Data protection

Data protection refers to the protection of people’s personal data. Data protection is a fundamental right that safeguards people’s rights when their personal data are processed. The purpose of data protection is to define when and on what conditions personal data can be processed.

In force since spring 2018, the European Union’s General Data Protection Regulation (GDPR) is an act that governs the processing of personal data. The Finnish Data Protection Act specifies and supplements the GDPR and its national application.

We at the Organisation for Respiratory Health in Finland process personal data in accordance with the GDPR, the Finnish Data Protection Act, and other legislation on the processing of personal data.

The contact person for data subjects – the individuals whose personal data we process – is the Data Protection Officer. Among other things, the Data Protection Officer offers help and advice on how you can exercise your rights as a data subject. The Data Protection Officer of the Organisation for Respiratory Health in Finland is Miia Kauppinen. You can reach her by email at or by phone at 040 319 3666.

Personal data

Any data that can be used to identify a person, either directly or indirectly, are considered personal data. As a data subject, your personal data includes, among other things, your name, address, email address, telephone number, and customer number.

The Organisation for Respiratory Health in Finland only collects information when it is appropriate and relevant to the purposes of the services we provide. The purpose of the service defines what type of data we collect about the users in different situations. The users of the services include, among others, training participants, local associations and their members, our magazine subscribers, and our partners.  Our privacy statements explain in more detail how we process personal data.

Principles of data protection

As a data controller, the Organisation for Respiratory Health in Finland ensures that the legal data protection principles are followed in all processing of personal data.

According to data protection principles, personal data must be

  • collected and processed for a specific and lawful purpose
  • collected only to the degree necessary with regard to the purpose of the processing
  • processed lawfully, fairly, and in a transparent manner in relation to the data subject
  • updated when required ‒ inaccurate personal data must be erased or rectified without delay
  • kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
  • processed confidentially and securely.

Grounds for the processing of personal data

The potential legal bases for the processing of personal data are:

  • controller’s legal obligation
  • a contract
  • legitimate interests of the controller or a third party
  • consent of the data subject
  • protection of vital interests
  • a task carried out in the public interest or the exercise of public authority.

The Organisation for Respiratory Health in Finland mainly processes your personal data on the basis of a legal obligation, a contract, or your consent.

Rights of the data subject

You have the right to know if your personal data is being processed or not. If your personal data is being processed, you may have the following rights:

Right to access your data

Right to rectify data

Right to erasure and to be forgotten

Right to restriction of processing

Right to data portability

Right to object to the processing of data

Right to not be subject to automated decision-making

As a data subject, you cannot exercise all these rights in all situations. This depends on certain factors, such as what the basis for the processing of your personal data is. For more detailed information about how to exercise your rights, please visit the data protection section of our Finnish website.