Register keeper and contact person
Register keeper: Metal Club Mökä ry (”Association”)
Address: PL 69, 02150 Espoo
Email: hallitus [at] mcmoka [dot] fi
Contact person: Member register official Henrik Romppainen
The register includes personal data of the members of the Association (”Data subjects”).
Basis and purpose of personal data processing
The purpose of the register is to maintain and update personal data of the Data subjects during their membership, to maintain and develop the register, and to process the documentation of ended memberships, in the personal data processing system (”System”) that is produced for the Association by Yhdistysavain.
According to Finnish law (Yhdistyslaki 503/1989 11§), the Association has statutory obligation to collect whole name and place of residence from the Data subject. The email address is collected to communicate with the Data subject and to update membership information. Aalto University Student Union (”AYY”) obligates the Association to collect information about the Data subject’s AYY membership for their operating grant. The data about the favorite music is given voluntarily by the Data subject, and it is used to collect anonymous statistics about the favorite music of the Association.
Personal data being processed
The following personal data is collected in the register:
- Whole name of the Data subject
- Place of residence
- Email address
- AYY membership status (yes/no)
- Favorite music
Whole name, place of residence, email address and AYY membership are mandatory collected information, rest of the data is given voluntarily.
Regular data sources
The personal data is collected directly from the Data subject using an Internet form.
Principles of personal data protection and data security
Digitally processed personal data is protected and saved in the Association’s System, which can only be accessed by personnel who need the data to carry out their designated work tasks. For this purpose, these personnel use personal accounts and passwords.
The personal data is protected against usage by outside parties, and the data processing is supervised. Each Data subject has a personal account with password protection. The personal data sent outside the Association is encrypted. The used workstations and storage media are encrypted.
Regular disclosure and transfer of personal data
Personal data is not disclosed to third parties.
Transfer of personal data outside the European Union or the European Economic Area
In the personal data processing, Yhdistysavain may also use other service providers, which are located outside European Union or the European Economic Area. The transfer outside European Union or the European Economic Area is always executed on one of the legal bases, which are listed below:
- The European Commission has decided that the data security level of the recipient country in question is sufficient;
- The Association has implemented appropriate security measures in order to transfer the personal data using The European Commission accepted standard clauses. In this instance, Data subject has the right to get a copy of these clauses by contacting the Association as instructed in the Contact information paragraph; or
- The Data subject has given an explicit consent to transfer their personal data, or the transfer has an other legal basis.
Access to the personal data is not given in any other capacity than necessary to produce the services. The transfer of personal data outside European Union or the European Economic Area is always based on the current personal data processing legislation and is implemented according to this legislation.
Retention period for personal data
The personal data is stored in the register as long as the Data subject is a member of the Association. When the membership ends, the personal data of the Data subject is removed by the Association within 1 month. The personal data is removed from Yhdistysavain system and backups by Yhdistysavain within 6 months.
Rights of the Data subject
Data subject has the right, in compliance with applicable data security legislation, to any time:
- know if their personal data is being processed;
- get access to their own personal data and revise their own personal data processed by the Association;
- demand the correction or completion of inaccurate or incorrect information;
- demand the removal of their personal data;
- revoke their consent and object to the processing of their personal data, as far as the processing is based on their consent;
- object to the processing of their personal data based on a personal special circumstance, as far as the processing is based on legitimate interest of the Association;
- get their personal data in machine-readable form and to transfer the data in question to another register keeper, provided that the Data subject has provided the personal data to the Association themselves, the Association processes the personal data based on the consent of the Data subject, and the processing is implemented automatically; and
- demand restriction of the processing of their personal data.
The right to appeal to control authority
All Data subjects have the right to appeal to appropriate control authority, or the control authority of the European Union member country where the place of residence or place of work of the Data subject is located, if the Data subject sees that their personal data has not been processed according to the applicable data protection legislation.
Metal Club Mökä ry
PL 69, 02150 Espoo