Privacy notice for stakeholders
This privacy notice (hereinafter referred to as ‘Notice’) describes how the Koli Forum association collects, processes and discloses personal data in connection with the service (the ‘Service’) provided and the website www.koliforum.fi. Read this Notice carefully before using the Service or browsing the web page.
The controller under the applicable data protection legislation is the Koli Forum association (hereinafter referred to as ‘Koli Forum’, ‘we’, ‘us’ or ‘ours’). Koli Forum is responsible for the processing of your personal data in accordance with this Notice and the applicable data protection legislation.
Contact details of the controller:
Koli Forum association
Address: Maistraatinportti 4 A, 00240 Helsinki, Finland
2. COLLECTION OF PERSONAL DATA
Your personal data may be collected using a variety of methods. As a rule, we collect and process personal data that
• you have disclosed to us when you have been in contact with us or engage in dealings with us, e.g. when you register for or participate in our events, subscribe to our newsletter or contact us for the purpose of requesting information;
• is generated during use of the Service or when visiting the web page, e.g. in connection with logging on to the Service; and
• is obtained from other sources, to the extent permitted by applicable laws, e.g. the trade register, demographic information system, corporate and community information system or postal address system.
You are not obligated to provide us with your personal data, but if you choose not to provide them, we may not be able to offer our Service to you.
We collect and discuss, for example, the following personal data groups:
• Basic information, such as your name, professional title, your relationship with the company you represent and your contact information (email, address and telephone number), and the language you use for your business operations;
• information related to the stakeholder relationship, such as information about the Service and the order, payment information, billing information, marketing authorisations and prohibitions;
• stakeholder communications and related correspondence, and the postings concerning the rights of the data subjects;
• any personal data or information collected in connection with the use of our web page, such as user names, passwords, identification-related information, log information regarding your use of the Service, and information collected on the web page using cookies or similar technologies (device ID and type, operating system and application settings); and
• any other information specified on the basis of your consent.
3. PURPOSE AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
We only collect and process personal data that is necessary for the activities of the association, for managing the stakeholder relationship and for other appropriate purposes. We process your personal data for the following purposes:
1. provision of the Service and management of stakeholder relationships
We process personal data primarily to provide and deliver the Service to you or to the organization you represent. In order to do so we maintain and manage the stakeholder relationship between you or the organization you represent and us. In this case, the processing of personal data is based on an agreement between you or the organization you represent and us. The personal data can be accessed by Koli Forum’s secretariat and the association’s board.
We may contact you to inform you about any new features of the Service or to market and tell you about our other operations. We may also process your personal data for research and survey purposes. The processing of personal data is based on our legitimate interest in providing information as part of the Service and in informing you about our other operations. You have the right to oppose the processing of your personal data at any time (see section 8 of this Notice).
3. Service development, data security and internal reporting
We also process personal data to ensure the data security of the Service and the web page, to improve the quality of the Service and the web page, and to develop the Service. On the basis of personal data, we may also create internal reports for use by our management for the purpose of the proper management of our association. In such cases, the processing of personal data is based on our legitimate interest in ensuring the proper data security of our Service and website, and in obtaining adequate and appropriate information for the purpose of developing the Service and managing our association.
4. Compliance with laws
We may process your personal data in order to fulfil our statutory obligations regarding, e.g. accounting or the implementation of requests for information based on law by the authorities (e.g. the tax authorities).
5. Other purposes for which you have provided your consent
Other purposes for which you have provided your consent
4. TRANSFER AND DISCLOSURE OF PERSONAL DATA
We may disclose personal data to third parties:
• to the extent permitted or required by law, e.g. to carry out a request for information by a competent authority or in connection with legal proceedings;
• when our partners process personal data on commission from us on our behalf and in accordance with our guidelines. We always ensure the proper processing of your personal data:
• when we assess that disclosure is necessary in order to enforce our rights, to protect the safety of you or others, to investigate misuse or to respond to a request from the authorities; and
• at your consent to the parties concerned.
5. TRANSFER OF PERSONAL DATA OUTSIDE THE EU OR EEA
We do not transfer personal data of customers outside the EU and the EEA.
You can read more about cookies here.
7. RETENTION OF PERSONAL DATA
Personal data shall only be retained for as long as it is necessary in order to fulfil the purposes specified in this Notice.
Personal data shall be stored for the duration of the customer relationship or membership of the association. Required parts of personal data may also be stored after the termination of a stakeholder relationship to the extent permitted or required by applicable law. For example, after a stakeholder relationship or membership has ended, we typically retain personal data that is necessary to respond to requirements or claims in accordance with the applicable regulations regarding the period of limitation. We may also, for example, retain personal data to the extent necessary in order to comply with the direct marketing ban you have provided.
Personal data will be erased when their retention is no longer necessary in order to enforce the law or the rights or obligations of either contracting party.
8. YOUR RIGHTS
You have the right to verify your personal data. You can also request rectification, updating or deletion of your personal data at any time. However, please note that any personal data that is necessary for implementing the purposes of use specified in this Notice, or for which the law requires retention, cannot be removed.
You have the right to oppose or restrict the processing of your personal data to the extent required by applicable law.
In accordance with applicable law, in certain cases you have the right to transfer personal data you have disclosed to us from one system to another, i.e. to access your personal data in a structured, generally used, machine-readable format and transfer personal data to another controller.
When we process your personal data on the basis of your consent, you are entitled to revoke your consent at any time. After this, we will no longer process your personal data unless there is another legal basis for the processing.
You can exercise your rights by submitting a request to us at email@example.com. If you feel that the processing of your personal data is inappropriate, you have the right to approach the Data Protection Ombudsman about the matter. The Data Protection Ombudsman’s contact information can be found on the Data Protection Ombudsman’s website:
9. DATA SECURITY
We implement appropriate measures (including physical, digital and administrative measures) to protect personal data from loss, destruction, misuse and unauthorised access or disclosure. For example, access to personal data is limited to persons who need them for the performance of their work tasks.
Please note that even the appropriate measures cannot prevent all possible breaches of data security. In cases of personal data breach, we will notify you in accordance with the applicable laws.
10. CHANGING THE PRIVACY NOTICE
We have the right to amend this Notice. We will notify you of any changes on our website www.koliforum.fi, where you can also find the latest version of this Notice.
11. CONTACT US
To inquire about this Notice or for further details on the processing of your personal data, please contact us by email at firstname.lastname@example.org.