We reserve the right to change this data protection policy. All changes are reported on this page where you can always obtain the latest version of the policy. Updated November 12, 2019.
1. The Finnish Business School Graduates, registered association
Ratavartijankatu 2, 00520 Helsinki
tel. 0201 299 299, firstname.lastname@example.org
2. Affiliates of business school graduates
Affiliates of business school graduates
3. Affiliates of business school students
Affiliates of business school students
The Finnish Business School Graduates, registered association, maintains a member register on behalf of its affiliates and thereby processes personal data stored in that register.
Personal data is processed for the management of membership and member services, protection of members’ interests on the labour market and society in general, member communication, maintenance of member register and invoicing of membership fees.
The use of member register is based on the statutory obligation of an association to maintain a record of its members (Associations Act 11 §), on the agreement between the association and its member and on the legitimate interest of the association such as member relationship.
Basic personal data is received from the application form submitted by the member and from data issued by the data subject when using online services. Degree data is received from the records of business schools and universities and permanent changes of address from the register of the maintenance service of Posti Group (the main Finnish postal service).
Personal data shall be kept only as long as it is necessary for the purposes for which it is being processed, as defined in this data protection policy.
Personal data may be kept, in so far as is necessary, also after the termination of membership to the extent allowed or required in the applicable law, or if contractual obligations towards third parties require a longer retention time. After the termination of membership for example such personal data which is necessary to respond to claims in accordance with the applicable regulations of prescription, may be stored.
Personal data shall be erased when its retention is no longer necessary for the purposes of law or for the enforcement of rights and obligations of either of the parties.
We submit contact information to the following cooperation partners for the provision of member benefits and services:
On the basis of the Associations Act, an association is obliged to maintain a record of its members and therefore submitting personal data is a prerequisite for membership. Personal data is also needed for the provision of member services and member benefits. Without the release of necessary personal data the agreed member service or benefit could not be provided.
Data may be released for direct marketing of member services and benefits related to professional development. Members may forbid the release of personal data for the purposes of direct marketing related to professional development.
As a rule, personal data is stored within the EU or European Economic Area. Personal data may be transferred outside the EU/EEA when the cooperation partner in charge of the mandate is established outside of these areas. In that case, appropriate safeguarding of personal data is ensured in a manner set out in the respective data protection legislation such as the EU General Data Protection Regulation.
We only collect such personal data which is essential and necessary for the processing purpose and maintenance of member relationship. Data is not collected or stored in larger quantities or for longer than necessary for the purpose concerned.
Files containing personal data are safeguarded by appropriate technical solutions and access to personal data is only granted to persons authorised by the data controller. Access to data, programmes and systems is restricted to persons in charge by technical means (user ids, passwords).
We use secured internet connection (https).
Register data is stored in databases on the basis of agreements with separate service providers. Service providers shall keep the backup copies of register data in locked and secured premises.
Manual data shall be filed in locked archive premises.
Premises shall be locked and entrance to them shall be controlled.
Data processors are subject to a non-disclosure agreement and thereby may not release the processed data further.
Member has the right to know, on request, whether the association processes his or her personal data. If the member’s personal data is processed, he or she has the right to inspect the respective data stored in the member register. Right to inspection shall be free of charge when enforced not more than once per year.
Inspection request shall be addressed to the person responsible for register matters (see contact information on this page) or by email at email@example.com. The request shall be submitted on a signed or otherwise secured document, or with the data controller in person. The requested information shall be mailed to the address stored in the member register.
Member has the right to request rectification of inaccurate, incorrect or obsolete data or, in certain situations, erasure of such data. Rectification request shall be submitted in writing and with sufficient precision.
Rectification request shall be addressed to the person responsible for register matters (see contact information on this page) or by email at firstname.lastname@example.org.
Member has the right to request restriction of processing personal data, for example, if he or she is expecting a response from the association on request of erasure or rectification of personal data.
Member has the right to object the processing of his or her personal data if the basis of processing is the legitimate interest of the association, or if personal data is used for direct marketing purposes.
If the member himself/herself has submitted personal data to the data controller he or she has the right to request transfer of that data to another data controller if the basis of processing data is a contractual arrangement or the data processing is automatic. Transfer rights do not therefore apply to manually archived data or personal data received from other sources than the data subject himself/herself.
Member has the right to appeal to the competent appeal authority when he or she considers that his or her rights based on the General Data Protection Regulation have been infringed upon.
Requests related to above-mentioned rights of the data subject shall be addressed in writing to the person responsible for register matters (see contact information on this page), or by email at email@example.com.