Privacy statement

Privacy statement – list of members

 

  1. Data collector

Karavaani ry
Topelia
PL 59 (Unioninkatu 38 B)
00014 Helsingin yliopisto

 

  1. Contact person in charge of the filing system

Kerttu Väisänen
kerttu.vaisanen@karavaaniry.fi

 

  1. Name of the filing system

Karavaani ry’s list of members

 

  1. Legal basis and the purpose of the processing of personal data

The legal basis in compliance with the EU’s General Data Protection Regulation for the processing of personal data is the legitimate interest of the data controller.

The purpose of the processing of personal data is the maintenance of a list of members required by the Associations Act (503/1989), Section 11, as well as the maintenance of Karavaani ry’s members’ contact information.

 

  1. Personal data processed

The following data are stored in the filing system:

  • Date of joining
  • Name
  • Municipality of residence
  • Membership of HYY
  • E-mail address
  • Study major

 

Data on persons who are not members of the association are not stored in the filing system. Data on such persons are erased within a reasonable amount of time if their membership ends.

 

  1. Regular data sources

Data stored in the filing system are received through an online form from members joining the association and members who have already joined it.

 

  1. Data disclosure and data transfer outside the EU or the EEA

Personal data may be disclosed to the Student Union of the University of Helsinki to conduct measures related to membership in the association. The data are not transferred to any other party.

The association may also use other service providers in the processing of personal data, and such service providers may be located outside the European Union or the European Economic Area. The transfer of personal data outside the European Union or the European Economic Area is always performed according to one of the following, lawful bases:

  • The European Commission has decided that an adequate level of data protection has been ensured in the country receiving the data; or
  • The data subject has given their explicit consent for the transfer of their personal data, or other lawful basis exists for the transfer of the personal data.

No more access is given to the personal data than is necessary to realise the services. The transfer of personal data outside the European Union or the European Economic Area is always based on current legislation on the processing of personal data and complies with the legislation in question.

 

  1. Principles of protecting the filing system

Care is exercised in the processing of the filing system. The data are only stored in electronic form in secure third-party online servers that comply with EU’s data protection legislation.

The data controller ensures that only the relevant people have access to the filing system.

 

  1. Right of inspection and right to request rectification

Everyone included in the filing system has the right to inspect the data on themselves in the filing system as well as to request the rectification of possible inaccurate data or the supplementation of incomplete data. In case a person wishes to inspect the data on themselves or request their rectification, the request must be made in writing and sent to the data controller. If necessary, the data controller may request the person making the request to prove their identity. The data controller shall respond to the data subject within the timeframe stipulated in the EU’s General Data Protection Regulation (generally within one month).

 

 

  1. Changes to this privacy statement

This privacy statement might be updated from time to time for example if the legislation changes. This policy was last updated on the 5th of February 2019.