PRIVACY POLICY
Personal Data Act (523/99) § 10
EU General Data Protection Regulation 2016/679
Drafted 1 Sep 2022
1. Data controller
Saimaa Geopark ry
2. Name of the register
Customer register of Saimaa Geopark ry
3. The person responsible for the register
Contact person:
Saimaa Geopark ry
Esterinkatu 11
55100 Imatra
saimaageopark@gmail.com
4. Purpose of the register
- Customer relations management
- Information about our services
- Enforcement of marketing prohibitions provided for by law
Processing is based on the management of the customer relationship, the consent of the data subject or the controller's legitimate interests.
5. Data content of the register
The data processed in the register is necessary for the purposes for which the register is intended:
- name and/ or company name
- e-mail address
- Location
- Other information provided by the customer
- Interests and behaviour on the controller's websites and services
- Data relating to the device used by the individual: e.g. terminal device, IP address, operating system and browser
6. Sources of information
Personal data is collected from the data subject for campaigns, forms, feedback and newsletter subscriptions in connection with the collection of data. Cookies are also used to collect information about the use of websites.
7. Disclosure and transfer of data
The data shall not be disclosed without the consent of the data subject except to the extent permitted and required by law or as required by public authorities.
Subcontractors may be used for the performance of the tasks for which the register is intended and data may be transferred outside the EU/EEA if this is necessary for the performance of the service. In such cases, the controller shall ensure, by means of contracts and as required by law, that adequate data protection is ensured.
8. Data retention period
The controller will keep the data only for as long as necessary for the purposes for which the register is intended.
9. Protection of the register
The databases in which the data are stored are technically and physically protected so that they cannot be accessed by third parties. Access to the data is restricted to those who need it for the performance of their duties.
10. Right of access, rectification and erasure
The data subject has the right to withdraw their subscription to the newsletter at any time. The data subject has the right to check what information about them has been entered in the register, the right to request the correction of inaccurate personal data and the right to have their data erased from the register. A request for inspection, correction or deletion must be sent in writing, signed and addressed to the person responsible for the register.
11. Right of transfer and prohibition
The data subject has the right to obtain the personal data concerning them which they have provided to the controller, in a structured, commonly used and machine-readable form, where the processing is based on consent or by contract, and the processing is carried out automatically. The data subject has the right to restriction of processing under Article 18 of the EU General Data Protection Regulation. The transfer and prohibition rights will enter into force on 25 May 2018.
12. Amendments to the privacy policy
The controller reserves the right to update and amend the privacy policy. If required by law, we will inform the data subjects.