Privacy Policy & Data Protection Statement

This statement explains how Jutiland Ltd processes personal data across its operations, website, and service offerings: our live production service (Jutiland) and our virtual event platform (Aula Events). It is written to meet the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and the Finnish Data Protection Act (1050/2018), and applies wherever our visitors, clients, and event attendees are located.


1. Our two roles: controller and processor

Our data protection responsibilities depend on whose data it is and who decided to collect it.

We are the data controller for personal data we collect for our own purposes:

We are a data processor for personal data we handle on behalf of a client running an event on the Aula Events platform. In that case the event-hosting organisation is the controller: they decide what attendee data is collected and why. We process that data only on their documented instructions, under a written Data Processing Agreement (GDPR Art. 28).

If you are an event attendee and want to exercise your rights, your request is usually directed to the organisation that hosted the event. We will help that organisation respond, and will pass your request to them without undue delay.

We are not required to appoint a Data Protection Officer and have not done so; data-protection matters are handled at privacy@jutiland.com.


2. Data we collect and why

We collect only the minimum personal data needed for each purpose. Each purpose has a legal basis under GDPR Art. 6.

Personal dataPurposeLegal basis (Art. 6)
Name, email, company, job titleRegister you for an event we host; respond to enquiries; manage our client relationshipPerformance of a contract / taking steps before a contract, Art. 6(1)(b); or legitimate interest in responding to you, Art. 6(1)(f)
Business contact details of prospectsRelevant B2B outreach about our servicesLegitimate interest in marketing our services to relevant audiences, Art. 6(1)(f)
IP address, browser/device type, strictly necessary cookies, session logsKeep your video session stable and secure; protect the platformLegitimate interest in security and service operation, Art. 6(1)(f)
Optional analytics/usage dataImprove the platform (only if you consent)Consent, Art. 6(1)(a)
Invoicing and accounting recordsMeet statutory accounting obligationsLegal obligation, Art. 6(1)(c) (Finnish Accounting Act 1336/1997)
Event imagery and recordings featuring identifiable individualsUse in Jutiland’s own marketing and referencesLegitimate interest in showcasing our work; an identifiable individual may object, Art. 6(1)(f)

For attendee data processed on the Aula Events platform on a client’s behalf, the legal basis is determined by that client as controller; we do not decide it.

Is providing data required? Giving your name and email is necessary to register you for an event or to respond to your enquiry; without it we cannot provide those services. Analytics and other optional data is never required, and you are under no statutory obligation to provide personal data to us.


3. Where the data comes from

We collect personal data:


4. Sub-processors (our tech stack)

To deliver virtual events and reliable video, we use specialised infrastructure and software providers. These act as our sub-processors (or, for our own controller data, as our processors). We enter into a Data Processing Agreement with each and rely on a lawful transfer mechanism where data leaves the EU/EEA.

We disclose our providers by category below, and name our principal infrastructure providers. A complete, current named sub-processor list is maintained separately and is available to clients on request; we keep it up to date rather than re-issuing this policy each time a provider changes.

CategoryPrincipal provider(s)PurposeLocation & transfer mechanism
Event-registration softwareOpnFormRegistration and attendee data collectionEU-hosted
Core cloud infrastructureAmazon Web Services (AWS)Video routing, media processing, storageEU regions (e.g. Frankfurt/Stockholm) for European deployments
Real-time video/audio100msLive streaming infrastructureEU workspaces for European deployments
Stream delivery & video dataMuxLive delivery, optimisation, video analyticsUSA: EU-US Data Privacy Framework (DPF) and EU Standard Contractual Clauses
Video playback / on-demand hostingLividPlayback engine and recorded-video hostingUSA: under Data Processing Agreement and EU Standard Contractual Clauses
Virtual venue front-endBeHuman Communications Inc.User interface and venue layoutCanada: EU adequacy decision (GDPR Art. 45) + Data Processing Agreement

Other tools that process limited personal data (for example email, scheduling, file storage, payment, and accounting software) are listed in the separate named sub-processor list.


5. International data transfers

Where personal data is transferred outside the EU/EEA, we rely on one of the safeguards permitted under GDPR Chapter V:

You can request details of the safeguard applied to a specific transfer by contacting privacy@jutiland.com.


6. Data retention

We do not keep personal data longer than necessary:

For data we process on a client’s behalf, retention follows that client’s documented instructions.


7. Security

We apply appropriate technical and organisational measures (GDPR Art. 32), including access control, encryption in transit, EU-region data residency where configured, and limiting personal data access to what is needed to run an event.


8. Your rights

Subject to the conditions in GDPR Articles 15-22, you have the right to:

We do not use solely automated decision-making or profiling that produces legal effects (Art. 22).

To exercise any right, contact privacy@jutiland.com. If your request concerns an event run by one of our clients, we will forward it to that client as the controller.

Right to complain. If you believe we have handled your data unlawfully, you may lodge a complaint with the Finnish supervisory authority, the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto), tietosuoja.fi, tietosuoja@om.fi.

You may also contact the supervisory authority in your own EU/EEA country of residence.


9. Cookies

We use strictly necessary cookies to keep your video session working and secure; these do not require consent. Any analytics or non-essential cookies are used only with your consent, which you can give or withdraw via our cookie settings.


10. Children

Our services are intended for business and professional use and are not directed at children. We do not knowingly collect data from children under the age applicable in their country (13 in Finland under the Data Protection Act 1050/2018 § 5; GDPR Art. 8).


11. Changes to this policy

We may update this statement as our services or providers change. The “Last updated” date shows the current version; material changes will be communicated to affected clients.


12. Contact

Jutiland Ltd · Löwenkatu 2, 10300 Karjaa, Finland · privacy@jutiland.com