Privacy policy

The privacy policy tells how Sähkökilta collects, retains and uses personal data required for the operation of the guild.

Privacy Policy

This is the privacy policy of Sähkökilta ry. It complies with the Finnish Personal Data Act (Sections 10 and 24) and the General Data Protection Regulation (GDPR) of the EU. Written on 25 May 2018. Last modified on 29 January 2019.

1. Data controller

Sähkökilta ry, Korkeakoulunkatu 3, 33720 Tampere, Finland


2. Data controller’s representative

Niko Kangasniemi

Chair of the Board


3. Register’s administrator

Anton Nguyen


4. Name of the register

Membership register of Sähkökilta ry.

5. Legal basis and purpose of the processing of personal data

List of the association’s members under section 11 of the Associations Act.

6. Data content of the register

The data entered into the register consists of the member’s full name, home municipality, e-mail address, and degree programme.

7. Regular sources of data

The collected data is obtained either from the members themselves or from the Student Union of Tampere University.

8. Disclosure of data

The data may be disclosed to the board and personnel of Sähkökilta ry.

9. Principles of data protection

The contents of the register are protected and processed with due care.

10. Right of access to data and right to rectification

Persons included in the membership register have the right to know what information has been collected from them and entered into the register and to request the rectification of incorrect data. The request to access data must be made in writing to the register’s administrator.

Data security

General information

The Guild keeps a membership register and has a related privacy policy (a document that defines the data controller, data processor, and the purpose of the collection of data). The Guild is the data controller of the membership register. The Guild may change the place where the personal data is stored, but the authority to process data must remain with the Guild even if the storage of data is outsourced.

GDPR update

Key principles:

  • the collected data must be necessary,
  • the data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

Data subjects (guild members) have the right to access their data. In the event of a data leak, the Guild has a duty to notify both the authorities and the member(s) concerned within 72 hours.

Privacy Policy for Event Registration

I Contact person in matters concerning the processing of personal data

Sähkökilta ry (data controller)

Korkeakoulunkatu 3, 33720 Tampere, Finland

Niko Kangasniemi

Chair of the Board


II Basis and purpose of the processing of personal data

Data subjects consent to the processing of their personal data for the purposes of organising the event. The legal basis for the processing of personal data is the consent of the data subject under the General Data Protection Regulation.

The collected personal data is used in event communication and to support the organisation of the event.

III Types of personal data collected

We collect and process the following personal data that is relevant for our purposes:

  • Person's name
  • E-mail address
  • Food and drink preferences

Data subjects are not subject to automated decision-making (profiling).

IV Regular sources of data

Personal data is obtained through Google Forms.

V Retention period

The data controller keeps the data subject's personal data only for as long as it is necessary to fulfil the purposes specified in section II.

VI Processors of personal data

The data is processed by the board and personnel of Sähkökilta ry, and by other persons entitled to the collected data.

VII Transfers of personal data outside the EU or the EEA

The data is not transferred outside the EU or the EEA.

VIII Disclosure of personal data

The data controller does not sell or lease the data subject's personal data to third parties.

IX Rights of the data subject

The data subject has the following rights:

  • Right to access their data and request the rectification of data.
  • Right to erasure. However, the data cannot be erased if the erasure would prevent the data controller from fulfilling its legal obligations.
  • Right to restrict the processing of data.
  • Right to object to the processing of data.
  • Right to transfer their data to another system.

To exercise their rights, the data subjects must contact the data controller defined in section I.

X Principles of data protection

All manually processed data included in the register is stored in locked facilities. Digitally stored data is located on a server that is protected by technological means. Access to the data is limited to persons whose duties require the use of the data.

We use cookies

This website uses cookies, including third-party cookies, only for necessary purposes such as saving settings on the user's device, keeping track of user sessions and for providing the services included on the website. This website also collects other data, such as the IP address of the user and the type of web browser used. This information is collected to ensure the operation and security of the website. The collected information can also be used by third parties to enable the ordinary operation of the website.