top of page

Privacy policy

1. Preamble

Data protection protects a person’s rights when processing personal data. Protect Children’s employees, partners, and supporters in connection with the organisations’ activities have the right to the protection of their personal data. The organisation operates in accordance with the EU’s General Data Protection Regulation (GDPR) and other good data protection practices. Protect Children is committed to protecting the privacy of those who participate in its activities and use Protect Children’s content. Through our means of good data protection practices we ensure that all participant information remains confidential.

2. Controller & data protection officer

Suojellaan Lapsia ry/ Protect Children 

Sörnäistenkatu 15 C, 5. floor, 00580 Helsinki, Finland

The data controller and data protection officer is the organization’s Executive Director Nina Vaaranen-Valkonen. 

Contact details: +358 40747 8829 

Only employees of Protect Children process the collected personal data.

3. The purposes of the processing for which the personal data are intended & the legal basis for the processing

Protect Children values data privacy and collects and treats personal information in accordance with data protection regulations. Protect Children collects personal data for the purposes of the development of its projects, the organisation of its events, for its subscription services such as Protect Children’s newsletter and press releases, and for booking training sessions or applying to become a volunteer. The information collected for these purposes is based on the data subject’s own given consent and may include name, surname, email address, phone number, address, age, current employment status and employer.


The personal data collected for purposes of the newsletter and press releases are stored in the database of Mailchimp, a company operating in the United States of America, in accordance with obligations posed by the GDPR and American data privacy laws. More detailed information about Mailchimp’s data privacy practices can be found here. Personal data collected by Protect Children for other purposes are not released to any third parties.


Protect Children’s Executive Director processes the organisation’s internal personal data for purposes of the daily functioning of the organisation (including the following functions: payroll, accounting and internal accounting, invoicing), as well as for providing information on upcoming events. These activities comply with the GDPR, as well as with general good data protection practices. Protect Children complies with the obligations under the Finnish Associations Act (503/1989) and the GDPR.

3.1. Data collection and processing for the ReDirection Self-Help program

The ReDirection Self-Help program, Protect Children’s online help resource to stop using child sexual abuse material (CSAM), will collect and process data through its website. Evaluation data will be collected using survey research methods. Participants will be asked to respond to a variety of online survey questions that assess their thoughts, feelings, and behaviours related to current and historical CSAM use, and risk and protective factors for CSAM offending. Moreover, participants will be asked questions designed to assess for key psychological mechanisms that are theorized to change as a result of their participation in the ReDirection program and for key factors that may impact their participation with the program.

Data collection will be anonymous and will not gather any identifying information. The personal information collected will be limited to standard non-identifiable demographic questions such as age, sex assigned at birth, gender, education, and occupation. Participants might be asked about the geographical region they are in, to better understand the representativeness of the data and cultural considerations that may impact the data. Participants will create and provide a non-identifiable code to link their responses and will have the option to participate in a follow-up survey with an anonymous email to be contacted for. Participants reserve the right to withdraw from the study at any time and will have the option to not to answer specific questions, excluding age; participants will be required to indicate that they are at least 18 years of age to be eligible for the evaluation. The informed consent process will thoroughly communicate the type of the data collected, the anonymous and voluntary nature of the evaluation and the risks and benefits of their participation. Finally, website metrics will be examined to inform how participants are engaging with the program.

Given the anonymous nature of the study, the type of survey questions and the absence of identifying information collection, there are no anticipated legal or privacy risks for participants.


Upon completion of data collection, the data will be kept as password protected SPSS and Microsoft Excel files on the Royal Ottawa’s secure server. Access of data will be restricted to individuals listed in the ethical application determined at the time of submission to the Royal Ottawa Healthcare Group Ethics Board. Approved Research Assistants may also have access to the dataset for the purposes of assisting with analyses and write-ups. The data will be kept for 10 years in accordance with Canadian research ethics standards. During the informed consent process, participants will be told that their data may be used for journal publication, conferences, and other academic presentations.

3.2 Cookies

Our website uses cookies. Read more about how we handle your personal data in relation to cookies in our Cookies Policy.

4. The processing of registered personal data & the period for which the personal data will be stored

Protect Children abides by data privacy laws and good data protection practices when processing personal data. We process personal data in a confidential and safe manner. We process and store data only for as long as their intended purpose remains relevant, e.g., for the duration of a subscription or duration of participation in a project. Subscribers to the newsletter and press releases have the right to interrupt their subscription at any time, whereafter their data will be removed.

5. The rights of the data subject

The data subject has the right to request access from the controller to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing. These things can be requested from the controller and data protection officer. The data subject has the right to lodge a complaint with a supervisory authority if they find that the data protection regulation has been infringed upon in the processing of their personal data. In Finland the supervisory authority is the Office of the Data Protection Ombudsman.

This page contains information regarding the collection and processing of data in accordance with and as mandated by the EU General Data Protection Regulation (GDPR) 2016/679. The Privacy Policy was last updated on January 30, 2024.

bottom of page