Data Protection Notice, stakeholders

1. Controller and contact information

Controller: Crisis Management Initiative ry (“Association”)
Address: Eteläranta 12, 00130 HELSINKI, Finland
Phone: +358 75 755 1800
E-mail: cmi.helsinki@cmi.fi

Contact person for data register issues: Maria Lätti (HR Manager) and Johannes Laaksonen (Security Advisor)

2. Basis and purpose of the processing of personal data

The purpose of the data register is the management of the personal data of the Association’s various stakeholders.

By stakeholders in this data register, we mean the networks of private persons (including participants or potential participants of events and meetings) related to the implementation of the Association’s operations, as well as private donors and various private individuals interested in the Association’s activities.

The purpose of the data register is to manage and enable the contacts, transactions, communications, marketing, reporting and other measures related to the management of the relationship between the Association and the person.

The data included in the register can also be used for profiling and for targeting marketing measures and communications on the basis of the data subject’s interests. Personal data is also processed, for example, for the purpose of sending various types of newsletters and in connection with event invitations and participation in events.

The basis of the processing of personal data is the legitimate interest based on the relationship between the person and the Association.

3. Personal data to be processed

The data processed in the register includes personal data and contact information and other required data of the Association’s stakeholders, such as data related to participation in an event or meeting or data related to donations. Only a limited amount of data is collected in the extent required for the maintenance of the relationship and the implementation of related activities.

4. Regular sources of information

Personal data is collected primarily from the data subject him- or herself, and also obtained from co- operation partners, stakeholder representatives and, if required, from other sources.

5. Data security and protection of personal data

Personal data is stored locked facilities or in data systems which information security is constantly monitored and developed. The processing of data is restricted only to the persons needing such data. Those persons process data under a confidentiality obligation.

6. Regular disclosure and transfer of personal data

Personal data is disclosed to any third parties only under carefully determined situations in order to fulfil the requirements of the relationship. The Association can outsource the processing of personal data to service providers.

7. Transfer of personal data outside the European Union or the European Economic Area

Transfer of personal data outside the EU/EEA is always based on valid legislation on the processing of personal data and implemented in accordance with such legislation. Transfer of personal data outside the EU may be necessary in order to organise the Association’s operations or to enable the activities of the service providers.

8. Retention period of personal data

Personal data is stored for as long as it is necessary to fulfil the maintenance of the said relationship and the implementation of related activities. The data will be deleted when the case-specifically determined retention period has expired.

9. Rights of the data subject

A person included in a data register has the right, for example:

  • to access the data concerning him or her and the right to inspect the data concerning him or her that has been stored in the data register
    • The controller can, on its own initiative or at the data subject’s request, supplement, rectify or delete any incomplete, inaccurate or outdated personal data.
    • A data subject can also submit a request to the Association to inspect or rectify data.
  • to demand the deletion of his or her personal data or the right to restrict the processing of his or her personal data in accordance with valid data protection legislation
    • The data subject must submit a request to the Association on the implementation of the rights mentioned above. The Association can request the data subject to specify his or her request in writing and to verify his or her identity prior to processing of the request.
    • The Association can deny the implementation of a request on the basis of the provisions set forth in applicable legislation.
  • to submit a complaint to the supervisory authority on issues related to the processing of his or her personal data.

 

10. Amendments to this data protection notice

This data protection notice can be updated, for example, in cases of any amendments of the law. This data protection notice was last updated on 22 May 2018.