Data protection - Hengitysliitto in English

Data protection refers to the protection of people’s personal data. The purpose of data protection is to define when and on what conditions personal data can be processed. In force since 25 May 2018, the General Data Protection Act (GDPR) is a regulation that governs the processing of personal data. The Finnish Data Protection Act specifies and supplements the GDPR and its national application.

We at the Organisation for Respiratory Health in Finland (our associations, Luovi Vocational College, and Sytyke) process personal data in accordance with data protection legislation.

The terms of use for IT systems are intended for the cooperation and network partners of the Organisation for Respiratory Health in Finland. The partners are granted access to the IT systems of the Organisation for Respiratory Health for the duration of the cooperation as agreed.

Privacy statements

Privacy statement for the partnership, stakeholder, and advocacy data file

Personal data

Any data that can be used to identify a person, either directly or indirectly, are considered personal data. As a data subject, your personal data includes, among other things, your name, date of birth, address, customer number, and telephone number.

The Organisation for Respiratory Health in Finland only collects information from its users when it is appropriate and relevant to the purposes of the services we provide. The purpose of the service defines what type of data we collect about the users in different situations. The users of this service include local associations and their members, students, clients of work training and rehabilitation services, partners, and the clients of meeting, restaurant and accommodation services. Our privacy statements have more detailed information about what type of personal data we collect and process.

Principles of data protection

As a data controller, the Organisation for Respiratory Health in Finland ensures that the legal data protection principles are followed at all stages of the processing of personal data.

According to data protection principles, personal data must be

processed lawfully, fairly, and in a transparent manner in relation to the data subject
collected and processed for a specific and lawful purpose
collected only to the degree necessary with regard to the purpose of the processing
updated when required ‒ inaccurate personal data must be erased or rectified without delay
kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
processed confidentially and securely.

Grounds for the processing of personal data

We always process your personal data on one of the following lawful grounds:

you have given us consent to the processing of your personal data for a specific purpose
the processing of data is necessary for the performance of a contract to which you are party
the processing of data is necessary in order to comply with our legal obligations
the processing of data is necessary in order to protect your or another person’s vital interests
the processing of data is necessary for the performance of a task carried out in the public interest or the exercise of official authority vested in the controller
the processing of data is necessary for the legitimate interests pursued by the controller or a third party.

Rights of the data subject

You have the right to know if your personal data is being processed or not. If your personal data is being processed, you have the following rights:

Right to access your data

You have the right to receive a copy of your personal data that we have collected. To request access to your data, fill in and present the data request form
in writing at our office.

Right to rectify data

You have the right to request the rectification of your inaccurate personal data. To request rectification, visit our office or fill in the data rectification request form and submit it to us in writing.

Right to erasure and to be forgotten

In certain situations, you have the right to request the erasure of your personal data without undue delay. For example, you can do this if your personal data is no longer necessary for the purposes for which it was collected or if you withdraw your consent on which the processing was based.

Right to restriction of processing

You can request us to restrict the processing of your personal data in certain cases, for example when you contest the accuracy of the personal data.

Right to data portability

You have the right to receive the personal data you have provided us in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller, if this is technically possible.

Right to object to the processing of data

In certain cases, you have the right to object to the processing of your personal data, meaning that you can ask the controller not to process it at all. If your personal data is processed for the purposes of direct marketing, you have the right to object to the processing without any specific grounds.

Right to not be subject to automated decision-making

You have to right to demand that any decisions that concern you should be made by a human. You have the right to not be subject to a decision based solely on automated processing.

As a data subject, you cannot exercise all these rights in all situations. This depends on certain factors, such as what the basis for the processing of your personal data is. We will respond to all requests regarding data subjects’ rights without undue delay within one month of the receipt of the request. As a data controller, we must have a legal basis if we refuse your request regarding your rights as a data subject.

Privacy policy

We have prepared privacy statements for the collection of personal data. You can read them on the website intended for the associations of the Organisation for Respiratory Health in Finland.

The privacy statements contain key information about the processing of personal data. They state who the data controller is, what the purpose and lawful basis for the processing of personal data are, what data is stored in the register, what the sources of data are, and to where this data is regularly disclosed and transferred.

Data Protection Officer

Data Protection Officer Riitta Turunen tietosuoja(a)hengitysliitto.fi

Data security

The use of the public online services of the Organisation for Respiratory Health in Finland is anonymous. We do not collect identifiable information from our users automatically. Our chat services never record any conversations.

We use SSL encryption when we collect information online through contact request forms, document request forms, or newsletter subscription forms, for example. A website that uses a secure connection has a URL starting with https. Further information on the collection and utilisation of data is available in our privacy statements and in the online services intended for our associations.

If you use a public or shared computer or other terminal device, please clear your cache when you finish. To clear your browsing data, go to your browser’s settings. Close your browser when you are finished. This way, you can be sure that the next user will not be able to view the pages you visited.

If you send us information by email, we are not responsible for the security of the email service you use. Do not send any confidential or sensitive personal information, such as social security numbers, health information, or bank account numbers, via unsecure email or online forms.