Pyöräliitto ry, VAT ID 2662156-9
Iso Roobertinkatu 3-5 A 22, 00120 Helsinki
2. CONTACT PERSON REGARDING THE REGISTER
Iso Roobertinkatu 3-5 A 22, 00120 Helsinki
P. +358 44 2795588
3. RECISTER NAME
Finnis Cyclists’ Federation, Register of participants for the Bikes for Refugees activity.
4. PURPOSE AND LEGAL BASIS OF THE PROCESSING OF PERSONAL DATA
The purpose of the processing of personal data is to maintain the membership register in accordance with the Associations Act (Section 11 of the Associations Act). The general conditions for the processing of personal data are met in accordance with section 4 (1) of the Data Protection Act.
Henkilötietoja käytetään yhteistyöhön liittyvien asioiden hoitamiseen, kuten tapahtumien järjestämiseen ja viestintään. Viestintään käytetään ensisijaisesti sähköpostia. Vaihtoehtoisia yhteystietoja käytetään vain silloin, kun henkilöä ei voida tavoittaa sähköpostitse. Annettuja tietoja käytetään tilastojen tuottamiseen, joita tarvitaan avustuksia myöntäville tahoille raportointiin ja toiminnan kehittämiseen. Tilastot tuotetaan niin, että niistä ei voida tunnistaa yksittäisiä henkilöitä.
Personal information is used to handle matters related to cooperation, such as organizing events and communicating. Email is used primarily for communication. Alternate contacts are only used when the person cannot be reached by email. The information provided will be used to produce the statistics needed for reporting and operational development to grant bodies. Statistics are produced in such a way that they cannot be used to identify individuals.
5. REGISTER INFORMATION CONTENT AND REGULAR SOURCES
As a rule, the data is collected from the registered persons themselves by means of a subscription form or by e-mail (data change requests). The register also collects information automatically generated by information systems, such as log data.
Information given by the registered person
- First name, Last name
- Phone number
- Street Address
Information generated by information systems and other data collected
- Time stamp of the registration
- Log information related to login and data editing
- The site sets only one cookie, which is used by internal analytics to identify returning visitors and pageviews. No other cookies are stored.
6. DATA SECURITY, DATA LOCATION AND STORAGE
The information in the register is treated confidentially and the registers are properly protected from outsiders. Access to the data shall be restricted to those persons designated by the controller who have a justified need to process the data in order to carry out the tasks assigned to them. Data processors are bound by professional secrecy.
The data of the data subject shall be permanently deleted at the latest six months after the end of the activity.
Information processed electronically
The information is stored in the Google Forms electronic form service. The system complies with the requirements of the EU’s General Data Protection Regulation (GDPR). It is monitored around the clock. The security of member information has been ensured, among other things, as follows:
- Network traffic is SSL secured.
- Critical operations are stored in system log files.
Participant data is not transferred outside the EU, but most e-mail and text messages from the Members’ Register are transmitted through US servers.
The data is also stored in Cyclists’ Federation’s internal systems for processing, communication, statistics and control of operations.
7. REGULAR DATA RELEASES
The information may be disclosed to persons involved in the operation. For example, the contact details of the bike donor and the person in need of the bike will be provided to the volunteer who takes care of the bike. Otherwise, the information will not be disclosed to other parties.
8. RIGHTS OF THE DATA SUBJECT
The data subject has the right to inspect, request the rectification and request the deletion of the data concerning him or her and the right to object to or restrict the processing of the data. The request must be made to the person in charge of the register, with whom the method of processing the data will be agreed so that the identity of the requester can be verified. The request for processing personal data must include the name, complete address information and the name of the register.
The data subject has the right to receive the personal data provided to the controller and, if he or she wishes, to transfer such data to another controller. The information is provided in machine-readable form.
The data subject has the right to complain to the data protection authority if the latter considers the processing of personal data to be unlawful.