Privacy Policy

Register Holder

Toimiva ry
Niittykatu 5, 78870 Varkaus
info@toimiva.fi

Contact Person for Matters concerning the Register

Sanna Runsala
puh. 0400 438 122
sanna.runsala@toimiva.fi

Name of the Register

Register of participants in Toimiva ry’s group and online coaching.

Registered Persons

Registered persons are persons who register for and participate in Toimiva ry’s activities.

Grounds for and Purposes of Keeping the Register and Processing Personal Data

The grounds for processing personal data in this register are legitimate interest, contract, legal obligations and the consent given by the data subject. Legitimate interest and contract arise in situations where the data subject registers for or participates in an activity or event. The legal obligation is the processing of personal data in accordance with the Accounting Act in invoicing matters and travel and expense reimbursement matters. The purpose of processing personal data is to ensure the necessary contact with participants; planning, organizing, implementing and developing activities and events; collecting feedback; providing information related to activities and events, as well as invoicing and other payment transactions.

Personal Data Processed

The data processed include the name, age, gender, telephone number, email address, billing information, level of education, study/employment status, municipality and information about participation in Toimiva ry’s activities. With the consent of the data subjects, personal data related to life situation and health status that are necessary for participation in the activities may also be collected.

Regular Data Sources

All data is collected directly from the data subjects themselves. With the consent of the data subjects, personal data related to life situation and health status that are necessary for participation in the activities may also be collected.

Disclosure and Transfer of Data

We may only disclose personal data for the purposes specified in this statement to the partners with whom we organise activities and events. In other cases, we may disclose information to third parties if the data subject has given their consent. The information will not be disclosed outside the EU.

Data Protection

The register is processed with care and the processed data is protected appropriately. We ensure that the stored data, server access rights and other personal data are treated confidentially, and all personal data processors are bound by a duty of confidentiality. We use the following safeguards to ensure the security of the processing of personal data:

• Only certain predefined employees of the data controller have access to the data stored in the system and are entitled to use it.
• The systems are protected by firewalls and other technical means.
• Personnel authorized to process personal data have been instructed to act correctly in data protection matters. Backups of digital material are made regularly.

Duration of Data Processing

Personal data is stored for the period required for the follow-up and evaluation of the event or activity. Exceptions include information related to invoicing and participant lists, which are stored for 6 (six) years in accordance with the Accounting Act.

Data Processors

The data processors are employees of Toimiva ry. The data is processed on Microsoft and Webropol Oy software and servers. Microsoft’s servers may also be located outside the EU. All processors are bound by their terms of use to comply with EU data protection regulation. We may also partially outsource the processing of personal data to another third party, in which case we will ensure through contractual arrangements that personal data is processed in accordance with applicable data protection laws and our regulatory framework and otherwise in an appropriate manner.

Automated Decision-making and Profiling

The processing of personal data does not include profiling or automated decision-making.

Rights of Data Subjects

Every data subject has the right

• to inspect the processing of their data, i.e. the right to check the personal data stored in the register. If the data are incorrect or incomplete, the data subject may request that they be corrected or completed.
• to object, i.e. the right to object to the processing of their personal data if the data subject believes that the personal data has been processed unlawfully or without appropriate authorization.
• to erasure, i.e. the right to request that the data stored in the register be deleted. The data subject also has the right to restrict the processing of the data.
• to data portability, i.e. the right to transfer their data from one system to another.
• to lodge a complaint with the Data Protection Ombudsman, if the data subject believes that the processing of personal data has violated applicable data protection legislation.

The data controller may refuse to comply with a request for objection or erasure only on grounds provided for by law. If the data controller does not agree to the data subject’s demands, the data subject has the right to lodge a complaint with the Data Protection Ombudsman. The data subject also has the right to demand that the processing of disputed data be restricted until the matter is resolved.

Contacts

All contacts and requests for information regarding this statement and the register must be made in writing and in person to the contact person named in section two (2). We may only disclose personal data from the register to data subjects whose identity we can verify.

Changes to the Privacy Policy

If we change this statement, we will post the changes in the statement with the date. If the changes are significant, we may also inform you of these changes in other ways, such as by email or by posting a notice on our website. We recommend that you visit our website regularly and note any changes we may make to the statement.

Privacy policy updated on May 15, 2024.