1. Data Controller

Data Controller                          Economy and youth TAT (later TAT)
Business ID                                     0202391-9
Address                                         Eteläranta 10, FI-00130 Helsinki
Telephone                                      +358 (0)50 372 1869
Contact person                             Sanna Heino

  1. The name of the registry

The roaming register of the Economy and youth TAT.

  1. Legal grounds and the purpose of processing personal data

The purpose of the register is to ensure the security of the association’s website. The available information (IP address) is only used in the event of a fault or intrusion detection.

The processing is based on a legitimate interest.

  1. Grounds for legitimate interest

General network security and practices. The legitimate interest of the data controller in the processing of personal data collected and used is based on the freedom to conduct a business.

  1. Categories of recipients of the personal data

IP address, time of visit and pages visited.

  1. Recipients and groups of recipients

Limited, authorised personnel of the company providing the website hosting server.

  1. Data content of the register

The data to be stored in the register is:

  1. Regular sources of information

Information is obtained from the customer about roaming on the organisation’s website.

  1. Retention period of personal data

Data is never deleted separately.

  1. Regular transfer of data outside the EU or the European Economic Area

The information is only used by the association, except when using an external service provider also at their disposal. The information is not disclosed outside the association or for the use of its partners, except in connection with data breaches and similar.

Personal data will not be transferred outside the European Union unless it is necessary to ensure the technical implementation of the association or its partner.

  1. Registry security principles

Only designated employees of the association and the companies acting on its behalf have the right to use the website hosting server. Each user has their own personal username and password. The system is protected by a firewall protecting external
connections to the system. The protection and processing of data in the register comply with the provisions and principles of the Data Protection Act, regulations of authorities and good data processing practice.

  1. Cookies

We use cookies on our website. A cookie is a small text file that is sent to a user’s computer and stored there. Cookies do not harm users’ computers or files. The primary purpose of the use of cookies is to improve and customise the visitor’s user experience on the website, as well as to analyse and improve the functionality and content of the website.

The information collected through cookies can also be used to target communications and marketing, as well as to optimise marketing measures. The visitor cannot be identified by cookies alone. However, the information obtained through cookies may be linked to information obtained from the user in other contexts, such as when the user fills in a form on our website.

The information collected via cookies includes the following types of information:

Your rights

The user visiting our website has the opportunity to block the use of cookies at any time by changing the settings of their browser. Most browsers allow you to turn off the cookies and delete already stored cookies. Blocking the use of cookies may affect the functionality of the website.

Google Analytics

The site collects usage statistics for Google Analytics, which is used to track, develop, and plan marketing for the site. The data collected cannot be used to identify individual users or individuals.

In addition, the site uses the collection of target group information and topic data (Google Analytics Demographics), which is used to record, for example, age, gender and user topics. You can change the settings related to the collection of this information in your own Google Account at https://www.google.com/settings/ads

You can turn off Google Analytics tracking with a Chrome browser add-on.

  1. Rights of the data subject

Right of inspection: The data subject has the right to check their data stored in the register. The inspection request must be made in writing by contacting the association (tietosuoja(a)tat.fi) or the contact person of the register in Finnish or English. The inspection request must be signed. The data subject has the right to prohibit the processing and disclosure of their data for direct advertising, distance selling and direct marketing, as well as market research and opinion polls, by contacting the company’s customer service point.

Right to data transfer: The data subject has the right to transfer their data from one system to another. A transfer request can be addressed to the registry’s contact person.

Right to demand correction of information: Personal data contained in the register which are incorrect, unnecessary, incomplete or out of date for the purpose of processing must be rectified, erased or supplemented. The request for correction must be made with a signed written request to the association (tietosuoja(a)tat.fi) or to the administrator of the personal register. The request specifies what information is required to be corrected and on what basis. Corrections are carried out without delay. Correction of the error is notified to the person from whom the incorrect information was received or to whom the information was disclosed. The person responsible for the register issues a written certificate stating the reasons for a refusal of the request for correction. The data subject may refer the refusal to the Data Protection Ombudsman.

Right of restriction: The data subject has the right to request a restriction of data processing, such as if the personal data in the register is incorrect. Requests related to the restriction of data processing can be addressed to the person responsible for the register.

Right to object: The data subject has the right to request personal data concerning them and rectification or deletion of their personal data. Requests can be addressed to the registry’s contact person. If you act as a contact person for a company or organisation, your information cannot be deleted during that time.

Right to lodge a complaint with a supervisory authority: If you feel that the processing of personal data concerning you has violated the General Data Protection Regulation, you have the right to lodge a complaint with the supervisory authority. You may also lodge a complaint especially in the member state of your permanent place of residence or employment.

The contact details of the national supervisory authority are:

The Office of the Data Protection Ombudsman
P.O. Box 800
Ratapihantie 9
FI-00521 Helsinki

tel. +358 (0)29 56 66700

  1. Other rights related to the processing of personal data

The data subject has the right to refuse the disclosure and processing of their data for direct advertising and other marketing, to demand anonymisation of the data where applicable, and request the removal of their personal data from the register (“the right to be forgotten”).