X
  1. Data Controller

Data Controller                          Economy and youth TAT (later TAT)
Business ID                                  0202391-9
Address                                         Eteläranta 10, FI-00130 Helsinki
Telephone                                     +358 (0)50 372 1869
Contact person                             Sanna Heino

  1. The name of the registry

The newsletter register of the Economy and youth TAT.

  1. Legal grounds and the purpose of processing personal data

The purpose of the register is to enable TAT’s email communications and marketing.

The information obtained (email address and any contact or other personal information in the messages and their attachments) is used to create and maintain customer relationships and other operational needs of the association.

The processing is based on a legitimate interest.

  1. Grounds for legitimate interest

Communication with customers, stakeholders and potential customers, marketing and sales. The legitimate interest of the data controller in the processing of personal data collected and used is based on direct marketing needs and the freedom to conduct a business. Direct marketing is a legitimate interest under the EU General Data Protection Regulation.

  1. Categories of recipients of the personal data

Name, organisation represented, email address

  1. Recipients and groups of recipients

Personnel of the data controller and outsourcing partners (financial administration) as applicable as well as communication parties.

  1. Consent

The processing is based on a legitimate interest.

  1. Data content of the register

The data to be stored in the register is:

  1. Regular sources of information

Information is obtained from the customer themselves, CRM, newsletter subscription and public information sources. Information can also be received from other stakeholders, such as the media, message groups, forwarding and other communication situations. The information is only disclosed to the external service provider and their newsletter system. It is easy for individuals on the list to remove themselves from the system.

  1. Retention period of personal data

The data is kept for a maximum of 10 years.

  1. Regular transfer of data outside the EU or the European Economic Area

The information is only used by the association, except when using an external service provider as a newsletter tool provider. The information is not disclosed outside the association or for the use of its partners, except for a newsletter tool to enable marketing of services. The data subject’s personal data in the newsletter tool is destroyed
at the request of the user.

Personal data will not be transferred outside the European Union unless it is necessary to ensure the technical implementation of the association or its partner.

  1. Registry security principles

Manual data: Manually processed documents containing customer information (e.g. printed emails or their attachments) are stored in locked and fireproof storage facilities after initial processing. Only designated employees who have signed a non-disclosure agreement have the right to process manually stored customer information.

Digital data: Only designated employees of the association have the right to access the newsletter system and maintain the information in the system. Each user has their own personal username and password.

  1. Cookies

We use cookies on our website. A cookie is a small text file that is sent to a user’s computer and stored there. Cookies do not harm users’ computers or files. The primary purpose of the use of cookies is to improve and customise the visitor’s user experience on the website, as well as to analyse and improve the functionality and content of the website.

The information collected through cookies can also be used to target communications and marketing, as well as to optimise marketing measures. The visitor cannot be identified by cookies alone. However, the information obtained through cookies may be linked to information obtained from the user in other contexts, such as when the user fills in a form on our website.

The information collected via cookies includes the following types of information:

Your rights

The user visiting our website has the opportunity to block the use of cookies at any time by changing the settings of their browser. Most browsers allow you to turn off the cookies and delete already stored cookies. Blocking the use of cookies may affect the functionality of the website.

Google Analytics

The site collects usage statistics for Google Analytics, which is used to track, develop, and plan marketing for the site. The data collected cannot be used to identify individual users or individuals.

In addition, the site uses the collection of target group information and topic data (Google Analytics Demographics), which is used to record, for example, age, gender and user topics. You can change the settings related to the collection of this information in your own Google Account at https://www.google.com/settings/ads

You can turn off Google Analytics tracking with a Chrome browser add-on.

  1. Rights of the data subject

Right of inspection: The data subject has the right to check their data stored in the register. The inspection request must be made in writing by contacting the association (tietosuoja(a)tat.fi) or the contact person of the register in Finnish or English. The inspection request must be signed. The data subject has the right to prohibit the processing and disclosure of their data for direct advertising, distance selling and direct marketing, as well as market research and opinion polls, by contacting the company’s customer service point.

Right to data transfer: The data subject has the right to transfer their data from one system to another. A transfer request can be addressed to the registry’s contact person.

Right to demand correction of information: Personal data contained in the register which are incorrect, unnecessary, incomplete or out of date for the purpose of processing must be rectified, erased or supplemented. The request for correction must be made with a signed written request to the association (tietosuoja(a)tat.fi) or to the administrator of the personal register. The request specifies what information is required to be corrected and on what basis. Corrections are carried out without delay. Correction of the error is notified to the person from whom the incorrect information was received or to whom the information was disclosed. The person responsible for the register issues a written certificate stating the reasons for a refusal of the request for correction. The data subject may refer the refusal to the Data Protection Ombudsman.

Right of restriction: The data subject has the right to request a restriction of data processing, such as if the personal data in the register is incorrect. Requests related to the restriction of data processing can be addressed to the person responsible for the register.

Right to object: The data subject has the right to request personal data concerning them and rectification or deletion of their personal data. Requests can be addressed to the registry’s contact person. If you act as a contact person for a company or organisation, your information cannot be deleted during that time.

Right to lodge a complaint with a supervisory authority: If you feel that the processing of personal data concerning you has violated the General Data Protection Regulation, you have the right to lodge a complaint with the supervisory authority. You may also lodge a complaint especially in the member state of your permanent place of residence or employment.

The contact details of the national supervisory authority are:

The Office of the Data Protection Ombudsman
P.O. Box 800
Ratapihantie 9
FI-00521 Helsinki

tel. +358 (0)29 56 66700
tietosuoja@om.fi
www.tietosuoja.fi

  1. Other rights related to the processing of personal data

The data subject has the right to refuse the disclosure and processing of their data for direct advertising and other marketing, to demand anonymisation of the data where applicable, and request the removal of their personal data from the register (“the right to be forgotten”).