PRIVACY POLICY

Privacy statement for the Communications Register


Controller

Address
Vesijärvenkatu 11 A,
15140 LAHTI

Other contact information
+358 29 525 0800

Controller’s representative

Name
Helena Berg, Susanna Mäenpää

Address
Vesijärvenkatu 11 A, 15140 LAHTI

Other contact information
viestinta.ara@ara.fi

Data protection officer

Name
Hanne Vikström

Contact information
tietosuojavastaava.ara@ara.fi

Name of register

ARA Communications Register / International Social Housing Festival (ISHF)

Purpose of processing

The purpose of the register is the transmission of information, marketing, communications and contact with ARA’s customers and stakeholders. The processing of information is based on consent and / or the legitimate interest of the controller.

The data in the register may also be used for stakeholder studies that are in the legitimate interest of the controller.

Data content of the register

Individual’s details:
• newsletter: name, email address for newsletter subscription

• event participant register:
name, organization, email address

Categories of personal data recipients to whom personal data have been or will be disclosed

Data may be disclosed only to the extent required and permitted by the legislation in force or on the basis of the consent given by the data subject.

The newsletter service processes the personal data for newsletter subscribers, while the personal data of event participants are processed by the event management service.

Transfer of personal data to a third country or international organisation

The data are not transferred outside the EU or the EEA, nor are they transferred to international organisations.

Retention time of personal data

Newsletter register:

Personal data valid until further notice. The subscriber can themselves unsubscribe from the register by using the unsubscribe function within the newsletter.

Event participant register:

Personal data is valid for six months from the end of the event.

Description of technical and organisational security measures

A. Manual materials

Manual materials are handled by persons trained in information security.
The data in the register is protected against inappropriate viewing, alteration and destruction.

B. Digital materials

The data in the register is protected against inappropriate viewing, alteration and destruction. This protection is based on user authorisation control, technical protection of databases and servers, physical protection of facilities, access control, data security and data backup.

Access to and processing of data is permitted on the basis of work tasks. Access to the system is based on personal user IDs. The equipment facilities and data are physically located in Finland.

Data sources for data which have not been obtained from the data subject

Right of access

The data subject has access to the collected personal data that relates to them (newsletter and event participant registers).

The data contained in the registers is not used for profiling nor for automated decision-making.

If less than one year has elapsed since the right of access has been exercised by the data subject, the controller may charge a fee based on administrative costs for the provision of the data.

Right to rectification

The data subject may change or rectify the data entered in the register (newsletter and event participant registers) or the data subject may request the controller to rectify, without undue delay, the incorrect personal data that relates to the data subject.

The data subject may submit a request for rectification to the controller’s representative.

Other rights relating to the processing of personal data

The data subject has the right to demand that the data controller erase the data that relates to them.

The data subject may submit a request for erasure to the controller’s representative.

Right to lodge a complaint with a supervisory authority

The data subject has the right to lodge a complaint with the Data Protection Ombudsman if they consider that the processing of personal data violates the EU’s General Data Protection Regulation.