PERSONAL DATA PROCESSING NOTICE
How we process your personal data
CONTROLLER
Helsingin Nuorten Miesten Kristillinen Yhdistys (y-tunnus: 0199970-9)
Vuorikatu 17, 00100 HELSINKI
puh. 050 529 2941
eero.finne@hnmky.fi
CONTACT
Eero Finne
puh. 050 4342 626
eero.finne@hnmky.fi
NAMES OF REGISTERS
Helsingin Nuorten Miesten Kristillinen Yhdistys ry's registers of members, employees and other activities.
PROCESSORS OF PERSONAL DATA
Accountor Finago Oy (y-tunnus: 0836922-4)
Keilarannantie 8, 02150 ESPOO
privacy@finago.com
Taikala Oy (y-tunnus: 2254831-7)
Linnoitustie 4A, 02600 ESPOO
support@myclub.fi
Innofactor Oyj (y-tunnus: 0686163-7)
Keilaranta 9, 02150 ESPOO
marketing@innofactor.fi
ATVA (y-tunnus: 2493113-3)
Myssyntie 141, 01830 LEPSÄMÄ
puh. 050 362 6293, palvelu@atva.fi
Webropol Oy (y-tunnus: 1773960-2)
Huovintie 3, 00400 HELSINKI
servicedesk@webropol.fi
Microsoft Corporation
One Microsoft Way, Redmond, WA 98052-7329,
USA
DropBox, Inc.
333 Brannan Street, San Francisco, CA 94107,
USA
privacy@dropbox.fi
THE PURPOSE AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
The purpose of processing personal data is to collect the personal data required by the Associations Act and other information necessary for the association's activities from its members and to process them for these purposes. Data on employees is collected for the purposes of the employer-employee relationship. In summary, member, employee and other personal data are collected and processed for the purposes of membership administration, information, marketing, invoicing, maintenance of the employer-employee relationship and payment of wages. Our legal grounds are therefore at least the fulfilment of contractual and legal obligations and legitimate interests (e.g. information). Our processing may also be based on consent.
THE RETENTION PERIOD OF PERSONAL DATA
Personal data is only stored for as long as it is necessary for the purposes of membership or the employer-employee relationship, or for as long as required by law for each purpose. In other words, we process personal data in accordance with the purpose and for the duration of each use. The data will be deleted when the retention period specified above has expired. In particular, we would like to remind you that, for example, legal obligations binding us may require us to retain the data even after, for example, the termination of membership.
THE DATA CONTENT OF THE REGISTERS (TYPES OF PERSONAL DATA)
Our register contains the information that a member or employee has provided to Helsingin Nuorten Miesten Kristillinen Yhdistys ry. This information includes, among other things, the personal data required by the Associations Act, i.e. the full name and domicile of the member, and the data required of the employee. In addition, other information may be collected according to need and purpose, such as e-mail address and telephone number.
REGULAR SOURCES OF INFORMATION
The data sources are information provided by the member or employee himself/herself orally, in writing, by telephone, by e-mail or via the Helsinki Nuorten Miesten Kristillisen Yhdistys ry's website or other online service, customer information systems and the billing database.
REGULAR DISCLOSURES OF DATA
Personal data is not regularly disclosed to third parties. Data may be shared within the organisation (including umbrella and sister organisations). In addition, register data may be disclosed to the data processors identified above.
PRINCIPLES FOR THE PROTECTION OF THE REGISTER
The data is stored in a technically secure manner. Physical access to the data is prevented by storing the data in locked premises. Access to the data requires adequate rights, such as a personally provided key or a specially assigned user account to the system. Only the controller and specifically designated technical staff have access to the register data. Only the designated persons have the right to process and maintain the data in the register. Users are bound by confidentiality obligations. Personal data are backed up securely and can be restored if necessary. Security is ensured by keeping the systems used up to date and up to date, and by using secure encryption techniques to transmit data over the network.
DATA SUBJECT RIGHTS AND OTHER IMPORTANT INFORMATION
The data subject has the opportunity to find out what data has been collected and stored about him or her and, if necessary, to have the matter investigated. Personal data may be processed with the consent of the data subject. Processing is also possible where there is a customer, employment or membership relationship between the data subject and the controller where the collection and storage of personal data is necessary for the management of the affairs between the parties. In addition, the right to process personal data may be based on a task assigned to the controller by another law or on the legitimate interests of the controller. The explicit rights provided for in the personal data legislation for the data subject are the rights listed below.
Right of access
The processing of personal data is required to be transparent. The controller is therefore obliged to provide information to the data subject.
information on the processing of your personal data both at the time of collection and at the time of processing.
Right of access to personal data
You have the right to know, at your request, what information we hold about you in our records or that we do not hold on our records.
we do not hold information about you in our records. The information must be provided to you in an intelligible form and, if you wish
you will also receive it in writing. Please make your request directly to the controller.
Right to rectification
Everyone has the right to be assessed on the basis of accurate information. Only the following may be recorded in our registers
necessary for the purposes of the processing of personal data specified. Please submit a request for rectification.
directly.
Right to restriction of processing
You can contact us and, for example, restrict the consent you have previously given.
Right to object
We have put in place mechanisms for data subjects to object to the processing of their personal data and to the storage of their personal data.
We also remind you of this, for example in our newsletters. To the extent that the processing has been based on consent,
you always have the right to freely withdraw your consent if the purpose of the use has ended and you are
for example, you have withdrawn your consent for a specific processing operation.
Right to data portability
You can contact us if you need your data on systems other than ours and we will endeavour to provide
data in such a way that it can be transferred to another system.
Practical steps
When collecting data, we aim to inform you what information is voluntary and what information is mandatory. Starting point:
at least the information listed above is necessary, inter alia, to fulfil obligations under the contract/law.
obligations). We do not use your personal data for automated decision-making (including profiling). When the data subject
wishes to exercise these rights or has questions about the processing of his/her personal data, he/she should in the first instance
contact the relevant data controller in the first instance. If the data subject is unable to obtain clarification of his or her
controller, the data subject may contact the office of the Data Protection Supervisor. If the processing of personal data
may involve a criminal offence as defined by law, the data subject may also ask the police authority to
to investigate the matter. In the case of the payroll register, the controller is the employer company.
Changes to our privacy notice
We may change this privacy notice from time to time. We therefore recommend that you visit this website
regularly to keep you up to date with how we are processing your data.
