Regulation “On the Processing and Protection of Personal Data”

​

​

GENERAL PROVISIONS

​

The purpose of this Regulation is to define the procedure for processing and ensuring the security of personal data of the organization’s clients. A client is a natural person receiving services.

The Regulation aims to prevent and detect violations of legislation regarding the protection of personal data, and to eliminate the consequences of such violations. Personal data refers to information relating to an identified or identifiable natural person, which may be disclosed to other persons.

​

PROCESSING OF PERSONAL DATA

​

This Regulation on the processing and protection of clients’ personal data of the organization located at the domain name www.svkliitto.fi is based on the updated data processing rules effective from May 25, 2018, as established by the General Data Protection Regulation (EU Regulation 2016/679) of April 27, 2016.

The Regulation defines the procedures for obtaining, recording, processing, accumulating, and storing documents that contain clients’ personal data.

Personal data is considered confidential information.

The organization performs the following operations with client personal data: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access, delegation of processing), pseudonymization, anonymization, blocking, deletion, and destruction.

The organization processes personal data of clients for the purposes of:

• concluding and executing agreements initiated by the client (organization member, volunteer, registered participant of a webinar, event, or course);

• providing consultation services related to digital devices, municipal services, and interaction with Finnish authorities;

• delivering information services;

• sending invoices via email or postal address.

The organization processes client personal data to:

• provide services to clients;

• maintain contact with the client, typically only when necessary and in a manner preferred by them.

Personal data includes any information relating to an identified or identifiable person (data subject), including name, gender, date and place of birth, residential address, contact numbers, and other information necessary for the organization to fulfill its obligations under applicable law. This information is collected only with the individual’s consent and according to the principle of data minimization.

The organization processes the following personal data:

• contact details of program participants, webinar attendees, event attendees, and volunteers: name, email, phone number;

• for members and paying participants: postal address and payment details;

• for course participants who receive certificates: personal identification number (henkilötunnus).

Special categories of personal data and biometric data are not processed.

There is no cross-border transfer of personal data.

​

PRINCIPLES OF PERSONAL DATA PROCESSING

​

The organization adheres to the following principles:

• fairness and legality in processing;

• legal acquisition, processing, storage, and other operations;

• alignment of data volume and processing methods with stated purposes;

• accuracy, relevance, and sufficiency of data, and prohibition of excessive data collection;

• prohibition of merging incompatible databases;

• limiting data processing to specific and lawful purposes;

• storing data in an identifiable form only for the time required to achieve stated purposes, unless otherwise mandated by law.

Personal data must be destroyed or anonymized once the processing goals are achieved or no longer needed unless otherwise required by law.

​

SECURITY MEASURES FOR PERSONAL DATA PROTECTION

​

The organization implements legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, or distribution, and from other unlawful actions.

 

COLLECTION, PROCESSING, AND STORAGE

​

Client personal data (members, program/webinar participants) is collected directly from them via paper forms and is not verified.

For online registrations (via www.svkliitto.fi), data is also not verified.

By signing the paper form or submitting online, the client consents to the processing of their personal data.

Processing is done both manually and automatically. Staff members receive only the information necessary for their duties.

Personal data is stored in paper and electronic formats. In electronic format, data is stored in secure databases and backups, following strict organizational and technical safeguards to prevent unauthorized access.

​

TRANSFER OF PERSONAL DATA TO THIRD PARTIES

​

Personal data may be transferred to third parties only with the individual’s consent, except where required by Finnish law or government authorities. In such cases, only the requested data is shared, and the individual is notified if possible.

 

RIGHTS, DUTIES, AND RESPONSIBILITIES

​

The data subject has the right to:

• request correction, blocking, or deletion of incomplete, outdated, or illegally obtained data;

• request a list of their data held by the organization;

• receive information on data processing and storage periods;

• file complaints with data protection authorities or courts;

• defend their rights and seek compensation for damages or moral harm.

To update data, contact the organization’s data protection officer by email: info(at)venajankieliset.fi and specify the relevant personal data. Deletion of stored data can, in some cases, be requested by post to:
Tietosuojavastaava, Sienitie 18B, 00760 Helsinki.

If a person refuses to provide or consent to processing their data, the organization reserves the right to deny participation.

Employees who violate personal data protection policies are held accountable according to applicable law and internal regulations.

​

FINAL PROVISIONS

​

SVK Liitto ry provides unrestricted access to this Regulation on its official website www.svkliitto.fi.

This Regulation is subject to amendments and updates based on new laws and regulations on personal data protection.

The organization’s Data Protection Officer oversees compliance with this Regulation.