Data protection refers to the protection of people’s personal data. The purpose of data protection is to define when and on what conditions personal data can be processed. In force since 25 May 2018, the General Data Protection Act (GDPR) is a regulation that governs the processing of personal data. The Finnish Data Protection Act specifies and supplements the GDPR and its national application.
We at the Organisation for Respiratory Health in Finland (our associations, Luovi Vocational College, and Sytyke) process personal data in accordance with data protection legislation.
Any data that can be used to identify a person, either directly or indirectly, are considered personal data. As a data subject, your personal data includes, among other things, your name, date of birth, address, customer number, and telephone number.
The Organisation for Respiratory Health in Finland only collects information from its users when it is appropriate and relevant to the purposes of the services we provide. The purpose of the service defines what type of data we collect about the users in different situations. The users of this service include local associations and their members, students, clients of work training and rehabilitation services, partners, and the clients of meeting, restaurant and accommodation services. Our privacy statements have more detailed information about what type of personal data we collect and process.
Principles of data protection
As a data controller, the Organisation for Respiratory Health in Finland ensures that the legal data protection principles are followed at all stages of the processing of personal data.
According to data protection principles, personal data must be
- processed lawfully, fairly, and in a transparent manner in relation to the data subject
- collected and processed for a specific and lawful purpose
- collected only to the degree necessary with regard to the purpose of the processing
- updated when required ‒ inaccurate personal data must be erased or rectified without delay
- kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
- processed confidentially and securely.
Grounds for the processing of personal data
We always process your personal data on one of the following lawful grounds:
- you have given us consent to the processing of your personal data for a specific purpose
- the processing of data is necessary for the performance of a contract to which you are party
- the processing of data is necessary in order to comply with our legal obligations
- the processing of data is necessary in order to protect your or another person’s vital interests
- the processing of data is necessary for the performance of a task carried out in the public interest or the exercise of official authority vested in the controller
- the processing of data is necessary for the legitimate interests pursued by the controller or a third party.
Rights of the data subject
You have the right to know if your personal data is being processed or not. If your personal data is being processed, you have the following rights:
Right to access your data
- You have the right to receive a copy of your personal data that we have collected. To request access to your data, fill in and present the data request form
- in writing at our office.
Right to rectify data
- You have the right to request the rectification of your inaccurate personal data. To request rectification, visit our office or fill in the data rectification request form and submit it to us in writing.
Right to erasure and to be forgotten
- In certain situations, you have the right to request the erasure of your personal data without undue delay. For example, you can do this if your personal data is no longer necessary for the purposes for which it was collected or if you withdraw your consent on which the processing was based.
Right to restriction of processing
- You can request us to restrict the processing of your personal data in certain cases, for example when you contest the accuracy of the personal data.
Right to data portability
- You have the right to receive the personal data you have provided us in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller, if this is technically possible.
Right to object to the processing of data
- In certain cases, you have the right to object to the processing of your personal data, meaning that you can ask the controller not to process it at all. If your personal data is processed for the purposes of direct marketing, you have the right to object to the processing without any specific grounds.
Right to not be subject to automated decision-making
- You have to right to demand that any decisions that concern you should be made by a human. You have the right to not be subject to a decision based solely on automated processing.
As a data subject, you cannot exercise all these rights in all situations. This depends on certain factors, such as what the basis for the processing of your personal data is. We will respond to all requests regarding data subjects’ rights without undue delay within one month of the receipt of the request. As a data controller, we must have a legal basis if we refuse your request regarding your rights as a data subject.
We have prepared privacy statements for the collection of personal data. You can read them on the website intended for the associations of the Organisation for Respiratory Health in Finland.
The privacy statements contain key information about the processing of personal data. They state who the data controller is, what the purpose and lawful basis for the processing of personal data are, what data is stored in the register, what the sources of data are, and to where this data is regularly disclosed and transferred.
Data Protection Officer
Data Protection Officer Riitta Turunen tietosuoja(a)hengitysliitto.fi
The use of the public online services of the Organisation for Respiratory Health in Finland is anonymous. We do not collect identifiable information from our users automatically. Our chat services never record any conversations.
We use SSL encryption when we collect information online through contact request forms, document request forms, or newsletter subscription forms, for example. A website that uses a secure connection has a URL starting with https. Further information on the collection and utilisation of data is available in our privacy statements and in the online services intended for our associations.
If you use a public or shared computer or other terminal device, please clear your cache when you finish. To clear your browsing data, go to your browser’s settings. Close your browser when you are finished. This way, you can be sure that the next user will not be able to view the pages you visited.
If you send us information by email, we are not responsible for the security of the email service you use. Do not send any confidential or sensitive personal information, such as social security numbers, health information, or bank account numbers, via unsecure email or online forms.