This is Ellilän Sukuseura r.y. Register and Privacy Statement in accordance with the Personal Data Act
(Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).
It was originally dated February 27, 2020 and was last modified on September 14, 2021.
1. The Registrar
Ellilän Sukuseura r.y., Jäppiläntie 11, 07500 Askola, email: firstname.lastname@example.org, phone: +358 400 420974, home site: www.ellilansuku.fi
2. Contact persons for registry matters
Chairman of the Board: Heikki Ellilä, email@example.com,
Treasurer of the Board: Tarja Palsa, firstname.lastname@example.org
3. The name of the registry
Association membership, billing and accounting registers, as well as the home page of the online service
The systems record the names, addresses and contact details of family members and third parties connected to the online service (home page).
The membership register also stores the date and place of birth, sex and membership fees of the member.
Billing and accounting records keep billing and billing information for both members and third parties
5. Grounds for and purpose of keeping a register and processing of personal data
The right to process personal data is based on the person’s own consent.
For family members, personal information may also be used to conduct member research.
However, the basic use is to enable communication between the association and the data subjects, and to record billing and payment information.
6. Regular sources of information
Data sources may include information provided by data subjects themselves, from family membership, billing and accounting records, and bank statements.
7. Disclosure and transfer of information
Disclosures may only be made with the personal consent of the data subjects. However, data will not be disclosed outside the EU / EEA.
8. Data protection
Website information is protected and backed up by Louhi Service (Web Hotel).
The secretary of the Board maintains members’ usernames, passwords, and contact information in the association’s membership register,
while the treasurer of the Board maintains billing, accounting, and banking information in the billing and accounting registers.
Regular backups are also made of external media stored in a different location from the actual registers.
9. Duration of processing
For the home page, messages between the user and the Association are retained as long as the communication document is available. Membership information is kept for the duration of the membership.
In accordance with the Accounting Act, the data is retained for 6 years in the invoicing and accounting records.
10. Data processors
For the website, Louhi Net Oy is the web hosting service provider.
Secretary to the Board of Directors for Membership and Treasurer for Payment Transactions.
The Chairman of the Board of Directors has access to all of the above.
We may outsource the processing of personal data , in which we guarantee through contractual arrangements that personal data will be processed in accordance with applicable data protection law and otherwise properly.
11. Automatic decision making and profiling
Data processing does not include automatic decision making or profiling.
12. Rights of data subjects
Each of the data subjects has the following processing of their data:
- Right of access, ie the right to check personal data stored in the register.
- In the event of any inaccuracies or omissions in the information, the data subject may request that the information be corrected or completed.
- Right of objection, that is, the right to object to the processing of their personal data if the data subject feels that the personal data have been processed unlawfully or without due process.
- Right of deletion, ie the right to request the deletion of data stored in the register.
- The data subject also has the right to restrict the processing of the data.
- Data transfer right, the right to transfer data between systems.
- The right of appeal, ie the right to lodge a complaint with the Data Protection Supervisor if the data subject feels that there has been a breach of applicable data protection law with regard to the processing of personal data.
The controller may only refuse a request for objection or deletion on legal grounds.
If the controller does not agree with the data subject’s request, the data subject has the right to appeal to the data protection officer.
The data subject also has the right to request until the matter is resolved.
All communications and requests for this statement must be made in writing or in person to one of the contact persons named in section two (2).
14. Changes to the Privacy Statement
If we change this description, we will make the changes dated.
If the changes are significant, we may also notify you by other means, such as by email or by posting a notice on our website.
However, we recommend that you visit our website regularly and take note of any changes in the leaflet.