation and loan agreements are maintained using forms that are common to the professionally run
museums in western Uusimaa.
Information about the collections is stored in digital format in the database Yksa, which is maintained by
Disec Oy. In addition to basic personal data, a lot of background and family information can be added to the
system if necessary.
The registers of migrants are stored in the archives of the Åbo Akademi University and the Migration
Institute of Finland in Turku.
The invitation lists are inserted into a Word file and made into mailing labels.
Membership applications to the friends of the museum of Hanko, Hangon museon ystävät ry: name,
contact details. Data is stored on the website until the data has been transferred (a maximum of 2 months)
to the member register maintained by Hangon museon ystävät ry.
The web service’s browsing history and user data (e.g. information about how the user got to the web
service, browsers and devices used, cookie script, time spent on the service, geographic location etc.)

3. Usual sources of the information

  • Relatives
  • The office of the church
  • Donators
  • Other archives
  • Literature and other old newspapers
  • Site forms
  • Matomo web analytic platform

4. Purposes for which personal data usually are disclosed

The number of visitors (no personal data) is provided for statistical purposes.
Pictures from the collection of old photographs can be handed over for research and private use.
Old photographs are posted daily on the Instagram and Facebook pages of the museum of Hanko and on
Minun Hankoni.

5. Data transfers outside the EU or EEA

Data is not usually transferred to countries outside the EU or EEA.
The museum’s material on migration can be loaned on request and through a special agreement to, for
example, the United States.

6. Principles of registry protection

6.1. Manual materials

Manual materials (old photographs) are stored in locked filing cabinets, and the museum office has
lockable cabinets.

6.2. Electronic material

Information systems can only be accessed with a username and password. The database is protected by
server user IDs and passwords.
User rights and user codes are only given to people using the program. The user name is given at the same
time as the user rights. The right of use ends when the person leaves the tasks for which the user right has
been granted. At the same time, the user name is deactivated. The user right is associated with the work
tasks and contains the restrictions required by the task. Each user accepts the commitment regarding the
use and confidentiality of data and data systems upon obtaining access rights.
The city has drawn up practical guidelines that are applied in cases of data protection breaches or threats

7. Inspection right

Everyone has the right, regardless of privacy regulations, to find out what information about him/her/them
has been stored in the personal register, or whether there is no information about him/her/them in the
The registered person can submit a request to check their data in person or in writing to the register’s
contact person or the person in charge of the register.

8. The right to request correction of information

The record keeper must, without undue delay, on his own initiative or at the request of the registered,
correct, delete or supplement any registered personal data which, given the purpose of the processing, is
incorrect, unnecessary, deficient or outdated.
A legal request for the correction of incorrect information must be made to the register’s contact person;
the request must be made in writing.

9. Right of prohibition

The data in the customer information system is confidential. The data is not transferred if the person
requesting information or receiving it does not have a legal right to receive the information. The registrant
does not have to show any special prohibition against disclosure of information.

10. Informing the registrant

The registered person has provided the information himself, some of the information has been provided by
The data protection statement can be viewed on the city of Hanko’s website.

11. Register administration

The person responsible for the register has the main responsibility of the content.
The contact person is responsible for practical measures and also for keeping the data protection policy up
to date.
The Museum of Hanko acts as the keeper of the register. The user can contact the museum at any time.

Registrar and contact details:

Laura Lotta Andersson
Museum director
+358 (0)40 135 9224

Hanko Museum Office
Pitkäkatu 17
10900 Hanko