Privacy policy
PRIVACY STATEMENT
This is a document in accordance with the EU’s General Data Protection Regulation (679/2016) for members of Tampereen Insinöörit ry, other stakeholders and website users.
1. Register holder
Tampereen Insinöörit ry (“Association”), company ID number 0625068-4
Address: Otavalankatu 9 A 3, 33100 Tampere
Email: toimisto@tampereeninsinoorit.org
2. Contact person
Contact person: Terhi Viianen
Address: Otavalankatu 9 A 3, 33100 Tampere
Email: terhi.viianen(at)tampereeninsinoorit.org
Phone: 045 223 9933.
3. Event management and feedback register
The register handles the information of persons who have registered for events organized by the Association, persons who have purchased event-related services from the Association, and persons who have answered surveys made by the Association.
4. Purpose of use of personal data and register
Personal data may be processed for the following purposes:
- organizations’ events and services,
- communication related to events,
- delivery of the member magazine and other materials,
- payment tracking, as well as
- The association’s internal statistics and development of operations.
5. Personal data to be processed and grounds for processing
The register may contain the following personal data (processing grounds: contract created in connection with registration or purchase, consent of the person):
- name information
- address information
- telephone number
- email address
- other possible additional information for event registrations (e.g. membership number, dining wishes)
- orders made from the online store and related payment information
Data processing may also be based on other statutory rights or obligations of the Association (e.g. accounting law). The association does not use personal data for automatic decision-making.
6. Regular sources of information
In principle, personal data is collected only from the person themself with their own consent (e.g. on paper, by e-mail, by telephone, orally or using a technical form). In addition, in connection with filling out technical forms, using the online store service and electronic communication, technical identification or log data is generated, which may contain personal data.
7. Protection of personal data and information security
Electronically processed personal data is protected and stored in a system and access to it is limited to only those persons who need the data in question to perform their work duties. The persons in question have personal usernames and passwords at their disposal. In possible manual material (e.g. participant lists), the amount of personal data is minimized and the material is processed carefully.
The log data of filling out technical forms, using the online store service, and electronic communication are processed, for example, by suppliers of online services or other information systems who, based on their tasks, have a valid and legal basis for using them. Log data can be used e.g. to investigate disturbances or abuses, and they are protected by appropriate means.
Persons processing personal data on behalf of the Association have a duty of confidentiality, e.g. pursuant to Section 35 of the Data Protection Act.
8. Regular transfers and transfers of personal data
Personal data can be transferred or disclosed to the Association’s partners (e.g. Insinööriliitto IL ry and other YTN community) for the needs of event communication, events and other services of the Association (for example, the transfer of name and address information to a printing house for the mailing of the member’s magazine). In addition, information may have to be disclosed in accordance with a legal obligation. We can also partially outsource the processing of data to a subcontractor, in which case we contractually guarantee that personal data is processed in accordance with the law and otherwise appropriately. 8. Transfers of personal data outside the European Union or the European Economic Area The association can use external service providers who operate outside the EU or EEA as processors of personal data. In this case, data processing is agreed upon in accordance with the EU data protection regulation and other legislation (e.g. the so-called Privacy Shield program between the EU and the US https://www.privacyshield.gov/list
9. Personal data retention period
Personal data is kept in the register only as long as their processing is necessary. Basically, we delete the data no later than March of the year following the data transfer. However, part of the register data can be stored in accordance with the obligations of the legislation (e.g. accounting law) or otherwise based on the Association’s legitimate interest.
10. Rights of the data subject
Right of inspection
The registrant has the right to check whether the Association processes their data, what information about them the Association’s personal register. If the register contains incorrect, unnecessary, incomplete or outdated personal information in terms of the purpose of the processing, this information can be corrected, deleted or supplemented by notifying the Association.
Right of deletion
The registered person has the right to demand the deletion of their personal data. However, not all data may be deleted upon request. Requests for the deletion of personal data are processed and an assessment is made as to whether the data deletion is justified. If the storage of data is justified, e.g. by law, personal data can be stored for that purpose as long as necessary.
Right to object and prohibition of direct marketing
The registered person has the right at any time to withdraw their consent to the processing of data, to object to the processing of their data or to prohibit the processing of data concerning him for direct advertising, distance sales and other direct marketing as well as market and opinion research.
Right of appeal
The registered person has the right to file a complaint with the supervisory authority about the way in which their personal data is processed. The complaint is made directly to the competent authority, which in Finland is the Data Protection Commissioner.
11. Contacts
Requests regarding the exercise of the data subject’s rights, questions about this data protection statement and other communications must be made in writing to the address of the data controller mentioned at the beginning of this statement.