from 3 April 2023 onwards
Title of the data file
Membership data file of the Organisation for Respiratory Health in Finland and local associations for respiratory health
Joint data controllers
Organisation for Respiratory Health in Finland (business ID 0201472-1) and associations for respiratory health
Oltermannintie 8, 00620 Helsinki, Finland
Tel. +358 20 757 5000
The Organisation for Respiratory Health in Finland and the associations for respiratory health are joint controllers of the membership data file. The Organisation for Respiratory Health in Finland and the associations for respiratory health jointly define the purposes and means of processing personal data and have drawn up a mutual arrangement that describes the responsibilities for complying with the obligations laid down in the GDPR.
Individual members are members of the local associations for respiratory health. The associations for respiratory health are association members of the Organisation for Respiratory Health in Finland. The Organisation for Respiratory Health in Finland may also have direct supporting members. The Organisation for Respiratory Health in Finland and the associations for respiratory health maintain a list of members in an information system, the use of which is instructed by the Organisation for Respiratory Health in Finland.
Contact person in matters concerning the data file
Marja Meltti, Office Secretary, jasenasiat@hengitysliitto.fi, tel. +358 40 755 5126
Miia Kauppinen, Data Protection Officer, miia.kauppinen@hengitysliitto.fi, tel. +358 40 319 3666
Contact details for the associations for respiratory health can be found at hengitysliitto.fi.
Purposes of processing personal data and legal basis for processing
The purpose of the membership data file is management of membership relations. Personal data is collected for communication purposes, membership fee invoicing and newsletter postage. When becoming a member, a person gives his or her consent to the processing of personal data. In accordance with the Associations Act, the controller keeps a list of members. The list must include the full name and domicile of each member. The processing of personal data is also based on the legitimate interest of the controller.
Legitimate interests of the controller
Based on legitimate interests, controllers may, for example, send donation requests and conduct direct marketing.
Personal data categories of the data file
Upon registration, mandatory data includes the name and address information of persons and entities, domicile, date of birth and gender of persons, member association and type of membership, membership number, and information on whether the data subject wishes to receive material in Finnish or Swedish. An electronic membership application requires an email address, and when registering electronically, the IP address is stored in the backend system.
Any phone numbers, email address, nickname, profession and interests provided as voluntary information are entered in the data file. The guardian’s email address is usually entered in a child member’s data. In addition to this data, membership fee information as well as possible positions and duties of trust, volunteer training, awarded badges and accolades are stored in the personal data.
Regular sources of personal data
All of the data contained in the file is obtained from individuals or entities registered as members of the associations for respiratory health. The data is collected using electronic forms or paper forms sent to the associations for respiratory health. Posti’s address update service is used to update members’ personal data.
Whether the provision of personal data is necessary to obtain the service in question
Yes, it is necessary to provide personal data when becoming a member.
Recipients of personal data and regular disclosures
We use subcontractors for the processing of personal data. Personal data is processed in the information system provided by the Organisation for Respiratory Health in Finland, and the system supplier is selected by the Organisation for Respiratory Health in Finland. The Organisation for Respiratory Health in Finland is responsible for cooperation and service agreements with the supplier. The system supplier takes care of the protection of the server.
Personal data is disclosed to the providers of mailing and printing services for member magazines and materials, to the intermediaries of electronic newsletters, to SMS service providers, and to Posti in order to keep the addresses of the membership data file up to date.
In order to carry out the event or training and related trips, the participant data of events and trainings is transferred to the provider of facilities, hotel and catering services, the airline, the charter service provider, the travel agency and the ferry company.
Transfer of data outside the EU or EEA
Data is not transferred outside the EU or EEA.
Automated decision-making and profiling
The controller does not make decisions based on automated decision-making or profiling on the basis of the personal data it processes.
Protection of the data file
Paper registration forms are destroyed once the information on membership applications has been entered in the data file.
The electronic data file is maintained in Finland in the Congress system of the service provider Data Prisma Oy. The service provider ensures appropriate and sufficient technical protection.
The electronic data file is protected with user IDs and passwords. The data is only processed by those employees of the Organisation for Respiratory Health in Finland who are authorised by their duties. Every association for respiratory health is entitled to obtain access rights to the data file for persons authorised by the board of the association. With access rights, they can only manage the data of their own association. Users of the system are bound by a non-disclosure obligation.
Retention period of personal data
Personal data is stored for as long as the membership is valid, taking into account the requirements of the Accounting Act. When a person’s membership ends, the membership information is inactivated. In accordance with the obligation of the Accounting Act, inactivated personal data is stored for six years from the end of the calendar year in which the financial year ends. Obsolete and unnecessary data is destroyed annually.
Rights of the data subject
The data subject has the following rights:
- Right to access his or data
- Right to rectify data
- Right to erasure and to be forgotten
- Right to restriction of processing
- Right to data portability
- Right to object to the processing of data
- Right to not be subject to automated decision-making
- Right to file a notification with the Data Protection Ombudsman.
The data subject cannot exercise all these rights in all situations. This depends on certain factors, such as what the basis for the processing of personal data is. Instructions for exercising your rights can be found on the ‘Data protection’ page. For more information on data protection issues in English, please contact jasenasiat@hengitysliitto.fi.
A member with an email address has the opportunity to receive credentials to the online member service, where you can view and correct your contact details.
In connection with membership, you cannot refuse the processing of personal data without resigning from the membership. The data subject may prohibit direct marketing based on the controller’s legitimate interest by contacting us by email at jasenasiat@hengitysliitto.fi or by phone at +358 20 757 5000.
The data subject can exercise his or her rights under the GDPR in relation to and against each controller.
Right to lodge a complaint with the supervisory authority
The data subject has the right to notify the Data Protection Ombudsman if he or she suspects that personal data is being processed in violation of data protection regulations. The contact details of the Office of the Data Protection Ombudsman can be found at tietosuoja.fi/yhteystiedot.