X

Privacy statements of the Economy and youth TAT:

  1. Data Controller

Data Controller                          Economy and youth TAT (later TAT)
Business ID                                 0202391-9
Address                                        Eteläranta 10, FI-00130 Helsinki
Telephone                                    +358 (0)50 372 1869
Contact person                           Sanna Heino

  1. The name of the registry

The customer register of the Economy and youth TAT.

  1. Legal grounds and the purpose of processing personal data

The purpose of the register is to maintain the customer register, manage partnerships and archive and process and manage data concerning customer relationships. The information can be used to develop the association’s operations and to produce more personalised targeted content on our online services as well as for statistical purposes. Personal data is processed within the limits allowed and required by the General Data Protection Regulation.

The information in the register can be used in the association’s own registers to target advertising without disclosing personal data to third parties, for example. The association may use partners to maintain the customer and service relationships, in which case parts of the information in the register may be transferred to the partner’s servers due to technical requirements. The data is processed only for the maintenance of the association’s customer relationship through technical interfaces. The association has the right to publish the information contained in the customer register as an electronic or written list, unless the customer specifically prohibits it. In this case, a list means, for example, address stickers for direct mail or the like. The customer has the right to refuse the publication of their data by notifying the association by email (tietosuoja(a)tat.fi) or the contact person for the register.

The processing is based on an agreement.

In training and other events, processing is based on legitimate interest and enrollment.

  1. Grounds for legitimate interest

Customer/partnership relationship.

  1. Categories of recipients of the personal data

Name, organisation represented, contact details, invoicing information. At events and trainings, we also collect information about special diets.

  1. Recipients and groups of recipients

Personnel of the data controller and outsourcing partners (financial administration) as applicable.

  1. Data content of the register

The data to be stored in the register is:

  1. Regular sources of information

Information is obtained from registrations made by the customer and from notifications made by the customer during the customer relationship. Updates to your name and contact information are also obtained from the authorities and companies that provide update services. Information may also be obtained from subcontractors involved in the use or provision of the service. Information about customers’ other digital environment activities can be obtained from partner sites, information systems, or other digital sources, which are logged in via an electronic invitation (link), cookies or using the IDs provided to customers.

The information is only used by the association, except when using an external service provider either to provide a value-added service or to support a credit decision.

The information is not disclosed outside the association or for the use of its partners, except in matters related to credit applications, collection or invoicing, and when required by legislation. Personal data will not be transferred outside the European Union unless it is necessary to ensure the technical implementation of the association or its partner. The data subject’s personal data is destroyed at the request of the user, unless the deletion of the data is prevented by legislation, open invoices or collection measures.

  1. Retention period of personal data

The customer register is kept for as long as the customer relationship or cooperation is valid, unless the person requests the erasure of their data. After the termination of the customer relationship, the data is retained for 10 years, unless the person requests the deletion of the data. If the information is no longer needed or has expired, the information is deleted. The timeliness and necessity of the data are reviewed at regular intervals and if there are no longer grounds for retention, the data is deleted and destroyed.

  1. Regular transfer of data outside the EU or the European Economic Area

The information is only used by the association, except when using an external service provider either to provide a value-added service or to support a credit decision. The information is not disclosed outside the association or for the use of its partners, except in matters related to credit applications, collection or invoicing, and when required by legislation. The data subject’s personal data is destroyed at the request of the user, unless the deletion of the data is prevented by legislation, open invoices or collection measures.

Personal data will not be transferred outside the European Union unless it is necessary to ensure the technical implementation of the association or its partner.

  1. Registry security principles

Manual data: Contact information collected at customer events and other documents containing customer information that are processed manually are stored in locked and fireproof storage facilities after initial processing. Only designated employees who have signed a non-disclosure agreement have the right to process manually stored customer information. The protection and processing of data in the register comply with the provisions and principles of the Data Protection Act, regulations of authorities and good data processing practice.

Digital data: Only designated employees of the company and the association acting on its behalf have the right to access and maintain the customer register. Each user has their own personal username and password. Each user has signed a non-disclosure agreement. The system is protected by a firewall protecting external connections to the system. The protection and processing of data in the register comply with the provisions and principles of the Data Protection Act, regulations of authorities and good data processing practice.

  1. Cookies

We use cookies on our website. A cookie is a small text file that is sent to a user’s computer and stored there. Cookies do not harm users’ computers or files. The primary purpose of the use of cookies is to improve and customise the visitor’s user experience on the website, as well as to analyse and improve the functionality and content of the website.

The information collected through cookies can also be used to target communication and marketing, as well as to optimise marketing measures. The visitor cannot be identified by cookies alone. However, the information obtained through cookies may be linked to information obtained from the user in other contexts, such as when the user fills in a form on our website.

The information collected via cookies includes the following types of information:

Your rights

The user visiting our website has the opportunity to block the use of cookies at any time by changing the settings of their browser. Most browsers allow you to disable the cookies and delete already stored cookies. Blocking the use of cookies may affect the functionality of the website.

Google Analytics

The site collects usage statistics for Google Analytics, which is used to track, develop, and plan marketing for the site. The data collected cannot be used to identify individual users or individuals.

In addition, the site uses the collection of target group information and topic data (Google Analytics Demographics), which is used to record, for example, age, gender and user topics. You can change the settings related to the collection of this information in your own Google Account at https://www.google.com/settings/ads

You can turn off Google Analytics tracking with a Chrome browser add-on.

  1. Rights of the data subject

Right of inspection: The data subject has the right to check their data stored in the register. The inspection request must be made in writing by contacting the association (tietosuoja(a)tat.fi) or the contact person of the register in Finnish or English. The inspection request must be signed. The data subject has the right to prohibit the processing and disclosure of their data for direct advertising, distance selling and direct marketing, as well as market research and opinion polls, by contacting the company’s customer service point.

Right to data transfer: The data subject has the right to transfer their data from one system to another. A transfer request can be addressed to the registry’s contact person.

Right to demand correction of information: Personal data contained in the register which are incorrect, unnecessary, incomplete or out of date for the purpose of processing must be rectified, erased or supplemented. The request for correction must be made with a signed written request to the association (tietosuoja(a)tat.fi) or to the administrator of the personal register. The request specifies what information is required to be corrected and on what basis. Corrections are carried out without delay. Correction of the error is notified to the person from whom the incorrect information was received or to whom the information was disclosed. The person responsible for the register issues a written certificate stating the reasons for a refusal of the request for correction. The data subject may refer the refusal to the Data Protection Ombudsman.

Right of restriction: The data subject has the right to request a restriction of data processing, such as if the personal data in the register is incorrect. Requests related to the restriction of data processing can be addressed to the person responsible for the register.

Right to object: The data subject has the right to request personal data concerning them and rectification or deletion of their personal data. Requests can be addressed to the registry’s contact person. If you act as a contact person for a company or organisation, your information cannot be deleted during that time.

Right to lodge a complaint with a supervisory authority: If you feel that the processing of personal data concerning you has violated the General Data Protection Regulation, you have the right to lodge a complaint with the supervisory authority. You may also lodge a complaint especially in the member state of your permanent place of residence or employment.

The contact details of the national supervisory authority are:

The Office of the Data Protection Ombudsman
P.O. Box 800
Ratapihantie 9
FI-00521 Helsinki

tel. +358 (0)29 56 66700
tietosuoja@om.fi
www.tietosuoja.fi

  1. Other rights related to the processing of personal data

The data subject has the right to refuse the disclosure and processing of their data for direct advertising and other marketing, to demand anonymisation of the data where applicable, and to request the removal of their personal data from the register (“the right to be forgotten”).