Controller
The Finnish Association for Museum Education Pedaali
Address
P.O. Box 589 00101 Helsinki
Contact person in matters concerning the register
Secretary Jenni Sahramaa, tel. 044 2424848, info@pedaali.fi
Name of the register
The register of members for the Finnish Association for Museum Education Pedaali
Purpose for processing personal data
The basis for handling personal data is the legal obligation to maintain a register of members, tend to member services, communication, membership fees and other funding, as well as take care of contractual obligations.The purpose of processing personal data is to tend to the legal obligations of the association, produce member services, communication services and bulletins concerning the association and its stakeholders, as well as collect membership fees and other funding.
Data content of the register
While using the register of members, the controller handles the following personal data groups of the data subjects:
– basic information such as gender, date of birth, title
– contact information such as email address, phone number, postal address
– membership information (membership type, duration of membership), information on membership fees
Regular information sources
The registered data is primarily collected from the data subjects after joining or during the update of their information
Regular information sharing
The Finnish Association for Museum Education Pedaali uses external service providers for technical maintenance, collecting membership fees and other funding, communicating with members and stakeholders, providing member services, and support services for data governance. They will be given access to information in the register in order to provide these services.
We do not give access to personal data outside the EU/EEA.
Principles for data protection
Personal data is collected into databases which are protected by firewalls, passwords and other technological measures. The personal information system is accessible only to entitled persons. Each user has their own username and password for the system. The workstations and external storages used are encrypted. The information in the register is not issued as confidential.
The manual material is stored in a locked space by either board members or the secretary.
Information about members and contracting parties is kept for the duration of the membership or contract and up to 10 years after the membership or contract is expired.
Consensual information is kept until the consent is withdrawn.
The controller will regularly evaluate the necessity of keeping the information, considering the applicable legislation. Additionally, the controller will tend to appropriate measures which ensure that no personal information of the data subjects which is incompatible, outdated or incorrect for processing purposes is kept in the register. The controller will rectify or destroy such information without delay.
Rights of the data subject
The data subject has the right
– to be informed about the processing of their personal data
– to gain access to the information in the register regarding themselves upon request
– to demand incorrect information to be rectified
– to demand information to be deleted, if their demand has legal grounds
– to withdraw their consent or object to the processing of their personal data when the processing is based on the data subject’s consent
– to object to the processing of their personal data or demand limited processing
– to issue a complaint about personal data processing to the supervisory authority.
Last updated 19.1.2019