Privacy policy

according to 10§ of the Personal Data Act (523/99) (15 Nov 2018)

13.9.2021

Data Controller

Lääketieteenkandidaattiseura Ry (Business ID: 0201656-7)

PL 63
Haartmaninkatu 8
00014 Helsingin yliopisto.

tiedottaja@lks.fi

Administrator of Customer Register

Customer Service/ Lääketieteenkandidaattiseura Ry

PL 63
Haartmaninkatu 8
00014 Helsingin yliopisto.

tiedottaja@lks.fi

Name of Register

Customer Register of Lääketieteenkandidaattiseura Ry

Purpose and Legal Basis of Personal Data Processing

The purpose of personal data processing consists in managing and maintaining the customer relationship between the company and business customer, keeping in touch with customers, and marketing. The company uses register data for direct marketing, unless the customer has prohibited direct marketing.

The purchase and transaction data, as well as location data processed in the register can also be used for profiling and marketing purposes, as well as for tailoring customer communications for them to be of interest to the data subject. Personal data are also processed in connection with sending of newsletters and participation in events and other marketing activities.

As regards the customer contact person and the customer, processing is carried out to ensure realisation of the Data Controller’s legitimate interest.

If a data subject should fail to provide the requested data required for completion of the contact form, the Data Controller cannot accept the contact form from the data subject or enter into a contact form-related contract between the Data Controller and the data subject.

Personal Data Retention Period

Personal data shall be retained for as long as required for submission of the data subject’s contact form and performance of the related measure. The retention period depends on the need for retention of the data collected; for example, under the Accounting Act, invoicing data must be retained for six years. The data provided in the contact form shall be retained only with the customer’s consent

Data Subject Group Description and Data Content

The Register contains personal information on the company’s business customers.

The form data entered by the data subject may contain the following information, inter alia: e-mail address, telephone number, address.

Regular Sources of Data

Information submitted by contacting persons, the customer information system, and invoicing database.

Regular Release of Data

As a general rule, personal data are not released outside the organisation. Personal data necessary for accounting purposes released to the accounting firm used by Lääketieteenkandidaattiseura Ry.

Nevertheless, personal data may be disclosed based on an agreement between the customer and Lääketieteenkandidaattiseura Ry, customer relationship between the customer and Lääketieteenkandidaattiseura Ry, or legislation in force, incl. to competent authorities.

Data are not transferred outside the EU or the EEA.

Principles of Register Protection

The data retained are technically protected. Physical access to the data is prevented by access control and other security measures. Access to the data requires respective rights and multi-stage authentication. Unauthorised access is also prevented by using firewalls and technical protection, inter alia. Access to register data is restricted solely to the Data Controller and designated technical personnel. Only persons duly appointed have the right to process and maintain register data. The users are bound by the obligation of confidentiality. Register data are backed up safely and can be restored if necessary.

Rights of the Data Subject

  • A data subject has the right to check the personal data stored in the register and to obtain copies thereof. The respective request must be in writing andaddressed to the party responsible for the register (see Administrator of Customer Register).
  • The Administrator of Customer Register shall correct, remove, or supplement any personal data contained in the register that are incorrect, unnecessary, incomplete, or outdated for the purposes of processing, either on its own initiative or at the request of the data subject. For correction of data, the data subject must contact the Data Controller’s Administrator of Customer Register (see Administrator of Customer Register) in writing.
  • To the extent that the processing of personal data is based on the data subject’s consent. The subject can cancel the consent at any time without prejudice to the lawfulness of the processing carried out based on the consent prior to revocation thereof.
  • Submit complaints on personal data processing to the supervisory authority.

Cookies

The user can prevent the use of cookies by changing the browser settings respectively. By this practice, we refer to the European Commission’s press release on the simplest rules for the use of cookies.