31 March 2022
Technology Academy Finland (TAF), (Business ID: FI1811330-2), Firdonkatu 2 T 63, 00520 Helsinki.
Contact person for matters regarding the register
Minna Zaknoun, tel. +358 40 747 3035, firstname.lastname@example.org
Legal basis and purpose of processing personal data
The purpose of the register is to maintain the contacts of the Data Controller (hereinafter TAF), to manage, archive, and process orders, and to manage relationships related to the TAF.
Personal data is processed to implement the agreement between TAF and the data subject and, where applicable, to enable orders, applications, contacts, visits, marketing, reporting and other procedures related to the customer relationship on the basis of the consent given by the data subject. Personal data may be used to improve TAF’s operations, for statistical purposes, or to provide more personalised, targeted content on online services. Personal data is processed within the limits allowed and required by the General Data Protection Regulation. Data is processed to maintain TAF organisation’s relationships through technical interfaces. The data stored in the register may be used in the registers owned by TAF to provide targeted advertising without disclosing personal information to e.g. external parties. TAF may use partners to maintain customer and service relationships. This means that some of the data stored in the register may be transferred to the partners’ servers due to technical requirements.
TAF has the right to publish data included in the customer register as a digital or written list, unless the customer explicitly forbids doing this. The customer has the right to refuse the publishing of data by informing the customer service of TAF or the contact person of the register. An agreement made with the data subject, or the consent given by the data subject, serves as the legal basis for the processing of data.
Legitimate interest basis
Contractual or customer relationship with the organisation.
Categories of personal data in question
Name, title, represented organisation, contact details
Recipients and categories of recipients
The personnel of TAF and the outsourcing partners (financial management), where applicable.
If the processing is based on consent, consent may be withdrawn by informing TAF.
Data content of the register
The register may include the following data on a single person:
- the name and possible former surname
- the position/title/honorific
- a possible organisation represented by the data subject
- information on the reference group of the data subject, i.e. information on how the data subject is related to the activity of TAF or which reference group the organisation represented by the data subject belongs to
- contact details (address, email address, phone number)
- name and email address of the workplace assistant, and information on whether the data subject has refused material to be sent to them.
The register may include the following information on an organisation:
- the name of the organisation
- the contact details and website address of the organisation
- the reference group, i.e. information on the group that the organisation is classified to belong to from the viewpoint of TAF
- Business ID
- amount of personnel
- and the sector in which the organisation operates
Regular data sources
Information is collected from the registration of the contact person as well as from notifications made by the customer during the customer relationship. The data to be stored in the register is obtained from data subjects through messages sent via web-based forms or by email, telephone, social media services, agreements, meetings, and other situations, where the data subject submits their personal data. Data can also be obtained through subcontractors or partners who are related to the use or production of the service. Data held in the register is to be used only by the organisation, except when using an external service provider, in order to provide additional services or to support credit decisions. Information is not disclosed outside of the organisation or to partners of the organisation, except for matters related to loan applications, the recovery of receivables and invoicing, as well as when stipulated by law. Personal information is not transferred outside the European Union, unless it is necessary for the purpose of ensuring the technical implementation of the data controller or their partner. The personal information of the data subject is deleted at the user’s request, unless the deletion is prevented by legislation, outstanding invoices or recovery actions. In addition, the Finnish Academy of Technical Sciences and Svenska Tekniska Vetenskapsakademien i Finland are the data controllers of the associations’ membership registers. Technology Academy Finland serves as the processor of these registers on the basis of a separate agreement.
Retention period of personal data
Personal data is stored as long as it is necessary to enable the data subject to sign up and to perform any related activities. The data is deleted at the data subject’s request. Expired and unnecessary data is deleted.
Regular disclosure of data
The information in the register is to be used only by the organisation, except when using an external service provider, in order to provide additional services or to support credit decisions. Information is not disclosed outside of the organisation or to partners of the organisation, except for matters related to loan applications, the recovery of receivables and invoicing, as well as when stipulated by law. The personal information of the data subject is deleted at the user’s request, unless such deletion is prevented by legislation, outstanding invoices or recovery actions.
