Latest update 30.08.2021

We are delighted that you have found our Website! At Ålands Penningautomatförening (Paf) we are committed to protecting your privacy and we will treat your information with respect.

It is important that you familiarise yourself with and read through this Privacy Statement and that you have confidence in Paf’s processing of your personal data. Paf may change or update this Privacy Statement from time to time and the date of the latest changes implemented can be found at the top of this Privacy Statement. If you have any questions regarding Paf’s processing of personal data, please feel free to contact Paf.

1. Controller

Paf is the controller and is responsible for all collected personal data by Paf or its subcontractors on Paf’s behalf, and for the processing of such personal data.


Ålands Penningautomatförening
(Company Reg. No: 0280695-6)
Lövdalsvägen 8
Box 241
AX-22101 Mariehamn, Åland

Tel: +358 20 7910 600

Paf has also appointed a Data Protection Officer.

Data Protection Officer

Lövdalsvägen 8
Box 241
AX-22101 Mariehamn, Åland


2. Collection of and purpose of processing personal data

By visiting our Website, Paf and/or its subcontractor will collect your IP address for the purposes of managing the operation of the Website as well as the administration of the Website. Paf processes also the IP addresses for the purpose of providing a secure Website.

By contacting Paf by email, telephone or by other communication channels, Paf will process the information provided by you in order fulfil the purpose of the communication.

The information gathered about you is collected on the legal grounds of legitimate interests for processing personal data and some personal data will be processed by third parties as part of Paf’s business process which include management of this Website.

Cookies and other similar technologies
As further described below under section 8, Paf and/or its subcontractors use cookies and similar technologies, such as web storage, tracking pixels, device identifiers, etc., to recognize you and/or your device(s). You can control cookies through your browser settings and by using other tools available to you.

3. Sources of information

Personal data is either provided by you or by Paf’s subcontractors which is offering services related to the processing of personal data.

4. Disclosure of and transfer of personal data

Paf processes your personal data in the strictest confidence and only discloses your personal data to third parties which processes the personal data on behalf of Paf and to persons authorised to process personal data, who have undertaken to observe confidentiality or are subject to appropriate statutory confidentiality. Otherwise, Paf will only share your personal data with a third party if you have given consent to such disclosure.

Where Paf has engaged a subcontractor, which provide services related to the processing of personal data to Paf, so called a processor, the subcontractor will only process the personal data in accordance with Paf’s written instructions.

Paf may also disclose your personal data within Paf group. The sharing of your personal data is primarily for managing your personal data for various matters, for example referring you to one of our subsidiaries or being able to answer your questions.

Paf controls and ensures that each processor provides sufficient guarantees regarding the security, protection and confidentiality of personal data. Paf has written agreements with alldata processors that regulate the undertakings of the data processors where they, inter alia, undertake to comply with Paf’s written instructions, security requirements and the restrictions and requirements that apply to the transfer of personal data.

Paf may disclose your personal data in cases where Paf is required to do so by law, regulation or as a result of a request from an authority, for example the police, to disclose the personal data. Paf may also disclose your personal data in cases where Paf suspects that a crime has been committed.

Paf always strives to process your personal data as far as possible within the European Union (EU) and the European Economic Area (EEA). In cases where it is necessary to transfer personal data outside the EU/EEA, for example, for the sharing of personal data with a processor who, either himself or through a subcontractor, is established or storing personal data in a country outside the EU/EEA, Paf has taken the necessary and reasonable legal, technical and organisational measures to ensure that the level of protection is the same as in the EU/EEA. When transferring personal data to a country outside the EU/EEA, the level of protection is guaranteed either by decision of the EU Commission that the country in question ensures an adequate level of protection, or that the company is affiliated with Privacy Shield or the EU’s standard contractual clauses. Other appropriate safeguards are approved code of conduct in the recipient country and the application of internal binding company regulations. In cases where Paf transfers personal data to USA, amongst others, processing is supported either by EU standard contractual clauses or by the company’s connection to Privacy Shield.

5. Duration of storage

Paf does not store your information longer than it is necessary for the purposes for which the Personal Data are processed. In general, Paf store IP-addresses up to seven days, thereafter the IP-addresses are erased.

Communication with Paf through email, telephone or by other communication channels, Paf may store the information as long as it is needed in order to fulfil the purpose of the communication.

Paf may store your information for a longer period of time if required by law and/or regulation, and if the information is included in an ongoing legal process.

6. Your rights

Right to access your personal data
You are entitled to access your personal data, i.e. a record of what personal data Paf is processing about you, provided that the data does not affect the rights and freedoms of others, or access to personal data is forbidden due to legal requirements. Please note that in cases where Paf receives a request for access to personal data, Paf may request further information from you requesting access to your personal data, to ensure effective handling of the request and disclosure of the personal data to the correct person.

Right to rectification
You are entitled to have incorrect personal data that concerns you rectified as well as within the stated purpose, to supplement incomplete personal data.

Right to object and restriction of processing
You are entitled to object to the processing of your personal data where processing is conducted for legitimate business reasons, unless Paf has a compelling reason to continue the processing, for example security purposes.

In the event you dispute the accuracy of your personal data or you have made an objection to the processing, have the right to require the processing of your personal data to be restricted.

Right to be forgotten
You are entitled to request that Paf delete or remove all or some of your personal data, for example, if the personal data is no longer required for the purposes it was collected or otherwise processed. Paf may deny your request if the processing based on law requirement or for a compelling legitimate interest.

Withdrawal of consent
In the event Paf relies on your consent to process your personal data, you have the right to withdraw or decline your consent at any time. Please note that the withdrawal of consent does not affect the legality of the processing that takes place before the consent is withdrawn.

Right to lodge a complaint
If you consider that Paf’s processing of your personal data does not comply with applicable data protection laws, you may submit a complaint to the Finnish Data Protection Ombudsman.

7. Cookies

Paf uses different types of cookies and by accepting the use of cookies will allow us to store data and information on your browsing habits. It will also allow us to recognise you and the way you use our Website. The use of cookies means that we can improve your experience of the Website.

The cookies used are:

  • Analysis Cookies (third-party cookies)
    • These cookies allow us to count the number of users visiting our Website. Using these cookies means we can carry out statistical surveys of the use of the Website.
    • We also use such cookies for security purposes.

You can deactivate or remove cookies but please be aware that deactivating the use of cookies may affect your user experience, for example, the functions on the Website may be impaired.

You can allow, block or delete cookies installed on your device via the settings in your web browser at any time. All web browsers show information on cookies so that the user can see which cookies have been installed and remove them.

Note that the changes you make in your web browser relating to cookies may affect all websites you visit, not just our pages, unless you disable or remove cookies individually.

In order to deactivate or remove cookies, click “Tools” or “Settings” in the menu. For more information on settings relating to cookies in your web browser, see “Help” under the main menu.

8. Security

Paf has taken all necessary and appropriate steps to protect your personal data from unauthorised procedures such as unlawful or unauthorised processing, which includes theft, deletion, alteration, disclosure and transfer of personal data. These measures include the greatest possible restriction of the circle of people that has the right to the personal data and limitation of the ability of the authorised persons to make changes as well as technical barriers to infringement, including encryption during transmission and storage, firewalls and strict requirements for passwords.