1. Data Controller
Suomen Yrittäjät ry
00101 Helsinki, Finland
Mannerheimintie 76 A
00250 Helsinki, Finland
This registry is a joint registry used by Suomen Yrittäjät’s (Federation of Finnish Enterprises, FFE) central organization regional divisions and local subdivisions as far as their members are concerned.
Contact information for matters related to the registry
Suomen Yrittäjät / Jäsenrekisteri
00251 Helsinki, Finland
tel. +358 9 229 221
2. Data Subjects
- Member companies and their contact personnel
- Senior members
- Student members
3. The Use of Personal Data
Personal data is processed based on registered memberships.
Personal data shall only be processed for predetermined purposes, which are as follows:
- Registering members
- Digital and other communications towards members
- Offering services and benefits that are included in the membership
- Surveys and studies that help promote the organization’s mission
- Contacting member companies and entrepreneurs on red letter days
- Analytics and statistics
- Carrying out and developing our customer service and operations
4. Data Entered Into the Registry
The member registry contains company data, data on companies’ contact personnel, and senior as well as student members’ personal data.
- Business ID
- Number of employees
- Date when founded
- Visiting-, mail-, and billing addresses
- Phone number
- Email address
- Social media URLs
- Language of business
The member company’s contact personnel, senior members, and student members
- preferred service language
- date of birth
- education data
Contact’s contact information
- phone number
- email address
Data on memberships
- data on join date / becoming a member
- switching between associations
- terminating a membership and the reasons for it
- billing and payment data
- product and order data
- customer feedback and inquiries
5. Rights of the Data Subject
You have the following rights, and if you wish to exercise these rights, send your request to email@example.com.
Right to access your data
You have the right to access the data we have collected regarding yourself. If you notice any errors or lacking information, you may ask us to rectify or complete the data.
Right to object the processing of data
You have, at all times, the right to object the processing of your data if you deem that we have processed your personal data unlawfully or we do not have the right to process some of your data.
Right to the erasure of data
If you feel that it is not necessary for us to process some of your data for our purposes, you have the right to request that we erase the data in question. We will process your request, after which we shall erase your data or inform you of the justification for not erasing the data. Should you disagree with our decision, you have the right to appeal to the Office of the Data Protection Ombudsman (instructions for making an appeal). You also have the right to demand that we restrict the processing of any data under dispute until the case is resolved.
Right to appeal
You have the right to appeal to the Office of the Data Protection Ombudsman if you feel that we are breaking the current privacy and data protection legislation in processing your data (instructions for making an appeal).
6. Data Gathering
Member data is received from:
- The member, directly into the system or by email, telephone, forms, mobile app, or other similar method
- Member procurers through electronic forms or integration
7. Data Sharing
We shall not sell or rent registry data to third parties. We shall only share data with third parties under the following circumstances:
- We may transfer participant/user data to third parties if the participant/user has granted their consent.
- We may share data with our partners so that they can provide member benefits to our members.
- We may share data for use in statistical, academic, or historical research under the condition that the data is converted to a format where data subjects cannot be recognized based on the data.
- In case we undergo a merger or otherwise reorganize our operations, users personal data may be shared within the new organization.
8. Duration of Data Processing
Personal data is processed for as long as the subject remains a member. Member companies’ personnel data is erased 2 years after their membership ends.
9. Data Processors
- Data in the member registry is processed by data processors for Suomen Yrittäjät ry (FFE) and its regional divisions as well as by local subdivisions’ selected representatives and hired employees as far as their member lists are concerned.
- Furthermore, the employees of Sypoint Oy, which is owned by Suomen Yrittäjät, may process data in accordance with the current privacy and data protection legislation.
- We may outsource the processing of personal data to third parties, in which case we ensure by contractual means that personal data shall be processed according to the current data protection legislation and in a professional manner.
10. Data Transfer Outside the EU
Member data shall not be transferred outside the EU or the European economic area.
If any of our partners use servers outside the EU/ETA region in the United States or data is backed up there, we make sure that our service providers are part of the so-called Privacy Shield program between the EU and the U.S.A. (https://www.privacyshield.gov/list), which is meant to ensure the secure processing of European data in the United States.
11. Cookies and Browsing Data
We may collect data on the user’s device through cookies and other similar methods, such as the web browser’s local storage. Cookies are small text files that the web browser stores on the user’s device. Cookies often contain an anonymous, individual identifier, which can be used to identify and count the browsers visiting our website.
Third parties may place cookies on the user’s device to create visitor statistics when the user is visiting our services. The term “third parties” refers to parties other than Suomen Yrittäjät (FFE), such as statistical and tracking service providers.
12. Privacy Terms and Conditions for Mobile Applications
13. Automated Decision-Making and Profiling
We will not use the data for automated decision-making or profiling.
14. Principles for Protecting the Registry
- The secure processing of your personal data is important to us. We take the following measures to ensure that your data is safe.
- A username and password must be entered to log in to the system. The system is also protected by firewalls and other hardware solutions.
- The data stored in the system and in the registry may only be accessed and processed by certain, predetermined employees of the Data Processor.
- Registry use is protected through user-specific logins, passwords, and privileges.
- The registry is stored on a computer at a data center on a server where unauthorized personnel cannot access it.
- The data in the registry is kept in a locked and guarded location.
- The registry is backed up on a regular basis.