Address: Tehdaskatu 6 (c/o Hub Salo), 24100 SALO, FINLAND

Telephone (customer service): +358 45 7874 6100


Managing Director: Tiina Vainio,

Name of the register: Membook user register

Purpose of processing:

The purpose is to act as Membook user register to be able to communicate with users when needed. 

Basis for processing:

The processing is based on information voluntarily provided by the person themselves in order to use the Membook service.

Information to be collected when registering: first name, last name and e-mail address. In addition to this, a person can also add an address, telephone number and other e-mails to his or her own profile in the system. This information can be used as default if the user is linked to a community in Membook.

Use of information:

The information is used solely for the purpose required to use the service, to log in to the service, and to communicate about the service. The information will not be disclosed to third parties, except for technical purposes required to use the service, e.g. e-mail traffic to the service. See subcontractors.

Data transfer:

User register data may be transferred outside the EU / EEA areas in the case of a technical subcontractor that meets the requirements of the EU Data Protection Regulation. See subcontractors.

Data storage and deletion:

Personal data is stored in the user register for a period of time desired by the user. A person can request the deletion of their user account at any time by sending a message to The data in the user register shall be deleted within a reasonable time after the deletion request. The user register is also managed automatically by the service, deleting inactive and non-used accounts periodically.

Registry security and data security:

The information in the user register is stored in electronic form. Membook's user register is maintained on servers located in Finland, which are both technically and physically protected from external use and possible attacks. User data can only be viewed and maintained by system-level administrators authorized by Membook Oy. These users are bound by professional secrecy with the information contained in the register.

For the rights of the data subject, see more specifically a separate document "Rights of the data subject


Compliance with the requirements of the Data Protection Regulation in subcontracting agreements and data protection annexes (DPAs) has been ensured with subcontractors.

Netorek Ltd - Membook servers, maintenance and hosting partner (server security responsibility, backups and data recovery)

Nemit Ltd - Membook product development partner (responsible for the development, service security responsibilities, customer care back-office tasks)

Technical partners / services

The requirements of the Data Protection Regulation are met with subcontracts and data protection annexes (DPAs) with all partners.

MailChimp Inc. / Mandrill service.

Transactional e-mail traffic of Membook (eg username creation, password change, message forwarding, invoice forwarding). Membook's message request, message content and, for personal information, only the recipient's e-mail for forwarding the message are automatically transferred to the service. The data is stored in the service for 30 days after which it is automatically deleted. The service may (but may not) store data outside the EU. The use of the service has been contracted in accordance with the EU Data Protection Regulation and the subcontractor complies with the requirements of the Data Protection Regulation.

Groove Networks, LLC / Groove Customer Support System 

The Support System handles service-related messages from customers, their members, or registered Membook users. The message is sent either to by e-mail or via the widget on the website. Messages are stored in the system for 6 months to ensure good handling and, if necessary, return to the matter. The system retains the name and e-mail information of the person requesting the service, as well as any other information available from a public source based on e-mail (eg Twitter account). The use of the service has been contracted in accordance with the EU Data Protection Regulation and the subcontractor meets the requirements of the Data Protection Regulation.