Controller of the register
Purpose of the personal data processing
Yrityssalo shall process the data for the arrangements concerning events, workshops, meetings and travel that fall within its organisational responsibility and are targeted at interest groups and collaboration partners, as well as for any related communication.
Yrityssalo shall also process personal data in connection with other communication targeted at interest groups and collaboration partners, such as surveys, informing and reporting (e.g. newsletters), communicating about various competitions and calls for ideas, as well as providing information on them and marketing them to the target audience, and for purposes connected to direct marketing and digital direct marketing. For the aforementioned purposes, personal data shall also be processed concerning the planning, realisation and development of communication, informing and marketing.
The data subject shall have the right to prohibit direct marketing targeted at him or her.
Basis for data processing
Yrityssalo processes personal data to accomplish its tasks as a business development company. Consent is applied to information provided by persons themselves.
Data content of the register:
- First and last name
- Contact information (postal address, telephone number, e-mail address)
Necessary information relating to the activities, services and events described in section “Purpose of the personal data processing” and to marketing and communication activities, such as service, use, billing, visiting, marketing authorisation and authentication data.
The data available in connection with the use of the Services:
- IP-address / other indentification
- Information collected about the use of online services
- Information collected through cookies
Data content may vary by service.
Regular data sources
Personal data shall be collected from public sources, such as organisation websites, from the data subject and in connection with various events organised by Yrityssalo. In addition, with the person’s consent, personal data can be retrieved from Yrityssalo’s other information systems and registers insofar as the personal data are owned by Yrityssalo.
Data are also created as part of Yrityssalo’s activities when a person participates in events and meetings and when communication is targeted at this person.
Google Analytics is used on the website.
The collected data shall be retained only for the duration and to the extent necessary for the original or compatible purposes for which the data was compiled.
Recipients of personal data (recipient categories) and the regular disclosure of data
The personal data contained in the register can be disclosed to third persons or organisations for purposes related to the organisation, implementation and/or follow-up communication of an event. The parties are identified on a case-by-case basis in connection with the invitations and/or registration.
Transferring data outside of the EU or the EEA
The data contained in the register shall be transferred outside of the EU or the EEA. When transferring personal data, Yrityssalo observes the model contract clauses approved by the European Commission concerning the transfer of personal data to third countries, implements other appropriate protection measures as necessary or ensures that the adequate level of data protection is guaranteed in the third country.
Register protection principles
Any physical data material containing personal data shall be retained in a locked facility that can only be accessed by appointed persons whose duties require access authority.
The databases containing personal data are on servers which are kept in locked facilities that can only be accessed by appointed persons whose duties require access authority. The servers are protected by an appropriate firewall and technical protection.
The databases and systems can only be accessed with separately granted personal user IDs and passwords.
Rights of the data subject
The data subject shall have the following rights laid down in the EU’s General Data Protection Regulation.
- The right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
- the purposes of the processing
- the categories of personal data concerned
- the recipients or recipient groups to whom personal data have been disclosed or will be disclosed
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
- the right to lodge a complaint with a supervisory authority
- where the personal data are not collected from the data subject, any available information as to their source
- the existence of automatic decision-making and relevant information about the logic related to such processing, as well as the relevance of this processing and its possible consequences for the data subject.
- The right to cancel consent at any time without this affecting the lawfulness of the processing performed on the basis of the consent.
- The right to demand that the controller rectify without undue delay any inaccurate and erroneous personal data on the data subject and the right to have incomplete personal data completed.
- The right to obtain from the controller the erasure of the personal data concerning the data subject without undue delay in situations determined in the EU’s General Data Protection Regulation.
- The right to obtain from the controller restriction of processing in situations determined in the EU’s General Data Protection Regulation.
- The right to receive the personal data concerning him or her, which the data subject has provided to Yrityssalo, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, if the processing is based on the consent referred to in the Regulation and the processing is carried out automatically.
- The right to file a complaint with the supervisory authority if the data subject considers that the processing of the personal data concerning him or her violates the EU’s General Data Protection Regulation.
- The right to prohibit direct marketing targeted at him or her.