Member Register Privacy Policy
This is a privacy policy and register description in accordance with the EU General Data Protection Regulation (GDPR). Preparation date: May 24, 2018. Last modified: March 6, 2025.
Table of Contents
Table of Contents
- 1. Controller of the Register
- 2. Contact Person for Register Matters
- 3. Name of the Register
- 4. Purpose of the Register
- 5. Information Contained in the Register
- 6. Sources of Data in the Register
- 7. Disclosure of Data
- 8. Principles of Data Security
- 9. Transfer of Data Outside the EU or EEA
- 10. Right to Inspect and Correct Data
- 11. Data Retention Period
1. Controller of the Register
Automaatio- ja systeemitekniikan kilta ry (later referred to as “the Guild”)
P.O. Box 15500 00076 Aalto
2. Contact Person for Register Matters
The Guild’s Treasurer rahastonhoitaja@as.fi
3. Name of the Register
Automaatio- ja systeemitekniikan kilta ry:n jäsenrekisteri
4. Purpose of the Register
The legal basis for processing personal data under the EU General Data Protection Regulation is a statutory obligation.
The purpose of processing personal data is to maintain a membership register as required by Section 11 of the Finnish Associations Act (503/1989) and to manage the contact information of the association’s members.
5. Information Contained in the Register
- Full name
- Place of residence
- Email address
- Membership type (ordinary member / former member / external member)
- AYY membership (yes / no)
- Consent or lack thereof for sharing membership data with the Guild’s alumni activities after graduation
- Reason for joining the Guild
- Membership status (active / about to become active / passive / terminated)
Data is retained for 365 days after membership expires, after which it is automatically deleted from the register.
6. Sources of Data in the Register
Data stored in the register is collected from the member themselves upon joining the Guild and paying the membership fee.
7. Disclosure of Data
Data may be used for Guild activities as determined by the Guild’s Board. According to Section 11, subsection 2 of the Finnish Associations Act, all Guild members have the right to access information about all members’ names, places of residence, and membership types.
As a general rule, the controller does not disclose data to third parties or transfer it outside the EU or EEA.
The only exceptions to data transfer outside the EU are the data processors Google Workspace and Treanglo Oy (Kide.app). Data may be processed by Google and Treanglo Oy in countries outside the EU and EEA. In these cases, appropriate data protection measures are ensured, such as the use of the European Commission’s standard contractual clauses and other similar arrangements.
8. Principles of Data Security
The membership register and its backups are maintained electronically by the Guild’s Treasurer in a secure manner. Only the Guild’s Board has access to the register’s data.
9. Transfer of Data Outside the EU or EEA
Data may be transferred outside the EU or EEA if the service provider complies with Articles 44–50 of the GDPR.
10. Right to Inspect and Correct Data
Every individual in the register has the right to inspect the data stored about them in the Guild’s membership register and request corrections to any inaccuracies.
Requests must be made in writing to the Guild. The request must be personally signed. Alternatively, individuals can visit the Guild’s room in person to submit their request to a member of the Board. In such cases, individuals must prove their identity. The controller will respond to the individual within the time period specified in the EU Data Protection Regulation.
11. Data Retention Period
The register only contains data about the Guild’s members. When membership ends, the data is deleted after 365 days. In exceptional cases, data may be retained for longer. Members will be informed individually about any such exceptions and their reasons.
