This is the Musiikkitalo Organ Association’s register and data protection policy in accordance with the EU’s General Data Protection Regulation (GDPR).
1. Data Controller and Contact Point
Musiikkitalo Organ Association
Mannerheimintie 13a
00100 Helsinki
FINLAND
Business ID: 3096350-2
For enquiries regarding the register, contact:
2. Categories of Data Subjects
The personal data register includes the following categories of data subjects:
- Association’s supporting members
- Newsletter subscribers
3. Basis for and Purposes of Processing Personal Data
Association’s Supporting Members
The legal basis for processing personal data is the consent to the processing of personal data in accordance with this policy given by the individual as they become a supporting member. The data entered in the register is processed for purposes related to the association’s activities in accordance with its rules. Data is also used for communications and to contact the supporting members.
Newsletter Subscribers
The legal basis for processing personal data is the consent to the processing of personal data in accordance with this policy given by the individual as they subscribe to the association’s newsletter. The newsletter subscriber can at any time change and supplement their information via the link included in each newsletter. Data is used only to send the newsletter and for communication purposes in relation to the newsletters. The information can also be used for other marketing purposes if the subscriber has given separate consent to it.
4. Data Kept in the Register and the Retaining Period of Data
We primarily use the personal data described below for the aforementioned purposes. If necessary, we may also use other data that is compatible with those purposes. Personal data may also be processed for archiving purposes, considering the minimization principle of the EU General Data Protection Regulation.
Association’s Supporting Members
- Name
- Domicile
- Contact details, such as telephone numbers and e-mail addresses
- Information on membership fees
- Other necessary membership-related data
Data is retained for as long as the individual is a supporting member of the association. If a supporting member leaves the association, their data will be deleted from the register. For justified reasons, some data may be retained for archiving purposes.
Newsletter Subscribers
- Name
- Contact details, such as telephone numbers and e-mail addresses
- Organisation and title
- Possible marketing consent and information about the sending of marketing messages
The newsletter subscriber’s data is retained for as long as the individual subscribes to the newsletter. Should the individual give a separate marketing consent, data may be used for marketing purposes for the validity period of the consent.
5. Regular Sources of Data
Association’s Supporting Members
The association’s supporting members’ data is obtained from the members as they apply for the membership and in other situations in which the members disclose information about themselves. Membership fee data is collected from payment transactions.
Newsletter Subscribers
Newsletter subscriber information is generally obtained when an individual registers as a newsletter subscriber.
6. Regular Disclosing of Data, Transferring of Data Outside of the EU or EEA, and the Processors of Personal Data
Data will not be disclosed outside the Musiikkitalo Organ Association for purposes other than the original personal data processing purposes described in this policy.
Data may be transferred to the processors of personal data, with whom the data controller has an agreement. In that case, the data processor uses the transferred data on behalf of and for the account of Musiikkitalo Organ Association.
Data may be transferred by the data controller outside the EU or EEA, such as to the United States, in accordance with the GDPR based on the consent of the data subject or the use of standard contractual clauses and additional safeguard measures approved by the European Commission.
7. Data protection
The register is handled with care and the data processed by information systems is appropriately protected. When data is stored on Internet servers, the physical and digital security of the equipment is appropriately taken care of. The data controller ensures that the stored data, as well as the access rights to the servers and other information critical to the protection of personal data, are handled confidentially and only by those employees and the association’s persons in charge whose duties it falls within.
8. Automated processing and profiling
We do not use data for automated decision-making or profiling without the explicit consent of the data subject.
9. Right to Review and Rectify Data
Every data subject of the register has the right to review their data stored in the register and to require rectification of incorrect data or completion of incomplete data. Should an individual wish to review the data stored about them or to require rectification, the request is to be sent in writing to the data controller at . If necessary, the data controller may ask the individual making the request to prove their identity. The data controller is to respond to the data subject within the time set in the EU Data Protection Regulation (generally within one month).
10. Other Rights Related to the Processing of Personal Data
The register’s data subjects have the right to request the erasure of their personal data from the register (“right to be forgotten”) if the processing of the data is no longer necessary or the data has been processed based on consent and the data subject withdraws their consent. The data controller may, however, have a legal or other right to decline the erasure of the requested data.
Data subjects also have other rights under the EU’s General Data Protection Regulation. Requests must be sent in writing to the data controller at .
If necessary, the data controller may ask the individual making the request to prove their identity. The data controller is to respond to the data subject within the time set in the EU Data Protection Regulation (generally within one month).
The data subject may appeal our decision to the Finnish Data Protection Ombudsman and request that we restrict the processing of the disputed data until the matter is resolved.
Should the data subject believe that we are violating applicable data protection legislation in our processing of personal data, they have the right to file a complaint with the Data Protection Ombudsman.
Data Protection Ombudsman’s contact information: https://tietosuoja.fi/en/contact-information