Privacy Statement for Customer Register
Privacy statement in accordance with the EU General Data Protection Regulation
The Finnish Youth Research Society processes personal data responsibly, respecting the privacy of the individuals. We process personal data in accordance with the applicable laws and statutory guidelines and the principles of good governance.
Date of creation: 22 May 2018
Finnish Youth Research Society
00520 Helsinki, Finland
Tel. +358 20 755 2662
Contact person for the register
00520 Helsinki, Finland
Tel. +358 44 416 5313
Name of the register
Customer register of the Finnish Youth Research Society.
Separate privacy statements are available for the material used in the research operations of the Finnish Youth Research Society. The Finnish Youth Research Society maintains a list of all of its privacy statements in accordance with the law, in the controller’s statement on processing operations.
Purpose of personal data processing
Personal data is processed to implement the contract between the Finnish Youth Research Society and the data subject, to manage the member relationship in accordance with the Associations Act and, as applicable, based on consent given by the data subject, to enable and in connection with measures related to customer relationship management, such as orders, registrations, enquiries, the use of services, marketing and reporting.
Purchase and location information, as well as information related to the use of services, that is processed in the register may also be used for profiling purposes and to customise marketing measures and customer communications to meet the data subject’s interests. Personal data is also processed in connection with sending newsletters and participating in events and other marketing operations.
Data content of the register and categories of individuals
The customer register contains information about the members, customers and subscribers of the Finnish Youth Research Society, as well as about the participants in its events, and information from its marketing register. The customer register may be divided into parts located in different systems, all of which are managed in line with the principles provided in this privacy statement.
The customer register includes the following identification information: name, address, email address and telephone number. In addition, information provided by the data subject about their field of science, profession and organisation may be processed in the register, as well as information about their membership category and information necessary for registering for events, such as information about allergies and special dietary requirements.
Categories of individuals whose information may be processed include members of the Finnish Youth Research Society, participants in events organised by the Finnish Youth Research Society and individuals who have given their consent for marketing purposes.
Personal data is stored for as long as it is necessary for the purpose specified in the privacy statement. Outdated and unnecessary information is deleted on a regular basis.
Regular sources of information
Information for the register is mainly obtained from the data subjects themselves. Regular sources of information include the information provided by the members or by participants in events, as well as databases related to the customer information system and invoicing. In addition, information for the register may be collected from generally available sources, such as stakeholders’ websites.
Regular disclosure of data
Data included in the register may be shared within the organisation and between the stakeholders of an event. In addition, data included in the register may be transferred to a designated processor of personal data.
The controller does not disclose the data subjects’ personal data to third parties. Due to the technical implementation of data processing, part of the data may be physically located on subcontractors’ servers and equipment.
Transfer of data to non-EU or non-EEA countries
Personal data is not transferred to non-EU or non-EEA countries.
Principles of register protection
a) Manual material
Part of the register (accounting material) is stored as manual material in a locked cabinet in a locked facility. The data contained in the manual material may only be processed by designated persons. Users are subject to a confidentiality obligation.
b) Digital material
The stored data is protected by technical means. Access to the data is subject to sufficient rights and authentication. The data can only be accessed by the controller and designated technical experts.
The data contained in the register may only be processed and maintained by designated persons. Users are subject to a confidentiality obligation.
Data subjects’ rights
Right of access
Data subjects have the right to review the membership register data concerning them and to be provided with a copy of this data if they so request. Requests to review personal data must be made in writing to the contact person for the data register.
Right to rectification
Data subjects have the right to request that the data concerning them in the register be rectified. If the data is inaccurate, requests to rectify data must be made in writing to the contact person for the register.
Right to erasure
Data subjects have the right to request that the data concerning them in the register be erased. Requests to erase personal data must be made in writing to the contact person for the data register.
It may not be possible to erase all of the data immediately, due to accounting regulations, for example. The data is erased by anonymising the customer’s data – that is, by deleting or encrypting all data that may make the customer identifiable.
Right to file a complaint with the supervisory authorities
Data subjects have the right to file a complaint with the supervisory authorities concerning the processing of their personal data.