Privacy statement – list of members
- Data collector
PL 59 (Unioninkatu 38 B)
00014 Helsingin yliopisto
- Contact person in charge of the filing system
- Name of the filing system
Karavaani ry’s list of members
- Legal basis and the purpose of the processing of personal data
The legal basis in compliance with the EU’s General Data Protection Regulation for the processing of personal data is the legitimate interest of the data controller.
The purpose of the processing of personal data is the maintenance of a list of members required by the Associations Act (503/1989), Section 11, as well as the maintenance of Karavaani ry’s members’ contact information.
- Personal data processed
The following data are stored in the filing system:
- Date of joining
- Municipality of residence
- Membership of HYY
- E-mail address
- Study major
Data on persons who are not members of the association are not stored in the filing system. Data on such persons are erased within a reasonable amount of time if their membership ends.
- Regular data sources
Data stored in the filing system are received through an online form from members joining the association and members who have already joined it.
- Data disclosure and data transfer outside the EU or the EEA
Personal data may be disclosed to the Student Union of the University of Helsinki to conduct measures related to membership in the association. The data are not transferred to any other party.
The association may also use other service providers in the processing of personal data, and such service providers may be located outside the European Union or the European Economic Area. The transfer of personal data outside the European Union or the European Economic Area is always performed according to one of the following, lawful bases:
- The European Commission has decided that an adequate level of data protection has been ensured in the country receiving the data; or
- The data subject has given their explicit consent for the transfer of their personal data, or other lawful basis exists for the transfer of the personal data.
No more access is given to the personal data than is necessary to realise the services. The transfer of personal data outside the European Union or the European Economic Area is always based on current legislation on the processing of personal data and complies with the legislation in question.
- Principles of protecting the filing system
Care is exercised in the processing of the filing system. The data are only stored in electronic form in secure third-party online servers that comply with EU’s data protection legislation.
The data controller ensures that only the relevant people have access to the filing system.
- Right of inspection and right to request rectification
Everyone included in the filing system has the right to inspect the data on themselves in the filing system as well as to request the rectification of possible inaccurate data or the supplementation of incomplete data. In case a person wishes to inspect the data on themselves or request their rectification, the request must be made in writing and sent to the data controller. If necessary, the data controller may request the person making the request to prove their identity. The data controller shall respond to the data subject within the timeframe stipulated in the EU’s General Data Protection Regulation (generally within one month).
- Changes to this privacy statement
This privacy statement might be updated from time to time for example if the legislation changes. This policy was last updated on the 5th of February 2019.