This is the register and privacy statement in accordance with the General Data Protection Regulation (GDPR) of the European Union. Date of drafting: 22nd May 2018. Latest modification: 19th May 2024.
1. Controller
Tietokilta ry (TiK) Konemiehentie 2, 02150 Espoo
2. Contact person responsible for the register
Secretary Lauri Lappalainen sihteeri@tietokilta.fi
3. Register name
Tietokilta's member register.
4. Legal basis and purpose of processing personal data
The legal basis for processing personal data is the controller's legal obligation based on Section 11 of the Association Act (503/1989) in accordance with the General Data Protection Regulation (GDPR). The purpose of processing personal data is to maintain the member register as required by Section 11 of the Association Act (503/1989) and to maintain contact information of the guild's members.
5. Content of the register
The following information is stored in the register:
- Full name
- Place of residence
- Membership in AYY
- Email address
- Membership class
- Membership status
The register does not store information about individuals who are not members of the guild, and such information is deleted within 24 months if the membership is terminated.
6. Regular sources of information
The information to be stored in the register is obtained from the Aalto University Student Union, individuals joining or already joined the guild via online forms, written membership applications, or through Kideapp.
7. Disclosure of information and transfer of data outside the EU or EEA
Google G Suite is used as the data processor. Kideapp also acts as a data processor. Generally, information is not disclosed to third parties. Data is not transferred outside the European Union or the European Economic Area.
8. Principles of register protection
The register is processed with due care. Information is stored electronically only in Google G Suite. Kideapp is also involved in processing the data. The information is accessible only to the relevant members of Tietokilta's board. The controller ensures that access to the register is restricted to authorized personnel.
9. Rights of the data subject
In accordance with the General Data Protection Regulation (GDPR), the data subject has the right to:
- Be informed about the processing of personal data
- Access the data
- Rectify the data
- Erase the data and be forgotten
- Restrict the processing of data
- Data portability
- Object to the processing of data
- Not to be subject to automated decision-making
10. Right to inspection and right to request correction of information
Every individual in the register has the right to inspect their stored information and request correction of any inaccurate data or completion of any incomplete data. If a person wants to inspect the information stored about them or request corrections, the request must be made in writing to the controller. The controller may request the requester to provide proof of identity if necessary. The controller will respond to the data subject within the time limit set by the GDPR (generally within one month).
11. Retention period of register data
The register only retains the information of individuals who are members of Tietokilta. The information of individuals who have resigned or been expelled from the guild will be deleted from the register within a reasonable time, no later than one month after the resignation or expulsion decision.