Processing of personal data in the Lutheran Student Christian Movement in Finland. The EU’s General Data Protection Regulation (GDPR) (EU) 2016/679) can improve the secure processing of personal data without compromising the protection of privacy. Common information systems, such as the SKY member register, as well as the careful processing of personal data, ensuring that SKY: each person’s personal data accordingly.
Privacy Statement of the Register of the Lutheran Student Christian Movement in Finland on 25 May 2018. Updated 11/19/2020.
1. Registry administrator
Suomen Kristillinen Ylioppilasliitto ry – Finlands Kristliga Studentförbund rf.
Business ID 0215284-1
Oikokatu 3, 00170 Helsinki
www.sky-fks.fi
Registry contact person:
Katri Jussila
+ 358-50-5952867
paasihteeri(a)sky-fks.fi
2. Member Register
The member registration service of the Lutheran SCM in Finland is Accountor Finago Oy’s customer relationship management system Procountor. Data transmission is encrypted in the model of HTTPS technology. Personal user services, a password and a password that changes from session to session are used.
Procountor only the view of SKY and its local association members to manage and handle the services of Ad Lucem and Etsijä magazines.
The Lutheran SCM maintains the register of members of SCM’s local associations. Local associations are
Student Christian Association r.y. (YKY) in Helsinki,
Turku Students’ Christian Association r.y. (TYKY) in Turku,
Kristliga Studentföreningen vid Åbo Akademi r.f. (KSÅA) in Turku,
Näsijärvi Students’ Christian Association (VISION) in Tampere,
Jyväskylä Student Christian Association r.y. (JYKY) in Jyväskylä,
Kuopio Students’ Christian Association r.y. (KYKY) in Kuopio,
Northern Finland Students’ Christian Association r.y. (PYKY) in Oulu and Kajaani,
Ilosaari Students’ Christian Association (IYKY) in Joensuu
Nationwide school association Suomen Christian Christian School Center r.y. (SKK).
3. Legal basis and purpose of the processing of personal data
The processing of personal data is based on the association’s obligation under the Associations Act to maintain a list of members, a legitimate interest in taking care of member service and communication, and the services and communication of those who have registered as volunteers. In the case of terminated memberships, the criteria are the management of the documentation in the personal information system, the requirements of the Accounting Act and the cultural and historical research basis. Electronic registration lists have been prepared for the following events that require pre-registration: the General Assembly, the meetings of the activities of the Association, the meetings of the Board of the Association, the events organized by the Association and the meetings of the working groups.
The purpose of the processing of personal data is:
Membership benefits include Ad Lucem magazine. The magazine is available to any member who has indicated that they wish to receive the magazine. The magazine also has subscribers and recipients of free copies. The address details of the magazine’s recipients are extracted from the member register and forwarded to the printing houses for mailing. Ad Lucemia is printed by Grano Oy.
Subscribers are selected from the member register for sending a membership letter and invitation to the general meeting, which is published twice a year. A letter of membership will be sent by e-mail or post to any member who, upon joining or later, has indicated that he or she wishes to receive the letter either by post or e-mail.
Recipients of e-mail lists are picked from the e-mail list sending program for sending to e-mail lists. The necessary information is collected for the shipment and invoicing of the products.
4. Personal data to be processed
In connection with the membership register, the registrar processes the following personal data of a member, trustee or person acting in a voluntary role: The member list includes the member’s name, possibly date or year of birth, address, telephone number, e-mail address, date of joining, membership type group, membership benefit magazine name.
When registering, the registrar processes the following personal data of a member, trustee, or volunteer: diet and allergies. This data is deleted when there is no longer a need for processing. We receive information primarily from the registrant himself. You can register as a member via the “Become a Member” form on the website or by notifying employees in writing.
In addition, personal data may be collected and updated for the purposes described in this Privacy Statement, also on the basis of information received from local associations, publicly available sources or other third parties, within the limits of applicable law.
For product orders, the necessary address and billing information of the subscriber is collected. The data will not be used for any other purpose.
5. Mailing lists
We use the mailing list to share news and events from our organization, umbrella organization, and partners. The information of the recipients of the e-mail lists is only available to SKY employees and we use them only for the transmission of information via the e-mail lists. We use the Mailman e-mail system maintained by Suomen Hostingpalvelu Oy. The information is stored behind a password and messages are forwarded over an encrypted https connection.
The available mailing lists are:
Helsinki local association e-mail list, Joensuu local association e-mail list, Tampere local association e-mail list, Kuopio local association e-mail list, Turku local association e-mail list, friends’ members e-mail list, youth religion dialogue e-mail list.
6. Disclosures and Transfers of Information
Membership information is stored in the Procountor service (For more information on Procountor security, see http://support.procountor.com/en/change/procountorin-totecurity.html). The information will be used by both the central organization and the local association for the purposes described above. We do not disclose the information in the register to third parties. We do not disclose personal information outside the EU / EEA. Subscriber information for email lists is stored in the email program.
Information about volunteers, participants in seminars and activities is stored in a common data station in the SKY office, which can be accessed from computers. Computers are password protected. There are also online forms that are password protected.
7. Data protection and retention periods
Only designated persons with a username and password to the system are authorized to use the system containing personal data. Only certain employees, defined in advance based on their employment relationship and duties, are entitled to process the data. The information is collected in databases that are protected by firewalls, passwords, and other technical means. The databases and their backups are in locked spaces and can only be accessed by certain pre-designated individuals. Manual material is stored in locked rooms.
We store personal data, considering the requirements of legislation and authorities, e.g. accounting legislation, specific data on data subjects and archiving requirements. The controller shall regularly assess the need for retention, considering applicable legislation.
The Lutheran SCM in Finland retains personal data as follows:
Membership continues until the member himself terminates the membership or information about the member’s death arrives at the association or local association. Data is stored in the member register only for statistical, reporting and accounting law requirements when a member has announced his or her resignation.
The information is deleted from the journal register when a request for its deletion has been received. The data will be deleted from the subscriber register of the membership letter when a request for their deletion has been received. The information in the subscriber register of the e-mail lists is deleted when the request for deletion has been received. Electronic registration lists are retained for statistical, reporting and accounting purposes.
Personal data whose processing is no longer necessary shall be deleted without delay, but not later than one year. Sensitive data collected for transactions will be deleted three months after the event. If some information is required to be retained by law or for any other justified reason, personal data will be deleted immediately when there is no longer a need for such retention based on other processing. Without prejudice to the above, data may be kept longer for historical, statistical, accounting, and written purposes related to the activity.
8. Rights of the data subject
The data subject has the right to be informed about the processing of his / her personal data, to check the personal data processed by SKY about himself / herself and to demand the correction and supplementation of incorrect or inaccurate data and to request the deletion or transfer of his / her personal data to another data controller. If the processing of personal data is based on consent, the data subject has the right to withdraw his or her consent.
The data subject has the right to object to the processing of his or her data or to request that the processing be restricted in so far as the processing of the data is based on a legitimate interest. If the data subject considers that his or her personal data have not been processed in accordance with the applicable data security policy, he or she has the right to lodge a complaint against the processing of personal data with the supervisory authority.
For special personal reasons, the data subject also has the right to object to processing operations against him or her. In connection with the request, the data subject must identify the specific situation based on which he or she objects to the processing. The controller may refuse to execute a request for opposition only on the grounds provided by law.
9. Contacts
All communications and requests regarding this leaflet should be made in writing or in person to the contact person named in one (1).
10. Changes to the Privacy Statement
This leaflet may be updated from time to time, for example as legislation changes. If necessary, we will notify you of significant changes by e-mail or on our website.