X
  1. Data Controller

Data Controller                          Economy and youth TAT (later TAT)
Business ID                                     0202391-9
Address                                         Eteläranta 10, FI-00130 Helsinki
Telephone                                      +358 (0)50 372 1869
Contact person                             Sanna Heino

  1. The name of the registry

The prospects and potential customers of the Economy and youth TAT.

  1. Legal grounds and the purpose of processing personal data

The purpose of the register is the operation of the association, the creation of new customers and partnerships and the related communications. The information obtained is used to create and maintain customer relationships and other operational needs of the association.

The processing is based on a legitimate interest.

  1. Grounds for legitimate interest

Creating a customer relationship, negotiations and other activities related to the activities of the association. The legitimate interest of the data controller in the processing of personal data collected and used is based on direct marketing needs and the freedom to conduct a business.

Direct marketing is a legitimate interest under the EU General Data Protection Regulation.

  1. Categories of recipients of the personal data

Name, organisation represented, contact details

  1. Recipients and groups of recipients

Personnel of the data controller and outsourcing partners (financial administration, marketing, information management) as applicable.

  1. Data content of the register

The data to be stored in the register is:

  1. Regular sources of information

Information is obtained from the customer through emails, business cards, telephone discussions or physical encounters. Information can also be received from other stakeholders, such as the media,
marketing sources, website contact forms or similar.

The information is not disclosed outside the association or for the use of its partners, except in matters related to credit applications, collection or invoicing, and when required by legislation. Personal data will not be transferred outside the European Union unless it is necessary to ensure the technical implementation of the company or its partner. The data subject’s personal data is destroyed at the request of the user, unless the deletion of the data is prevented by legislation, customer relationship management, open invoices or collection measures.

  1. Retention period of personal data

Personal data is kept for 10 years from the end of the communication.

  1. Regular transfer of data outside the EU or the European Economic Area

The information is only used by the association, except when using an external service provider either to provide a value-added service or to support a credit decision. The information is not disclosed outside the association or for the use of its partners, except in matters related to credit applications, collection or invoicing, and when required by legislation. The data subject’s personal data is destroyed at the request of the user, unless the deletion of the data is prevented by legislation, open invoices or collection measures.

Personal data is not transferred outside the European Union unless it is necessary to ensure the technical implementation of the association or its partner.

  1. Registry security principles

Manual data: Manually processed documents containing customer information (e.g. printed emails or their attachments, printed web forms or similar) are stored in locked and fireproof storage facilities after initial processing. Only designated employees who have signed a non-disclosure agreement have the right to process manually stored customer information. The protection and processing of data in the register comply with the provisions and principles of the Data Protection Act, regulations of authorities and good data processing practice.

Digital data: Only designated employees of the company and the association acting on its behalf have the right to access and maintain the customer register. Each user has their own personal username and password. Each user has signed a non-disclosure agreement. The system is protected by a firewall protecting external connections to the system. The protection and processing of data in the register comply with the provisions and principles of the Data Protection Act, regulations of authorities and good data processing practice.

  1. Cookies

We use cookies on our website. A cookie is a small text file that is sent to a user’s computer and stored there. Cookies do not harm users’ computers or files. The primary purpose of the use of cookies is to improve and customise the visitor’s user experience on the website, as well as to analyse and improve the functionality and content of the website.

The information collected through cookies can also be used to target communications and marketing, as well as to optimise marketing measures. The visitor cannot be identified by cookies alone. However, the information obtained through cookies may be linked to information obtained from the user in other contexts, such as when the user fills in a form on our website.

The information collected via cookies includes the following types of information:

Your rights

The user visiting our website has the opportunity to block the use of cookies at any time by changing the settings of their browser. Most browsers allow you to disable the cookies and delete already stored cookies. Blocking the use of cookies may affect the functionality of the website.

Google Analytics

The site collects usage statistics for Google Analytics, which is used to track, develop, and plan marketing for the site. The data collected cannot be used to identify individual users or individuals.

In addition, the site uses the collection of target group information and topic data (Google Analytics Demographics), which is used to record, for example, age, gender and user topics. You can change the settings related to the collection of this information in your own Google Account at https://www.google.com/settings/ads

You can turn off Google Analytics tracking with a Chrome browser add-on.

  1. Rights of the data subject

Right of inspection: The data subject has the right to check their data stored in the register. The inspection request must be made in writing by contacting the association (tietosuoja(a)tat.fi) or the contact person of the register in Finnish or English. The inspection request must be signed. The data subject has the right to prohibit the processing and disclosure of their data for direct advertising, distance selling and direct marketing, as well as market research and opinion polls, by contacting the company’s customer service point.

Right to data transfer: The data subject has the right to transfer their data from one system to another. A transfer request can be addressed to the registry’s contact person.

Right to demand correction of information: Personal data contained in the register which are incorrect, unnecessary, incomplete or out of date for the purpose of processing must be rectified, erased or supplemented. The request for correction must be made with a signed written request to the association (tietosuoja(a)tat.fi) or to the administrator of the personal register. The request specifies what information is required to be corrected and on what basis. Corrections are carried out without delay. Correction of the error is notified to the person from whom the incorrect information was received or to whom the information was disclosed. The person responsible for the register issues a written certificate stating the reasons for a refusal of the request for correction. The data subject may refer the refusal to the Data Protection Ombudsman.

Right of restriction: The data subject has the right to request a restriction of data processing, such as if the personal data in the register is incorrect. Requests related to the restriction of data processing can be addressed to the person responsible for the register.

Right to object: The data subject has the right to request personal data concerning them and rectification or deletion of their personal data. Requests can be addressed to the registry’s contact person. If you act as a contact person for a company or organisation, your information cannot be deleted during that time.

Right to lodge a complaint with a supervisory authority: If you feel that the processing of personal data concerning you has violated the General Data Protection Regulation, you have the right to lodge a complaint with the supervisory authority. You may also lodge a complaint especially in the member state of your permanent place of residence or employment.

The contact details of the national supervisory authority are:

The Office of the Data Protection Ombudsman
P.O. Box 800
Ratapihantie 9
FI-00521 Helsinki

tel. +358 (0)29 56 66700
tietosuoja@om.fi
www.tietosuoja.fi

  1. Other rights related to the processing of personal data

The data subject has the right to refuse the disclosure and processing of their data for direct advertising and other marketing, to demand anonymisation of the data where applicable, and to request the removal of their personal data from the register (“the right to be forgotten”).