Transfer of data outside the EU or the EEA
Personal information is not transferred outside the European Union, unless it is necessary for the purpose of ensuring the technical implementation of the data controller or their partner. If personal data is transferred outside the European Union or the European Economic Area, TAF will ensure that the data security level of the personal data is sufficient, e.g. by agreeing that matters related to the processing of personal data comply with the General Data Protection Regulation through the use of contractual clause models approved by the European Commission.
Registry protection principles A: Manual materials
Contact data and other documents containing manually processed customer data gathered in events held by TAF are stored in secure storage facilities after their initial processing. Only specified employees who have signed a confidentiality commitment have the right to process manually stored customer information. The security and processing of the data contained in the register must comply with the provisions and principles of the Data Protection Act, provisions given by the authorities, as well as good data processing practices.
Registry protection principles B: Digital materials
Only the specified employees working on behalf of TAF have the right to use the cooperation and contact register of TAF and to maintain its information. Each specified user has a personal user account and a password. Each user has signed the confidentiality commitment. The system is protected by a two-step authentication method that secures the system against external communications. The security and processing of the data contained in the register must comply with the provisions and principles of the Data Protection Act, provisions given by the authorities, as well as good data processing practices.
Cookies allow the following information to be gathered:
- The visitor’s IP address, the time of the visit, the pages browsed and the time spent browsing them, the visitor’s browser.
Automatic processing and profiling
Right of inspection, i.e. the right to access personal data.
The data subject has the right to access and inspect personal data contained in the register that concerns them. The request must be submitted in writing by contacting the customer service of TAF or the contact person for register-related matters. The request must be in Finnish or English. The request for inspection must be signed or come from a provably identifiable email address. The data subject has the right to refuse the processing of their personal data, as well as its disclosure for the purpose of direct mail, distance sales, direct marketing, or marketing and opinion polling by contacting the customer service office of TAF.
Right to transfer data from one system to another
The data subject has the right to have the data transferred from one system to another. The request for a transfer can be directed to the contact person of the register.
Right to demand data correction
Information contained in the register that is incorrect, unnecessary, insufficient, or expired for the purpose of data processing must be corrected, deleted, or supplemented. The request for data correction must be submitted in writing with the data subject’s signature to the customer service of the organisation or to the person responsible for maintaining the register. Alternatively, the request must be sent from a provably identifiable email address. The request must specify the information to be corrected, as well as the basis for correction. The correction must be implemented without delay. The correction of the error must be reported to the party from which the incorrect information has been received or to which the information has been disclosed.
In the event that a request for data correction is refused, the person responsible for the register must provide a written certificate that mentions the reasons for which the request for data correction has been refused. The person concerned may refer the refusal to the data protection ombudsman.
Right to restrict processing
The data subject has the right to request the restriction of data processing if the personal information in the register is incorrect, for example. Any requests must be sent to the person responsible for the register.
The right to object
The data subject has the right to request information related to them. The data subject also has the right to request the correction of deletion of personal data. The request can be directed to the contact person of the register. If you are a contact person for a company or an organisation, your information cannot be deleted at this time.
Right to lodge a complaint with a supervisory authority
If the data subject considers that the processing of personal data concerning them has infringed this data protection regulation, the data subject has the right to lodge a complaint with a supervisory authority. The complaint may also be lodged in the member state where the data subject has a permanent residence or job. The contact details of the national supervisory authority are the following: The Office of the Data Protection Ombudsman, Address: Lintulahdenkuja 4, 00530 Helsinki, Postal address: PL 800, 00531 Helsinki
Switchboard: 029 566 6700, Registry: 029 566 6768, tietosuoja@om.ﬁ, www.tietosuoja.ﬁ
Other rights related to the processing of personal data
The data subject has the right to refuse the disclosure of their personal data and its processing for the purpose of direct advertising and other marketing. The data subject also has the right to demand the anonymisation of their personal data, where applicable, as well as the right to be forgotten, i.e. for their personal information to be entirely erased.