Suomen Yrittäjät member register privacy statement
Suomen Yrittäjät ry
Mannerheimintie 76 A
Contact details for membership matters
Suomen Yrittäjät / Member register
PL 19100251 Helsinkij
p. 09 229 221
2. Data subjects
- Member businesses and their contact details
- Retiree membersStudent members
- Honorary and support members
3. Basis and purpose for maintaining the register
Personal data are processed on the basis of the data subject’s membership.
Personal data are only processed for purposes defined in advance, which are the following:
- Registering members
- Electronic and other communications
- Providing services and benefits related to membership
- Surveys and studies which advance the purpose of the organization
- Congratulating member businesses and business owners on significant anniversaries
- Analysis and statistics
- Providing and developing customer service and activities
4. Data stored in the register
The member register includes data on both businesses and businesses’ contact persons, as well as retiree and student members’ personal data.
- basic business data
- business ID
- sectoral datanumber of employees
- business registration date
- public registration data from the Business Information System
contact details for the business
- visiting, postal and invoicing address
- telephone number
- social media links
- contact language
Member businesses’ contact persons, retiree members and student members
- service language
- date of birth
- study information
contact persons’ contact details
- telephone number
- data of joining
- change of local society
- end of membership and reasons for same
- invoicing and payment data
- product and order data
- customer feedback and contact
- communications monitoring data
5. Data subject’s rights
You, the data subject, have the following rights. If you have questions about exercising them, contact: firstname.lastname@example.org.
Right of inspection and rectification
You have the right to check the personal data we store about you. If you notice any inaccuracies or defects in your data, you can ask us to correct or complete the data correctly.
Right of objection
You have the right to object to the processing of your personal data at any time if you feel that we have processed your personal data unlawfully or that we do not have the right to process some of your personal data.
Right of withdrawal
With email marketing, you can always refuse to be the recipient of marketing efforts any longer.
If you feel that processing some of your data is not necessary for our tasks, you have the right to ask us to erase such data. We will process your request, after which we will either erase your data or provide you with a justified reason the data cannot be erased. If you disagree with our decision, you have the right to file a complaint with the Data Protection Ombudsman (guidelines on how to file a complaint here). You also have the right to demand that we restrict the processing of controversial data until the matter is resolved.
Right of appeal
You have the right to file a complaint with the Data Protection Ombudsman if you feel that we violate existing data protection legislation when we process your personal data (guidelines on how to file a complaint).
6. Regular sources of data
Data about the member are obtained, as a rule:
- From the member directly submitting data to a system, or by email, telephone, form, mobile app or in other similar situations in which the member discloses his or her data
- From members through an electronic form or integration
- From reactions to messages sent to members and from participation in the organization’s events
- From public data available in the Business Information System (ytj.fi)
7. Regular disclosure of data
We do not sell or rent data from the member register to third parties. We disclose data to third parties only in the following cases:
- We may disclose the data subject’s data to third parties if the data subject has given his or her consent.
- We can disclose data to partners so that they can offer membership benefits to member businesses.
- We may disclose data for statistical, scientific or historical research, provided that the data have been changed to such a form that makes the object of the data is unidentifiable.
- If we merge or otherwise reorganize our operations, the data subject’s personal data may be disclosed within the new organization.
8. Duration of processing
Personal data will be processed for as long as the membership is valid. Personal data on a member business shall be erased 2 years after the end of membership.
9. Processors of personal data
- The data in the member register are processed by Suomen Yrittäjät ry and its regional associations, as well as holders of positions of trust and employees of local societies, in respect of their own member lists.
- In addition, employees of Sypoint Oy, owned by Suomen Yrittäjät ry, can process the data in accordance with current data protection legislation.
- We can also partially outsource the processing of personal data to a third party, in which case we guarantee through contractual arrangements that personal data will be processed in accordance with the applicable data protection legislation and otherwise appropriately.
We regularly use the following service providers:
10. Transfer of data outside the European Union
As a rule, we choose as data storage sites secure data centres in Europe.
Some of these service providers may back up data outside the European Union/European Economic Area in the United States. The data is backed up to protect your data even in situations where the main servers fail.
We ensure that our service providers have joined the EU–US Privacy Shield (https://www.privacyshield.gov/list), the aim of which is to ensure the security of EU citizens’ data processing in the US.
11. Cookies and browsing monitoring
We may collect data on the data subject’s terminal device using cookies and other similar technologies, such as the local browser repository. A cookie is a small text file that the browser stores on the data subject’s device. Cookies often contain an anonymous, unique identifier that allows us to identify and calculate the browsers used to visit our website.
Third parties may set cookies on a data subject’s device when the data subject visits our services in order to record the number of visitors to different websites. “Third parties” refer to bodies other than Suomen Yrittäjät ry, such as providers of measurement and monitoring services.
We ask for consent to use targeting cookies, performance cookies and functional cookies. At any time, the data subject has the right to withdraw cookie consent or to change his or her own cookie settings. Cookie settings can be changed via the link below.
Our services may also contain links to other websites and social networks, but we are not responsible for the privacy policies or content of these external websites. We recommend that you read the privacy terms and conditions of these services.
12. Privacy protection terms for mobile applications
13. Principles for the protection of the register
The safe handling of your personal data is important to us. We will use the following safeguards to ensure the security of your data.
The data contained in the register and entered in the system shall be accessible and authorised only by certain predefined controller employees.
- The use of the register is protected by user-specific identifiers, passwords and access rights.
- The system is also protected by firewalls and other technical means.
- The register is located on a computer in a data centre on a server which unauthorized persons cannot access.
- The data contained in the register are located on locked and guarded premises.
- The register is regularly backed up.
Updated June 2020