Privacy Policy
This is the privacy policy of Sähkökilta ry. It complies with the Finnish Personal Data Act (Sections 10 and 24) and the General Data Protection Regulation (GDPR) of the EU. Written on 25 May 2018. Last modified on 29 January 2019.
1. Data controller
Sähkökilta ry, Korkeakoulunkatu 3, 33720 Tampere, Finland
SA101
2. Data controller’s representative
Jere Niemi
Chair of the Board
pj(at)skilta.fi
3. Register’s administrator
Vilma Suominen
viestintavastaava(at)skilta.fi
4. Name of the register
Membership register of Sähkökilta ry.
5. Legal basis and purpose of the processing of personal data
List of the association’s members under section 11 of the Associations Act.
6. Data content of the register
The data entered into the register consists of the member’s full name, home municipality, e-mail address, and degree programme.
7. Regular sources of data
The collected data is obtained either from the members themselves or from the Student Union of Tampere University.
8. Disclosure of data
The data may be disclosed to the board and personnel of Sähkökilta ry.
9. Principles of data protection
The contents of the register are protected and processed with due care.
10. Right of access to data and right to rectification
Persons included in the membership register have the right to know what information has been collected from them and entered into the register and to request the rectification of incorrect data. The request to access data must be made in writing to the register’s administrator.
Data security
General information
The Guild keeps a membership register and has a related privacy policy (a document that defines the data controller, data processor, and the purpose of the collection of data). The Guild is the data controller of the membership register. The Guild may change the place where the personal data is stored, but the authority to process data must remain with the Guild even if the storage of data is outsourced.
GDPR update
Key principles:
- the collected data must be necessary,
- the data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data subjects (guild members) have the right to access their data. In the event of a data leak, the Guild has a duty to notify both the authorities and the member(s) concerned within 72 hours.
Privacy Policy for Event Registration
I Contact person in matters concerning the processing of personal data
Sähkökilta ry (data controller)
Korkeakoulunkatu 3, 33720 Tampere, Finland
Niko Kangasniemi
Chair of the Board
pj(at)skilta.fi
II Basis and purpose of the processing of personal data
Data subjects consent to the processing of their personal data for the purposes of organising the event. The legal basis for the processing of personal data is the consent of the data subject under the General Data Protection Regulation.
The collected personal data is used in event communication and to support the organisation of the event.
III Types of personal data collected
We collect and process the following personal data that is relevant for our purposes:
- Person's name
- E-mail address
- Food and drink preferences
Data subjects are not subject to automated decision-making (profiling).
IV Regular sources of data
Personal data is obtained through Google Forms.
V Retention period
The data controller keeps the data subject's personal data only for as long as it is necessary to fulfil the purposes specified in section II.
VI Processors of personal data
The data is processed by the board and personnel of Sähkökilta ry, and by other persons entitled to the collected data.
VII Transfers of personal data outside the EU or the EEA
The data is not transferred outside the EU or the EEA.
VIII Disclosure of personal data
The data controller does not sell or lease the data subject's personal data to third parties.
IX Rights of the data subject
The data subject has the following rights:
- Right to access their data and request the rectification of data.
- Right to erasure. However, the data cannot be erased if the erasure would prevent the data controller from fulfilling its legal obligations.
- Right to restrict the processing of data.
- Right to object to the processing of data.
- Right to transfer their data to another system.
To exercise their rights, the data subjects must contact the data controller defined in section I.
X Principles of data protection
All manually processed data included in the register is stored in locked facilities. Digitally stored data is located on a server that is protected by technological means. Access to the data is limited to persons whose duties require the use of the data.