Data Protection Policy
Architecture for Common Good seminar
- Controller of Personal Data and Contact Person
Finnish Association of Architects SAFA
Malminkatu 30, FI-00100 Helsinki
phone: +358 40 0806284
- Use of the Personal Data
The purpose of collecting and processing personal data is to manage the data of the persons registered to the Architecture for Common Good seminar and events related to it.
Personal data is used to provide services before, during and after the events. These are:
- Providing information and collecting feedback about the events
- Providing services at the event according the data subject’s needs (drinks, food and other special needs or requests)
- Contacting the data subject in case of emergency, cancellation or other unexpected incident or changes related to the events
- Identifying data subject and subject’s right to participate the events
- Marketing similar events to data subjects
Legal base for processing personal data is the consent of the data subject.
- Categories and Sources of Personal Data
The categories of personal data collected are:
- Identification information (name, country of residence, title, place of work or organisation)
- contact information (email, phone)
- dietary preferences and food allergies
- participation details
The personal data is collected directly from the data subjects.
- Security and Storage of Personal Data
Digitally processed personal data is securely collected and saved at:
- Only employees who need the data for their work have access to Surveypal-service and the particular forms containing the personal data. All employees have individual usernames and passwords for the service.
- Controller’s virtual server provided by Welcom Net
- Controller’s employees have access. All employees have individual usernames and passwords to server.
- Personal controller’s employees processing the data
- Personal computers have individual usernames and passwords.
Personal data is protected against unauthorised and unlawful processing, and from accidental loss, destruction or damage.
- Transfering and Extraditing the Personal Data
Personal data can be transferred or given to:
- a catering company in order to provide service at the events (dietary and food allergy information)
- other data subjects or participants of the events in form of a printed list (name, title, place of work or organisation)
- a printing or press company in order to produce materials for the event such as name tags (name, title, place of work or organisation)
- persons who provide the registration service at the event (name, title, place of work or organisation)
- controller’s partner organisations for marketing purposes of similar events (contact info)
- controller’s partner organisations who arrange part or parts of the events for purposes related directly to the event or services provided at the event
Only the personal data that is necessary for providing the service, will be given to third parties. All third parties have to follow the General Data Protection Regulation and other legislation in processing the data.
- Transferring Personal Data Outside European Economic Area
The controller may transfer personal data outside European Economic Area in order to provide the services needed if:
- The country in question has been deemed by the European Commission to provide an adequate level of protection for personal data; or
- One of the mechanisms set out in the legislation has been put in place applies, e.g. where one of the ‘appropriate safeguards’ listed in data protection legislation has been put in place or a specific exception applies
- Retention period of the personal data
The controller will retain the personal data as long as it is necessary in order complete the services and other task related to the events.
After tasks are completed the personal data needed for controller’s accounting purposes (name, title and organisation) is retained according to Finnish legislation.
On data subject’s agreement the contact information of the data subjects will be retained for marketing purposes of similar events.
All retained data will be stored in controller’s possession and erased from other such as Surveypal -service.
Other personal data will be deleted or anonymised for statistics and historical purposes.
Any automatic processing of personal data is not used.
- The Rights of the Data Subject
- The right to access: The data subject has the right to request for copies of their personal data.
- The right to rectification: The data subject has the right to request that controller corrects any information the data subject believes is inaccurate. The data subject also has the right to request controller to complete the information they believe is incomplete.
- The right to erasure: The data subject has the right to request that controller erases their personal data, under certain conditions.
- The right to restrict processing: The data subject has the right to request that controller restricts the processing of their personal data, under certain conditions.
- The right to object to processing: The data subject has the right to object to controller’s processing of their personal data, under certain conditions.
- The right to data portability: The data subject has the right to request that controller transfers the data that we have collected to another organization, or directly them, under certain conditions.
- The Right to Report a Complaint to Appropriate Authority
The data subject has the right to report a complaint to The Office of the Data Protection Ombudsman, or appropriate authority of their own country of residence, that is a member of the European Union, if the data subject feels that their personal data is not processed according to appropriate legislation.
- Changes to this Data Protection Policy
This Data Protection Policy is created for Architecture for Common Good -seminar and events related. The policy will be reviewed if necessary, or some mistakes or other shortages are found.
This policy is last reviewed 19.9.2019.