Privacy Policy
This is the privacy policy of Sähkökilta ry. It complies with the Finnish Personal Data Act (Sections 10 and 24) and the General Data Protection Regulation (GDPR) of the EU. Written on 25 May 2018. Last modified on 29 January 2019.
1. Data controller
Sähkökilta ry, Korkeakoulunkatu 3, 33720 Tampere, Finland
SA101
2. Data controller’s representative
Kaisa Vornanen
Chair of the Board
pj(at)skilta.fi
3. Register’s administrator
Paju Virtanen
viestintavastaava(at)skilta.fi
4. Name of the register
Membership register of Sähkökilta ry.
5. Legal basis and purpose of the processing of personal data
List of the association’s members under section 11 of the Associations Act.
6. Data content of the register
The data entered into the register consists of the member’s full name, home municipality, e-mail address, and degree programme.
7. Regular sources of data
The collected data is obtained either from the members themselves or from the Student Union of Tampere University.
8. Disclosure of data
The data may be disclosed to the board and personnel of Sähkökilta ry.
9. Principles of data protection
The contents of the register are protected and processed with due care.
10. Right of access to data and right to rectification
Persons included in the membership register have the right to know what information has been collected from them and entered into the register and to request the rectification of incorrect data. The request to access data must be made in writing to the register’s administrator.
Data security
General information
The Guild keeps a membership register and has a related privacy policy (a document that defines the data controller, data processor, and the purpose of the collection of data). The Guild is the data controller of the membership register. The Guild may change the place where the personal data is stored, but the authority to process data must remain with the Guild even if the storage of data is outsourced.
GDPR update
Key principles:
- the collected data must be necessary,
- the data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data subjects (guild members) have the right to access their data. In the event of a data leak, the Guild has a duty to notify both the authorities and the member(s) concerned within 72 hours.