This is a privacy statement written by Sauna from Finland, following the Finnish Personal Data Act (10 & 24 §) and the EU General Data Protection Regulation (GDPR). Written on 18 May 2018. Last modified on 16 October 2020.
Sauna from Finland ry, Roopensuontie 30, 40530, Jyväskylä, Finland.
Contact person responsible for the register
Vilma Torppala, email@example.com, +358 440 631 995
Name of the register
Sauna from Finland stakeholder register
Purpose of handling the personal data
The purpose of handling the personal data in Sauna from Finland stakeholder register is contacting the stakeholders, maintaining the stakeholder groups, targeting the marketing and the direct marketing of Sauna from Finland and/or its partners by using the personal data and Sauna from Finland’s communication channels, without giving the personal data to external quarters. The information will not be used for automatized decision-making or profiling.
Register data content
Information pieces stored in the register are:
Contact information (e-mail address, phone number)
Other information involved in the customer relationship
Regular sources of information
The information stored in the register are given by a member/participant/client, for example from messages sent via website forms, via e-mail, via phone calls, via social media services, via contracts, via customer meetings, or via other situations where they are giving away their data.
Regulatory transfers of the data and transferring the data outside of EU/ETA
The data will not be given away to external quarters. The pieces of information can be published to the extent that has been agreed with the customer.
Some pieces of information can be transferred also outside EU/ETA by the registrar.
Principals of protecting the data
The register is handled with diligence and the information handled within data processing systems is protected appropriately. When the register information is kept in Internet servers, the physical and digital information security of the equipment used for handling the data is taken care appropriately. The registrar makes sure that the stored information and the access to the servers and other critical information concerning the personal data is handled confidentially and only by those employees whose job description this requires.
Right of inspection and right to correct the data
Ever person within the register has the right to inspect their information stored in the register and to demand correcting possible errors or supplementing missing pieces of information. If the person wants to inspect the information stored of them or to demand correcting them, a demand should be sent in written to the registrar. The registrar is allowed to demand the demander to prove their identity if needed. The registrar responds to the customer within the time frame regulated in the EU General Data Protection Regulation (in general, within a month).
Other rights included in handling the personal data
The person being in the register has the right to demand deleting the personal data about them in the register (‘the right to be forgotten’). Likewise, all registered have all the rights stated in the EU General Data Protection Regulation, like limiting the handling of the personal data in certain situations. The demands should be sent in written to the registrar. The registrar is allowed to demand the demander to prove their identity if needed. The registrar responds to the customer within the time frame regulated in the EU General Data Protection Regulation (in general, within a month).