Members register description and Privacy policy

MEMBERS REGISTER DESCRIPTION AND PRIVACY POLICY

Data Protection Act (1050/2018)
 

1. Controller
Puunjalostusinsinöörit ry – Finnish Forest Products Engineers' Association (PI)
Tekniikantie 4 C
02150 Espoo, Finland

2. Register is maintained by
Puunjalostusinsinöörit ry / Membership service
Tekniikantie 4 C
02150 Espoo, Finland
+358 40 132 6688, info@puunjalostusinsinoorit.fi

3. Name of the register
PI`s members register
 

4. Purpose of processing personal data
The register is used for managing member relations, communications: newsletters and direct marketing for those agreed to receive such material; to produce Yearbook of PI’s members, invoicing of membership fees. Member data may also be used for member surveys and other research.
 

5. Data content of the register
Name, member ID number, date of birth, gender, native language, language of communication, contact details, educational, employment and employer information, invoicing information, involvement in the PI’s internal committees, participation in the PI’s activities and events and other possible information given by the member.

Also contact person details of PI’s corporate members: name, e-mail address and phone number.
 

6. Sources of information
All personal data is given by the member when the member relationship is formed or during it. PI may collect information on participation in events and activities organized by the controller. A specific permission is asked from the member for any direct marketing as required by the law.
 

7. Releasing information to third parties
The information in the register is used for the association's own activities. Data may be disclosed outside the association without the explicit consent of the member for each occasion only if the disclosure of the information is directly related to the activities of the association.
 

8. Releasing information outside the EU or the European Economic Area (EEA)
Not applicable, data will not be transferred outside the EU or EEA.
 

9. Principles of data protection
Membership data has been secured against external access. Licenses are managed by an administrator appointed by the PI. The username and password are only given to PI`s employees. The information is confidential to all employees processing the data. The system is secured.

The register/website service is based on the Amazon AWS environment. The environment meets several internationally accepted certifications. More information on the security and valid certifications of the AWS environment can be found at https://aws.amazon.com/compliance. The technical administrator of the service is Vitec Avoine Oy. Vitec Avoine use only AWS servers located in the EU territory and no data is transmitted or replicated outside the EU territory. The connections are SSL-encrypted, and the environment is protected by a firewall.
 

10. Right to inspect personal data
Anyone in the register has the right to go through the personal information collected to the register and receive copies of it. The request for this information must be done by contacting the party mentioned in section 2
 

11. Correcting information
The register holder on its own initiative corrects, deletes or completes any information if its outdated, incorrect or unnecessary. Also, the customer has the right to request any of these procedures. This request must be done by contacting the party mentioned in section 2.

If the controller refuses access to or to rectify the data, a written certificate to this effect will be issued to the member. In such an event, the data subject may bring the matter to the attention of the Data Protection Ombudsman using the following address: Data Protection Ombudsman, PL 315, 00181 Helsinki, Finland. The Data Protection Ombudsman may order the controller to rectify the data.
 

12. Right to decline
The member has the right to decline any direct marketing, sales or research. The member also has the right not to let his/her information be used for PI’s yearbook. Declining from these procedures must be done by contacting the party mentioned in section 2