HOP IN – PRIVACY POLICY

Last updated: 16 March 2026

This Privacy Policy describes how HOP IN Oy processes personal data in the HOP IN service. The policy explains what personal data we collect, how the data is used, how it may be shared, and what rights users have regarding their personal data.

This Privacy Policy has been prepared in accordance with the EU General Data Protection Regulation (GDPR).

HOP IN reserves the right to update this Privacy Policy in connection with service development, legal changes, or other justified reasons.

In case of discrepancies between language versions, the Finnish version shall prevail.

1. Data Controller

HOP IN Oy
Business ID: 3355387-5
Kauppakatu 12
87100 Kajaani
Finland

Contact regarding data protection matters:
janne.leppanen@hop-in.fi

 

2. Legal Basis for Processing Personal Data

HOP IN processes personal data lawfully, fairly, and transparently, and only for specified purposes.

The processing of personal data is based on the following legal grounds:

Contract

  • the user registers a user account in the HOP IN service
  • the user registers for an activity or event

Consent

  • sending marketing communications
  • targeted marketing

Legitimate interest

  • development of the service
  • ensuring the security of the service
  • preventing and investigating misuse
  • analysing how the service is used

Legal obligation

  • accounting legislation
  • legal obligations imposed by authorities

 

3. Purpose of Processing Personal Data

HOP IN processes personal data for the following purposes:

  • creating and managing user accounts
  • maintaining customer relationships
  • customer communication
  • customer support
  • registering for activities and events
  • managing participants in activities
  • payment processing
  • ensuring the functionality of the service
  • service development
  • marketing and communication
  • targeted marketing
  • preventing misuse
  • risk management
  • fulfilling legal obligations
  • statistics and analysis of service usage

 

4. Personal Data We Process

HOP IN may process the following personal data.

Basic information

  • first name and last name
  • year of birth
  • gender
  • language

 

Contact information

  • email address
  • phone number

 

Address information

  • street address
  • postal code
  • city

 

User account information

  • account identification information
  • user role in the service
  • login information
  • usage history of the service

 

Participation information

  • registrations for activities or events
  • participant lists
  • event-specific additional information (for example information required to organize the activity)

 

Information about minors

  • name of the minor
  • year of birth
  • gender
  • language

 

Communication information

  • customer feedback
  • contact requests
  • messages sent through the service

 

Technical usage data

  • IP address
  • device information
  • application usage data
  • analytics data

 

HOP IN does not store payment card information.

HOP IN follows the principle of data minimization and processes only personal data that is necessary to provide the service.

 

5. Sources of Personal Data

Personal data is mainly collected:

  • from the user themselves
  • from the user’s guardian
  • automatically when the service is used
  • from organizers when the service is used

 

6. Role of the HOP IN Service

HOP IN operates as a technical platform that enables participation in activities and events and helps organizers manage participants.

HOP IN does not itself act as the organizer of activities or events unless explicitly stated.

The service may include the following actors:

  • participants
  • organizers (such as associations, clubs, companies, or municipalities)
  • municipalities acting as license customers

 

7. Registrant and Participant in the Service

A user account in HOP IN can be created by an adult user. The user may add other participants to their account, such as children or other family members.

A participant may be:

  • the user themselves
  • a child or another person added by the user

 

When a participant registers for an activity or event, the necessary information is shared with the organizer to manage participation.

 

8. Disclosure of Data to Organizers

When a user registers for an activity or event through HOP IN, the following information may be shared with the organizer:

Participant information

  • name
  • year of birth
  • gender
  • language

 

Registrant information

  • name
  • phone number

 

The registrant is the person who makes the registration in the service. The registrant may be the participant themselves or the participant’s guardian.

Only the information necessary to manage participation is shared with the organizer. Not all user account information is shared.

The organizer acts as an independent data controller for these data.

Municipalities or other license customers do not generally have access to individual users’ personal data unless they themselves act as the organizer of the activity or event.

 

9. Payments

Payments in the HOP IN service are processed through the Stripe payment service.

Stripe acts as an independent data controller for payment information.

HOP IN does not store payment card information in its own systems.

More information:
https://stripe.com/privacy

 

10. Processing of Personal Data by Service Providers

HOP IN may use trusted service providers to operate the service, such as:

  • payment services
  • cloud services
  • analytics services
  • communication services

 

These service providers process personal data only on behalf of HOP IN and in accordance with contractual agreements.

 

11. Transfer of Personal Data Outside the EU/EEA

HOP IN aims to process personal data within the EU or EEA.

In some cases, service providers may process data outside the EU or EEA.

In such cases, approved safeguards under EU law are used, such as the European Commission’s standard contractual clauses.

 

12. Data Retention

Personal data is stored as long as the user account is active or the customer relationship exists.

Data may be stored longer if required for:

  • fulfilling legal obligations
  • accounting legislation
  • resolving disputes

 

When the data is no longer needed, it will be deleted or anonymized.

 

13. Information Security

HOP IN processes personal data confidentially and protects it through appropriate technical and organizational security measures.

Personal data is protected for example through:

  • access control management
  • encrypted connections
  • firewalls
  • secure server environments

 

Only personnel whose duties require access to personal data can access it.

 

14. Minors

Minors may also use the HOP IN service.

 

  • Users under 13 years of age may use the service only through an account created by a parent or legal guardian.
  • Users aged 13–17 may use the service through their own account with the consent of a parent or guardian.

 

By registering for the service, the user confirms that these conditions are met and that the required consent has been obtained.

Personal data of minors is processed only for the purpose of enabling the use of the service and organizing activities or events.

 

15. Rights of the Data Subject

The data subject has the following rights:

  • the right to access their personal data
  • the right to correct inaccurate data
  • the right to have data deleted
  • the right to restrict processing
  • the right to transfer data to another controller
  • the right to object to processing
  • the right to withdraw consent

 

16. Right to Lodge a Complaint

The user has the right to lodge a complaint with a supervisory authority if they believe that the processing of personal data violates applicable data protection laws.

Because HOP IN Oy is established in Finland, the primary supervisory authority is:

Office of the Data Protection Ombudsman (Finland)
https://www.tietosuoja.fi

Users may also lodge a complaint with the supervisory authority in their country of residence.

 

17. Data Protection Requests

Requests regarding data protection can be sent to:

janne.leppanen@hop-in.fi

Identity may be verified before personal data is disclosed, for example by comparing the request with contact information associated with the user account or by requesting additional verification.

Requests will be processed as soon as possible and within the time required by applicable data protection legislation.

 

Powered by  GDPR Cookie Compliance
Cookie policy

This website uses cookies to provide you with the best possible user experience. Cookies are stored in your browser and help us recognize you when you return to our website. They also help our team understand which parts of the website you find most interesting and useful.

For more information about how we use cookies, please see our cookie policy.

cookie policy