Mint your creative work by 30th June and get showcased in the Alusta Pop-Up Gallery

Privacy Policy

  • Who Is The Controller Of Your Personal Data?

    The controller of your personal data is the Finnish National Gallery (business ID: 0800570-3 / address: Kaivokatu 2, 00100 Helsinki), which is a public foundation established under Finnish law. You can reach us via email at: kirjaamo(at)
  • What Definitions Are Used In This Privacy Policy?

    Controller means a party that is in charge of the personal data processing activities.

    Data subject is a term for a human being in accordance with data protection laws.

    Legal basis for processing means the legal basis with which the controller processes personal data of a data subject. Article 6 of the GDPR contains provisions on legal basis for processing.

    Personal data means any data concerning a data subject or data with which a data subject can be identified with.

    Privacy Policy means a data protection document that has been drafted according to Articles 13 and 14 of the GDPR, and with which the controller may inform its data subjects of the ways their personal data is processed.

    Processor means a party that processes personal data for and on behalf of the controller.

    Purpose for processing means the reason why the controller processes personal data of a data subject.

  • Why Do We Process Your Personal Data?

    The Finnish National Gallery was founded with the Finnish National Gallery Act (889/2013) to strengthen cultural legacy and promote knowledge of art in society. The purpose of the Finnish National Gallery is to maintain and augment its art collection, to conduct exhibition and other art museum activities, and to participate, as an expert in the field of art museums, in the development of the museum sector (Finnish National Gallery Act, Section 2). In general, personal data are processed in the museums and other units of the Finnish National Gallery in order to perform the above-mentioned tasks provided for by law. The purpose of processing under this Alusta Platform – Privacy Policy is to enable the functioning of Alusta and the use thereof by the Users.
  • What Personal Data Do We Process

    You agree to use this website only for lawful purposes and in a manner that does not infringe the rights of, or restrict or inhibit the use and enjoyment of this website by any third party. You agree not to disrupt or interfere with the security of, or otherwise abuse, the website, or any services, system resources, accounts, servers, or networks connected to or accessible through the website.
  • From Where Do We Collect Your Personal Data?

    We collect your personal data from you when you provide such data in order to use Alusta.
  • Do We Disclose Or Transfer Your Personal Data?

    As a general rule, we will not disclose your personal data to third parties. However, if we are required by mandatory law or governmental authorities to disclose your personal data, we will assess the legality of such disclosure on a case-by-case basis.

    We do share, i.e. transfer your personal data to others as part of our normal business activities when using various digital services. For example, we use the following digital services provided by data processors, which involve the processing of personal data: data storage services (e.g., cloud services) and communication services (e.g., e-mails).

  • Do We Process Your Personal Data Outside The EU And The EEA Area?

    Your personal data may be processed outside the EU and the EEA area. In these situations, we ensure an adequate level of data protection, for example, through standard contractual clauses, adequacy decisions and other similar arrangements.
  • How Long Do We Retain Your Personal Data?

    We retain personal data for as long as it is necessary to fulfil the purpose of data processing.
  • What Data Protection Rights Do You Have?

    You may have the right to use the below listed data protection rights under the GDPR:

    • Right to inspect (art. 15)
    • Right to rectify (art. 16)
    • Right to erasure (art. 17)
    • Right to restriction of processing (art. 18)
    • Right to data portability (art. 20)
    • Right to object; especially when processing personal data based on legitimate interests (art. 21)

    If you would like to use your rights or inquire something about data protection, please be in touch via e-mail or mail (see contact information from section 1). You may also have a right to lodge a complaint with the data protection authorities, if you think that the processing of your personal data infringes data protection laws. The respective Finnish data protection authority can be contacted and offers more information on your rights at

  • Can This Privacy Policy Be Amended?

    We may unilaterally amend this Privacy Policy. We update the Privacy Policy as necessary, for example, when there is a change in legislation. Amendments to this Privacy Policy will take effect immediately when we post an updated version on our website.

    If we make significant changes to the Privacy Policy, or if there is a significant change in the way it is used, we will notify the data subjects