1. Data controller
Kiinteistönomistajat ja rakennuttajat Rakli ry (1070296-2), Annankatu 24, Fi-00100 Helsinki
Contact person: Aija Tasa, Director, firstname.lastname@example.org
2. Whose data do we process?
We process data pertaining to the following parties:
- the contact persons and personnel of members and potential members
- potential members
- stakeholders and their personnel
- persons associated with stakeholders
- website users
- members of representative associations (Finnish Property Owners Rakli coordinates the activities of the Finnish Council of Shopping Centres, The Finnish Association of Student Housing Organisations SOA, the Finnish Association of Construction Management Companies, IFMA Finland ry and acts as their data controller).
3. Information we process
We only process personal information that is necessary for our operations and information that has been provided to us. A member of the staff of the member you represent may also provide us information. The information we process about the data subject is
- postal address,
- telephone number,
- email address,
- role / title,
- date of birth,
- special diet (in the event management section).
4. The purpose and grounds for processing personal data
We process data as part of managing and maintaining memberships, communications and information dissemination, sending out invitations to events as well as lobbying and marketing activities.
Members with contact persons
The purpose of the processing: Maintaining a membership relationship and enabling the necessary contacts.
Grounds for processing: 1) Associations Act (Yhdistyslaki 503/1989), 2) the legitimate interest of the controller
Potential members with contact persons
The purpose of the processing: Marketing and communications
Grounds for processing: The legitimate interest of the controller
Persons associated with stakeholders
The purpose of the processing: Lobbying and communications, event invitations
Grounds for processing: The legitimate interest of the controller
The purpose of the processing: Contact requests received via websites. Use of restricted parts of websites.
Grounds for processing: The legitimate interest of the controller.
5. Data stored in the register
We only process the kinds of personal data that are necessary for our operations. As a general rule, the data we process has been provided by the data subject themselves. A staff representative of a data subject may also provide us with data.
We process the following data: name (identifier and contact), postal address (contact), telephone number (contact), email address (contact), employer or company (membership management, targeted marketing), role or title (membership management, marketing targeting), language (membership management), date of birth (identifier), dietary requirements (organisation of events).
6. The duration of the processing
As a general rule, personal data is processed for as long as the membership relationship for which we need the data is active or until the member’s contact person is replaced. We record data in the register in the form in which it is obtained from the data subject themselves or from a contact person of a member organisation or from public sources. The data is updated in line with changes the data subject or the contact person of a member organisation informs the controller of or in line with updated data obtained from public sources.
The personal data of potential members’ contact persons is processed until the contact person is replaced.
The personal data of stakeholders is processed for as long as the individual operates in a position in which he or she needs to be contacted.
Subscribers can unsubscribe from our newsletter yourself by clicking the unsubscribe link provided in each newsletter we send out.
7. Rights of the data subject
The data subject has the following rights, wherein the requests for their use must be submitted to email@example.com
The right of inspection: Data subjects have the right to verify the personal data we store about them. Data subjects may ask us to correct and/or complete the data we hold about them if they discover errors or omissions in this data.
Right to object: Data subjects have the right to object to the processing of their personal data at any time if they feel that we have unlawfully processed this data or that we have no right to process certain personal data.
The prohibition of direct marketing: Data subjects have the right to prohibit us from using their data for direct marketing purposes at any time.
Removal right: Data subjects have the right to ask us to delete any personal data we hold about them if they feel that the processing of this data is not necessary for the performance of our duties. Upon receipt of such a request, we process the request and then either delete the data in question or inform the data subject of the reason why the data cannot be deleted. Should the data subject disagree with our decision, they have the right to complain to the Data Protection Officer (instructions for filing a complaint). The data subject also has the right to demand that we restrict the processing of the disputed data until such time as the matter can be resolved.
Right of appeal: Data subjects have the right to complain to the Data Protection Officer if they feel that we are in breach of the applicable data protection legislation when processing their personal data (instructions for filing a complaint).
8. From what sources do we obtain data?
Information about members and their contact persons may be obtained from the person in question, a representative of the member or from public sources. Information about stakeholders and their personnel may be obtained from the person in question, a representative of the stakeholder or from public sources.
9. How do we secure data?
We respect the data subject’s privacy when processing personal data and processing personal data in a secure manner is important to us. We will properly protect and secure your data. Systems containing personal data are protected by user-specific logins and passwords. Any paper documents are stored in such a way that is inaccessible to third parties.
Our system is also protected by firewalls and other technical means. The data contained in the register stored in the system is only accessible by the authorised personnel employed by the data controller, wherein the processing of this data is part of their duties. Our registers are located on a virtual server or in a cloud service, in which access to them by unauthorized persons is blocked. The registers are regularly backed up.
10. Disclosure of information
Data will not be disclosed for marketing purposes outside of Finnish Property Owners Rakli. The data controller may selectively disclose data to a third party in order to respond to a query or in order to make a report on behalf of the data controller (for example, a reputation survey for Finnish Property Owners Rakli). Ownership of the data is not transferred from the data controller to a third party, nor is the third party entitled to further use of the data. We ensure that all our service providers comply with the data protection laws.
11. Transfer of data outside of the EU
We opt to store your data in secure, European-based data centres whenever possible. Some of our service providers may, however, back up data outside the EU/EEA, for example in centres in the US. Data is backed up to keep your data safe when a main server fails.