Privacy statement for the Communications Register
Controller
Address
Vesijärvenkatu 11 A,
15140 LAHTI
Other contact information
+358 29 525 0800
Controller’s representative
Name
Helena Berg, Susanna Mäenpää
Address
Vesijärvenkatu 11 A, 15140 LAHTI
Other contact information
viestinta.ara@ara.fi
Data protection officer
Name
Hanne Vikström
Contact information
tietosuojavastaava.ara@ara.fi
Name of register
ARA Communications Register / International Social Housing Festival (ISHF)
Purpose of processing
The purpose of the register is the transmission of information, marketing, communications and contact with ARA’s customers and stakeholders. The processing of information is based on consent and / or the legitimate interest of the controller.
The data in the register may also be used for stakeholder studies that are in the legitimate interest of the controller.
Data content of the register
Individual’s details:
• newsletter: name, email address for newsletter subscription
• event participant register:
name, organization, email address
Categories of personal data recipients to whom personal data have been or will be disclosed
Data may be disclosed only to the extent required and permitted by the legislation in force or on the basis of the consent given by the data subject.
The newsletter service processes the personal data for newsletter subscribers, while the personal data of event participants are processed by the event management service.
Transfer of personal data to a third country or international organisation
The data are not transferred outside the EU or the EEA. If the data is transferred to international organisations, these are ISHF 2022 partner organisations.
Retention time of personal data
Newsletter register:
Personal data valid until further notice. The subscriber can themselves unsubscribe from the register by using the unsubscribe function within the newsletter.
Event participant register:
Personal data is valid for six months from the end of the event.
Description of technical and organisational security measures
A. Manual materials
Manual materials are handled by persons trained in information security.
The data in the register is protected against inappropriate viewing, alteration and destruction.
B. Digital materials
The data in the register is protected against inappropriate viewing, alteration and destruction. This protection is based on user authorisation control, technical protection of databases and servers, physical protection of facilities, access control, data security and data backup.
Access to and processing of data is permitted on the basis of work tasks. Access to the system is based on personal user IDs. The equipment facilities and data are physically located in Finland.
Data sources for data which have not been obtained from the data subject
–
Right of access
The data subject has access to the collected personal data that relates to them (newsletter and event participant registers).
The data contained in the registers is not used for profiling nor for automated decision-making.
If less than one year has elapsed since the right of access has been exercised by the data subject, the controller may charge a fee based on administrative costs for the provision of the data.
Right to rectification
The data subject may change or rectify the data entered in the register (newsletter and event participant registers) or the data subject may request the controller to rectify, without undue delay, the incorrect personal data that relates to the data subject.
The data subject may submit a request for rectification to the controller’s representative.
Other rights relating to the processing of personal data
The data subject has the right to demand that the data controller erase the data that relates to them.
The data subject may submit a request for erasure to the controller’s representative.
Right to lodge a complaint with a supervisory authority
The data subject has the right to lodge a complaint with the Data Protection Ombudsman if they consider that the processing of personal data violates the EU’s General Data Protection Regulation.