Hevay is the way!

Privacy policy – Metal Club Mökä’s member register


  • Register keeper and contact person


Register keeper: Metal Club Mökä ry (”Association”)

Address: PL 69, 02150 Espoo

Email: hallitus [at] mcmoka [dot] fi

Contact person: Member register official Henrik Romppainen


  • Data subjects


The register includes personal data of the members of the Association (”Data subjects”).


  • Basis and purpose of personal data processing


The purpose of the register is to maintain and update personal data of the Data subjects during their membership, to maintain and develop the register, and to process the documentation of ended memberships, in the personal data processing system (”System”) that is produced for the Association by Yhdistysavain.


According to Finnish law (Yhdistyslaki 503/1989 11§), the Association has statutory obligation to collect whole name and place of residence from the Data subject. The email address is collected to communicate with the Data subject and to update membership information. Aalto University Student Union (”AYY”) obligates the Association to collect information about the Data subject’s AYY membership for their operating grant. The data about the favorite music is given voluntarily by the Data subject, and it is used to collect anonymous statistics about the favorite music of the Association.


  • Personal data being processed


The following personal data is collected in the register:

  • Whole name of the Data subject
  • Place of residence
  • Email address
  • AYY membership status (yes/no)
  • Favorite music


Whole name, place of residence, email address and AYY membership are mandatory collected information, rest of the data is given voluntarily.


  • Regular data sources


The personal data is collected directly from the Data subject using an Internet form.


  • Principles of personal data protection and data security


Digitally processed personal data is protected and saved in the Association’s System, which can only be accessed by personnel who need the data to carry out their designated work tasks. For this purpose, these personnel use personal accounts and passwords.


The personal data is protected against usage by outside parties, and the data processing is supervised. Each Data subject has a personal account with password protection. The personal data sent outside the Association is encrypted. The used workstations and storage media are encrypted.


  • Regular disclosure and transfer of personal data


Personal data is not disclosed to third parties.


The register is produced for the Association by Yhdistysavain. The personal data is transferred to Yhdistysavain in order to maintain the register. Yhdistysavain may transfer the personal data to other service providers to produce the System. The partner in charge of the technical production of the register may transfer the personal data according to applicable personal privacy legislation and this privacy policy.


The privacy policy of Yhdistysavain (in Finnish): https://www.yhdistysavain.fi/tietosuojaliite/


  • Transfer of personal data outside the European Union or the European Economic Area


In the personal data processing, Yhdistysavain may also use other service providers, which are located outside European Union or the European Economic Area. The transfer outside European Union or the European Economic Area is always executed on one of the legal bases, which are listed below:


  • The European Commission has decided that the data security level of the recipient country in question is sufficient;
  • The Association has implemented appropriate security measures in order to transfer the personal data using The European Commission accepted standard clauses. In this instance, Data subject has the right to get a copy of these clauses by contacting the Association as instructed in the Contact information paragraph; or
  • The Data subject has given an explicit consent to transfer their personal data, or the transfer has an other legal basis.


Access to the personal data is not given in any other capacity than necessary to produce the services.  The transfer of personal data outside European Union or the European Economic Area is always based on the current personal data processing legislation and is implemented according to this legislation.


  • Retention period for personal data


The personal data is stored in the register as long as the Data subject is a member of the Association. When the membership ends, the personal data of the Data subject is removed by the Association within 1 month. The personal data is removed from Yhdistysavain system and backups by Yhdistysavain within 6 months.


  • Rights of the Data subject


Data subject has the right, in compliance with applicable data security legislation, to any time:


  • know if their personal data is being processed;
  • get access to their own personal data and revise their own personal data processed by the Association;
  • demand the correction or completion of inaccurate or incorrect information;
  • demand the removal of their personal data;
  • revoke their consent and object to the processing of their personal data, as far as the processing is based on their consent;
  • object to the processing of their personal data based on a personal special circumstance, as far as the processing is based on legitimate interest of the Association;
  • get their personal data in machine-readable form and to transfer the data in question to another register keeper, provided that the Data subject has provided the personal data to the Association themselves, the Association processes the personal data based on the consent of the Data subject, and the processing is implemented automatically; and
  • demand restriction of the processing of their personal data.


The Data subject must present the request to use these rights according to the Contact information  paragraph of this privacy policy. The Association may ask the Data subject to elaborate their request in writing and verify the identity of the Data subject before processing the request. The Assocation may refuse to fulfill the request based on applicable legislation.


  • The right to appeal to control authority


All Data subjects have the right to appeal to appropriate control authority, or the control authority of the European Union member country where the place of residence or place of work of the Data subject is located, if the Data subject sees that their personal data has not been processed according to the applicable data protection legislation.


  • Contact information


Requests to use Data subject rights, questions about this privacy policy, and other contacts should be made via email to the board address of the Association: hallitus [at] mcmoka [dot] fi. Data subject may also personally or in writing contact the Association using the address below:


Metal Club Mökä ry

PL 69, 02150 Espoo


  • Changes to this privacy policy


This privacy policy may be updated from time to time, for example when the legislation changes. This privacy policy has been updated 30.03.2021.

JSN Tendo template designed by JoomlaShine.com