We reserve the right to change this data protection policy. All changes are reported on this page where you can always obtain the latest version of the policy. Updated February 5, 2020.
1. The Finnish Business School Graduates, registered association
Ratavartijankatu 2, 00520 Helsinki
tel. 020 693 200
2. Affiliates of business school graduates
3. Affiliates of business school students
The Finnish Business School Graduates, registered association, maintains a member register on behalf of its affiliates and thereby processes personal data stored in that register.
Purpose of processing personal data / legal basis
Personal data is processed for the management of membership and member services, protection of members’ interests on the labour market and society in general, member communication, maintenance of member register and invoicing of membership fees.
The use of member register is based on the statutory obligation of an association to maintain a record of its members (Associations Act 11 §), on the agreement between the association and its member and on the legitimate interest of the association such as member relationship.
Regular data sources
Basic personal data is received from the application form submitted by the member and from data issued by the data subject when using online services. Degree data is received from the records of business schools and universities and permanent changes of address from the register of the maintenance service of Posti Group (the main Finnish postal service).
Finnish Business School Graduates
The Finnish Business School Graduates (formerly known as SEFE, The Finnish Association of Business School Graduates), originally founded in 1935, is a central organization for graduates and students in economics and business administration. The Finnish Business School Graduates has over 50,000 individual members. The Finnish Business School Graduates consists of 25 regional associations and 13 student societies.
Data protection Officer
Register’s data content
Following data may be stored in the register:
- Last name, first names
- Personal identity code
- Contact information: address, telephone number, email address
- Member number
- Membership data, membership start and end date, reason for leaving
- Membership fee data
- Education and employment data
- Information on provided services
- Information on signing in and participation in events
- Positions of trust in The Finnish Business School Graduates affiliates and information thereof
Data on business school graduates:
- Last name, first names
- Date of birth or personal identity code
- Contact information: address, telephone number, email address
- Degree, university, date of graduation
Kauppatieteellisen tutkinnon suorittaneiden tiedot:
- Sukunimi, etunimet
- Syntymäaika tai henkilötunnus
- Yhteystiedot: osoite, puhelinnumero, sähköpostiosoite
- Tutkinto, yliopisto, valmistumisaika
Data retention times are determined as follows:
Personal data shall be kept only as long as it is necessary for the purposes for which it is being processed, as defined in this data protection policy.
- Personal data shall be kept for the duration of membership
- Member information shall be kept for a maximum of 10 years from the termination of membership
- Personal data related to personal member service shall be kept for a maximum of 10 years from the provision of that service
- Event attendace information for five years
- Degree data shall be kept permanently for the purposes of the alumni catalogue
Personal data may be kept, in so far as is necessary, also after the termination of membership to the extent allowed or required in the applicable law, or if contractual obligations towards third parties require a longer retention time. After the termination of membership for example such personal data which is necessary to respond to claims in accordance with the applicable regulations of prescription, may be stored.
Personal data shall be erased when its retention is no longer necessary for the purposes of law or for the enforcement of rights and obligations of either of the parties.
Safeguarding the register
Regular release of data
We submit contact information to the following cooperation partners for the provision of member benefits and services:
- KOKO unemployment fund (former IAET unemployment fund)
- Publishing companies (only for the provision of member benefits based on cooperation agreement)
- Banks and insurance companies (only for the provision of member benefits based on cooperation agreement)
- Federation of Professional and Managerial Staff (YTN)
- Negotiation Organisation for Public Sector Professionals
- Subcontractors, such as system providers of online services
On the basis of the Associations Act, an association is obliged to maintain a record of its members and therefore submitting personal data is a prerequisite for membership. Personal data is also needed for the provision of member services and member benefits. Without the release of necessary personal data the agreed member service or benefit could not be provided.
Data may be released for direct marketing of member services and benefits related to professional development. Members may forbid the release of personal data for the purposes of direct marketing related to professional development.
Data transfer outside the EU or EEA
As a rule, personal data is stored within the EU or European Economic Area. Personal data may be transferred outside the EU/EEA when the cooperation partner in charge of the mandate is established outside of these areas. In that case, appropriate safeguarding of personal data is ensured in a manner set out in the respective data protection legislation such as the EU General Data Protection Regulation.
Principles of safeguarding the register
We only collect such personal data which is essential and necessary for the processing purpose and maintenance of member relationship. Data is not collected or stored in larger quantities or for longer than necessary for the purpose concerned.
Files containing personal data are safeguarded by appropriate technical solutions and access to personal data is only granted to persons authorised by the data controller. Access to data, programmes and systems is restricted to persons in charge by technical means (user ids, passwords).
We use secured internet connection (https).
Register data is stored in databases on the basis of agreements with separate service providers. Service providers shall keep the backup copies of register data in locked and secured premises.
Manual data shall be filed in locked archive premises.
Premises shall be locked and entrance to them shall be controlled.
Data processors are subject to a non-disclosure agreement and thereby may not release the processed data further.
Right to inspection
Member has the right to know, on request, whether the association processes his or her personal data. If the member’s personal data is processed, he or she has the right to inspect the respective data stored in the member register. Right to inspection shall be free of charge when enforced not more than once per year.
Inspection request shall be addressed to the person responsible for register matters (see contact information on this page) or by email at firstname.lastname@example.org. The request shall be submitted on a signed or otherwise secured document, or with the data controller in person. The requested information shall be mailed to the address stored in the member register.
Right to rectification
Member has the right to request rectification of inaccurate, incorrect or obsolete data or, in certain situations, erasure of such data. Rectification request shall be submitted in writing and with sufficient precision.
Rectification request shall be addressed to the person responsible for register matters (see contact information on this page) or by email at email@example.com.
Other rights related to processing of personal data
Member has the right to request restriction of processing personal data, for example, if he or she is expecting a response from the association on request of erasure or rectification of personal data.
Member has the right to object the processing of his or her personal data if the basis of processing is the legitimate interest of the association, or if personal data is used for direct marketing purposes.
If the member himself/herself has submitted personal data to the data controller he or she has the right to request transfer of that data to another data controller if the basis of processing data is a contractual arrangement or the data processing is automatic. Transfer rights do not therefore apply to manually archived data or personal data received from other sources than the data subject himself/herself.
Member has the right to appeal to the competent appeal authority when he or she considers that his or her rights based on the General Data Protection Regulation have been infringed upon.
Requests related to above-mentioned rights of the data subject shall be addressed in writing to the person responsible for register matters (see contact information on this page), or by email at firstname.lastname@example.org.