Personal Data Act (523/1999), Sections 10 and 24.
1 May 2018
Data controller
The Organisation for Respiratory Health in Finland (0201472-1)
Oltermannintie 8, 00620 Helsinki, Finland
Tel. 020 757 5000 (switchboard)
Contact details in register matters
The Organisation for Respiratory Health in Finland
Communication team, tiedotus(a)hengitysliitto.fi
Riitta Turunen, Data Protection Officer, tietosuoja(a)hengitysliitto.fi
Oltermannintie 8, 00620 Helsinki, Finland
firstname.lastname(a)hengitysliitto.fi
Tel. 020 757 5000 (switchboard)
Title of the data file
Partnership, stakeholder, and advocacy data file
Purpose of the processing of personal data
The processing of personal data is based on legitimate interests, such as the maintenance of partnerships, communication with stakeholders, and advocacy work, as well as the fulfilment of contracts and the consent of data subjects.
Personal data is processed for the following purposes:
- Communication, such as newsletters and press releases
- Advocacy work
- Organisation and marketing of trainings and events
- Cooperation and communication between stakeholders
- Fulfilment of contractual and other obligations and commitments
- Development of activities
Data contents of the file
- Data subjects’ contact information, such as name, email address, telephone number, address, and IP address
- For sending out newsletters and press releases, we only collect email addresses
- Information on partners and stakeholders, such as business ID’s and names and contact information of contact persons
- Contract and tender information, such as past and current contracts
- Information submitted voluntarily to us by data subjects
Regular sources of data
We receive information from the data subject and publicly available sources. We collect data online using electronic forms and at events using paper forms.
Personal data may also be collected and updated, within the limits of applicable legislation, for the purposes described in this privacy statement on the basis of information received from member organisations, authorities, other reliable sources, or other third parties.
Regular disclosures of data
We use subcontractors for the processing of personal data.
- Newsletters
- Information service
- IT service providers
Transfer of data outside the EU or EEA
The data will not be transferred outside the EU or EEA.
Protection of the data file
A Manually processed data
Manually processed data is stored in locked premises and will be destroyed after recording.
B Electronically processed data
Data is collected in databases protected by firewalls, passwords, and other technical means. Databases and database backups are located in locked premises. Only predesignated persons are allowed to access the data.
Only persons who need the data for performing their duties have access to the data file. Data stored on computers can only be accessed with personal credentials, and their use is monitored.
We only store personal data for as long as it is necessary for the purposes of processing the data. We store personal data for at least the duration of the partnership, taking into account the criteria defined by law and authorities, such as the Accounting Act, legislation on the processing of personal data, and archiving regulations.
We regularly assess the need for data retention in view of the applicable legislation. In addition to this, the controller takes reasonable measures to ensure that no such personal data is stored that is inaccurate, outdated, or incompatible with the purposes of data processing. The controller will rectify or erase any such data without delay.
Right of access
Data subjects have the right to be notified by the data controller of whether their personal data is being processed or not. The data controller must provide a copy of the collected personal data at the request of the data subject.
The request must be submitted in writing to the Data Protection Officer using the data request form. The identity of the data subject will be confirmed before handing out the information.
Right to rectification
Data subjects have the right to request the controller to rectify their inaccurate personal data without undue delay. Incorrect registered data will be rectified on the basis of the information provided by the person.
The request must be submitted in writing using the data rectification request form.
Any updates to the information contained in the data file, such as changes to the name and contact information of the contact person, will be directly communicated to the organisation’s contact person.