Skip to content


The data protection practices described below apply to the, and websites, as well as all Nyyti ry functions and applications in use.

Nyyti takes the appropriate processing of personal data seriously. This includes fair, transparent processing of data as well as recognition of and compliance with data protection principles. The rights of the data subject are respected and the data is processed on legitimate grounds and to the extent necessary for the performance of Nyyti’s activities and tasks.

Nyyti complies with all data protection regulations, including the European Union’s General Data Protection Regulation (GDPR).

The processing of personal data is transparent so that data subjects have access to information about the processing of their data by Nyyti.  Transparency also requires that, where necessary, it is possible to present the decisions, choices and implementations of documents relating to the processing of personal data, with justification.

Nyyti’s security needs and methods for processing personal data are selected on the basis of a risk assessment. In this case, risks are assessed not only in terms of the needs of the activity, but also in terms of the data subjects and the data stored about them.

Nyyti buys services from an external company. When Nyyti’s contractual partner processes personal data on behalf of Nyyti, Nyyti will also ensure that the contractual partner processes the data in accordance with the same principles as Nyyti.  The privacy policies of the various personal data registers identify the contractual partners who process the data content of the register in question.

Incidents of misuse or threat of misuse of personal data are investigated, reported and communicated in a manner that is appropriate to the seriousness of the incident.


In Nyyti’s various functions, different types of personal data may be collected and processed.

The collected personal data may include, for example, the data subject’s contact information such as name, email address, phone number, date of birth, gender, and address details, or background information such as educational institution, place of study, employer, and billing address.

The information described above and other similiar information are voluntarily provided by the data subject to our systems. The legal basis for the collection of the data is consent. The processing of personal data collected based on consent can be influenced by withdrawing consent.


As a rule, Nyyti does not transfer personal data outside the EU or EEA. However, if data is transferred, the controller shall ensure an adequate level of protection of personal data, e.g. by agreeing on the confidentiality and processing of personal data as required by law.

We use MailChimp for newsletter subscriptions and certain training registers, and data within MailChimp may be transferred outside the EU or EEA. For more information on MailChimp’s privacy policy: Your personal data is protected by MailChimp as required by the Personal Data Act and GDPR.


  • Lawfulness, fairness and transparency
    Personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject.
  • Purpose limitation
    Personal data must be collected for specified, explicit and legitimate purposes and may not be processed later for any other purpose.
  • Data minimisation
    Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed
  • Accuracy
    The personal data processed must be accurate, correct and, where necessary, kept up to date.
  • Storage limitation
    Personal data will only be stored for as long as necessary for the purpose for which it is collected
  • Confidentiality and data security
    Personal data must be processed in a manner that ensures an appropriate security of the data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.


Social media applications such as Facebook, Instagram, Twitter, YouTube and Discord use their own statistical data to track users and analyse site usage. Nyyti advertises on Facebook and Instagram based on the information provided by the apps. In such cases, we will comply with the app’s own terms of use and other terms and conditions. We also have the Tuudo mobile app. We use the app’s own statistical data to analyse its use and track users.

The website uses a third-party application to provide Nyyti’s group chat and bot service to users. The above services are hosted by Ninchat.  Nyyti does not collect any personal data from users in connection with chats. The chat conversations are recorded for work guidance, development and research purposes. If anonymous discussion materials are disclosed for research purposes, Nyyti will ensure that they do not contain any identifiable personal data.


Cookies are used in browser-based information systems for the processing of personal data. A cookie is a small text file that the browser stores on the user’s device. Cookies are used to implement services, to facilitate logging in to services and to enable statistics on the use of services. The user can block the use of cookies in their browser software, but this may prevent the system from working properly.

The website uses cookies and third-party applications to develop the service and improve the user experience. Services provided by a third party or applications provided by a third party on the website are subject to that third party’s own terms of use and other conditions. Cookies are used to track online behaviour, such as from which pages the website is accessed, which are the most popular pages and how the pages are navigated. In addition, technical information related to usage is collected, for example on the terminal device and browsers, and whether the user is new or returning. Cookies are also used to recommend content, target advertising and improve the quality of the website.

The data will not be used to identify the user.

By visiting you agree to the use of cookies. If your browser does not use cookies, please note that the blocking of cookies may affect the functioning of some services.


The data subject has the right to inspect the personal data stored in the personal register concerning them and to request the rectification or erasure of inaccurate data, if there are legitimate grounds for doing so. The data subject also has the right to withdraw or modify their consent.

In accordance with the GDPR, the data subject has the right to object to or request a restriction of processing and to lodge a complaint about the processing of personal data with a supervisory authority.

The right to erasure does not apply to personal data that we are required to keep for maintenance, accounting-related, legal, or security reasons.

In all cases, please contact the Data Protection Officer listed on this website by e-mail.


Minna Savolainen, Executive Director
Elimäenkatu 26
FI-00520 Helsinki, Finland