Data protection statement

This data protection statement details the data which have been collected in the registers of Reilu kauppa ry, the purpose for which they are used, any parties to whom the data may be disclosed as well as how the data are stored and erased. The statement also describes how the personal information included in the register is protected. This statement complies with the EU’s General Data Protection Regulation (2016/879) and the Finnish Data Protection Act (1050/2018). It was updated on 18 January 2021.


Reilu kauppa ry, Rättvis Handel r.f.
Business Identity Code: 1490985-6
Address: Kuortaneenkatu 1, 00520 Helsinki
tel. 09 315 45477

Contact person for updating the data protection statement on the website:
Marika Laine,

CRM system contact person:
Jenni Sundberg,


Reilu kauppa ry collects and processes personal data primarily for the following purposes:

  • Registrations: events, honorary title cooperation (Fairtrade groups, congregations, schools, cities and workplaces), email lists and newsletters
  • Customer relationship management system (CRM): data register maintenance, stakeholder relations, reporting and internal statistics
  • Member organisations and board: data register maintenance and stakeholder relations
  • Recruitment: receiving applications electronically and contacting applicants

We collect and process categories of personal data which include:

  • basic personal data, such as name, professional title, relationship to the organisation being represented, contact details (email, address and phone)
  • data relating to the customer relationship, such as information on the service or order, payment and invoicing information, marketing permissions and bans;
  • contacts and related correspondence as well as entries relating to the rights of the data subjects;
  • log data relating to the use of the service, data collected via website cookies (device ID and type, operating system and application settings)

Data sources: The information included in the register is collected from customers via messages sent through online forms, email, phone or social media, or from agreements, client meetings or other events where customers disclose data. In recruitment, personal data are collected directly from the applicant.


Reilu kauppa ry processes personal data for the following purposes:

1. Customer relations management 

We primarily process personal data in order to provide services for you or your organisation. For this purpose, we maintain and manage our connection with you or your organisation. In this case, the processing of personal data is based on an agreement or customer relationship between you or your organisation and Reilu kauppa ry.

2. Marketing 

We may contact you to inform you of new features in our service or to market other services. We may also process your personal data for marketing research or customer surveys. The processing of personal data is based on our legitimate interest to provide information as part of a service and to market our other services. You can object to the use of your personal data for direct marketing at any time.

3. Development of services and data security 

We also process personal data to ensure the data security of our service and website, to improve the quality of our service and website, and to develop our services. In these cases, the processing of personal data is based on our legitimate interest to ensure an appropriate level of data security for our services and website, and to obtain sufficient and appropriate information to develop our services and manage our operations.

4. Legal obligation

We may process your personal data to fulfil our statutory duties relating to, e.g., accounting, or in response to legal requests for information from public officials (e.g., the tax authority).


No personal data will be transferred outside the European Economic Area for processing if the European Commission has decided that the data protection in the target country is not of a sufficiently high level.

Reilu kauppa ry may use a third-party service to process data, for example an IT service, and will in such cases conclude an agreement to ensure that the data is appropriately processed and instruct the third party in the correct processing of personal data.

Personal data may be transferred outside the EU or the EEA to use the Office365 cloud service. In this case, we will ensure that precautions required by the Data Protection Act are deployed.


We use cookies and other similar technologies on the website Cookies are small text files which are placed on your device to collect and remember useful information and to improve the functionality and usability of our website.

We may use cookies and other similar technologies for statistical purposes, for example to compile statistics of website use in order to understand how our website is used and to improve the user experience. We may use cookies in marketing to tailor the advertising to the user, e.g., for remarketing.

You may block cookies, restrict their use, or remove cookies from your device.


We comply with Finnish law as it regulates the processing of personal data in maintaining registers, such as email lists.

Personal data will only be stored for as long as necessary and to fulfil the purposes detailed in this statement. The personal data will be stored for the duration of the customer relationship. Necessary personal data may be retained after the conclusion of the customer relationship to the extent allowed or required by relevant legislation. The personal data will be deleted once storing them becomes unnecessary according to legislation or to ensure the rights and responsibilities of either party.


You have the right to access your personal data. You may also at any time request that your personal data be rectified, updated or removed. You have the right to object to or restrict the processing of your personal data in the extent provided for by the applicable legislation. According to applicable legislation, you may have the right to transfer the personal data you have provided to us from one system to another. This means you have the right to receive your personal data in a structured, commonly used, machine-readable and interoperable format, and to transmit it to another data controller.

If we are processing your personal data based on consent, you may withdraw your consent at any time. Please note that withdrawing your consent may impact the provision of the service in question. Once you have withdrawn your consent, we will not process your personal data unless we have a legal obligation to do so.

You may exercise these rights by sending a request to Reilu kauppa ry has the right to verify the identity of the data subject before taking action. If you believe that your personal data has been processed in an inappropriate manner, you can register a complaint with the Office of the Data Protection Ombudsman, the official responsible for monitoring data protection matters.


We take all appropriate measures (including physical, digital and administrative measures) to protect personal data from being lost, destroyed, misused, unlawfully accessed or disclosed to third parties.

Please note that even taking every appropriate measure cannot prevent all data security breaches. If there is a security breach pertaining to your personal data, we will notify you according to applicable legislation.


We have the right to change this statement. We will announce any changes on our website, which will also feature the latest version of this statement.


If you have questions about this statement or about how your personal data is being handled, please contact us via email at