Privacy Notice under the General Data Protection Regulation (EU) 2016/679

This privacy notice describes the processing of personal data in connection with the services and websites operated under the Finnish Operations Center and NCAGE domains, in accordance with the General Data Protection Regulation (GDPR) and, where applicable, relevant NATO data protection requirements.

1. Data Controller

Finnish Operations Center Oy
Business ID: 3463933-9
Contact person: Harri Kulmala
Email: info@finnishoperations.fi

2. Purpose and Legal Basis for Processing

Personal data is processed for the following purposes:

  • managing and developing our digital services and websites,
  • facilitating user communications and service inquiries,
  • enabling registration and data submission to third-party systems, including governmental or NATO-related platforms, where applicable.

The legal bases for processing are:

  • Article 6(1)(a) GDPR: the data subject has given consent,
  • Article 6(1)(b) GDPR: processing is necessary for the performance of a contract,
  • Article 6(1)(f) GDPR: legitimate interests pursued by the controller.

3. Categories of Personal Data

We may collect and process the following categories of personal data:

  • Name, position, and contact information (e.g., email address, phone number)
  • Company or organizational affiliation
  • Data provided via online forms or direct communication
  • Technical data such as IP address, browser type, and cookies

4. Sources of Data

Data is collected:

  • directly from the data subject,
  • through use of our digital platforms (automatically collected technical data),
  • in connection with registration or authentication procedures.

5. Cookies and Analytics

Our websites use cookies and similar technologies for the purposes of improving user experience and collecting usage statistics. Users may control or disable cookies through their browser settings. Please see our Cookie Policy for details.

6. Recipients and Data Transfers

Personal data may be disclosed to trusted third-party service providers solely to the extent necessary to perform the services on behalf of the controller. These include, but are not limited to:

  • technical service providers,
  • partners assisting with user registrations to external systems, including public authorities, official registers, or NATO-aligned systems.

Data is transferred only with the data subject’s explicit consent or where it is necessary for the provision of services. No personal data will be transferred outside the European Economic Area (EEA) unless adequate safeguards under Chapter V of the GDPR are ensured.

7. Data Retention

Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws or regulations.

8. Data Security

We implement appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of personal data. Access is limited to authorized personnel with a legitimate need.

9. Rights of the Data Subject

Data subjects have the following rights under the GDPR:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)
  • Right to withdraw consent at any time (Art. 7)

Requests regarding these rights should be submitted to the contact person listed above. Data subjects also have the right to lodge a complaint with a supervisory authority.

10. Contact

For further information regarding the processing of personal data, please contact:

Finnish Operations Center Oy
Email: info@finnishoperations.fi