GAYY ry Privacy Policy

Date of drafting. 22.05.2018 Date of modification. 22.05.2018

GAYY’s Privacy Policy

The purpose of this document is to communicate the data protection policy of GAYY Association (GAYY) to its members. The following registers are currently held by the Association:

• Membership Register
• Register of event registrations

This document and the descriptions of the registers mentioned will be updated as necessary. Responsibility for updating lies with a Board member appointed at a Board meeting.

Access rights to the data protection registers

The rights are limited only to those people who have a need to know for the purposes of the association’s activities. The person in charge of the membership register of our association is always the acting secretary, without a separate decision, and for event registrations the host and/or hostess, if necessary. Similarly, the rights of old directors and officers are removed as soon as the term of office changes, unless it is clear that the person concerned will need access to the register in the new term of office. Deletion of old access rights will be carried out as soon as it is practical to do so.

Data life cycle

The information in the registers is kept only for as long as it serves its purpose. The register of members contains the details of all current members of the association, which are deleted when a member is found to have resigned. For the event registration register, data is deleted when it is no longer deemed necessary for the event for which it was collected.

Technical safeguards for data protection

The association’s registers are stored encrypted with a separate password in Google Drive. A temporary copy of new data is also stored in Microsoft OneDrive.

The right to request – rectify and erase your data

Individuals have the right to request from GAYY ry the personal data stored about them. The data will be disclosed primarily in the same format as the request. The reasonable time limit for processing the request is one month. If necessary, the requestor may be asked to prove his/her identity. Similarly, individuals have the right to request the correction or deletion of their data. The reasonable time limit for processing the correction or deletion of personal data is also one month. If a person wishes to delete photos in which he or she appears, he or she should show the photos and request the deletion to a member of the association’s board of directors.

Privacy Policy – Event Registration Register

This is a privacy and data protection notice in accordance with the EU General Data Protection Regulation (GDPR).

1. The controller

GAYY ry
Otakaari 20 a, 02150 Espoo
The address of the controller does not accept mail.

2. Contact person responsible for the register

The members of the Board of Directors act as contact persons, contact details can be found on the Contact information tab.

3. Name of the register

GAYY ry events register

4. Legal basis and purpose of the processing of personal data

The legal basis for the processing of personal data under the EU General Data Protection Regulation is the legitimate interest of the controller.
The purpose of the processing of personal data is to maintain the register of members required by Section 11 of the Associations Act (503/1989) and to maintain contact details of the association’s members.

5. Data content of the register

The following data may be stored in the register:

Name
E-mail address
Membership of the association
Membership of the Student Union
Special dietary and drinking preferences
Variable additional information per event

The data in the register will be deleted within a reasonable period of time after the event.

6. Regular data sources

The information to be entered in the register is obtained through web forms or written registration.

7. Disclosure and transfer of data outside the EU or EEA

The data will be stored encrypted in Google Drive; however, the data will not be readable by the service provider.

8. Principles for the protection of the register

The processing of the register will be carried out with due care. Data will only be stored in electronic form on trusted third party internet servers that comply with EU data protection legislation. Encryption of the register is carried out by means of GAYY ry’s own password. The data cannot be read by anyone other than the responsible persons of GAYY ry. The controller will ensure that only relevant persons have access to the register.

9. Right of inspection and right to request correction of data

Every person in the register has the right to check the data stored in the register and to request the correction of any inaccurate data or the completion of incomplete data. If a person wishes to check or request the rectification of data stored about him or her, the request must be sent in writing to the controller. The controller may, if necessary, ask the applicant to prove his or her identity. The controller will reply to the customer within the time limit laid down in the EU General Data Protection Regulation (as a general rule, within one month).

10. Retention period of data in the register

The data in the register will be kept only for as long as necessary.

Data Protection Notice – Register of Members

This is a register and data protection statement in accordance with the EU General Data Protection Regulation (GDPR).

1. The controller

GAYY ry
Otakaari 20 a, 02150 Espoo
The address of the controller does not accept mail.

2. Contact person responsible for the register

The members of the Board of Directors act as contact persons, contact details can be found on the Contact information tab.

3. Name of the register

Register of members of GAYY ry

4. Legal basis and purpose of the processing of personal data

The legal basis for the processing of personal data under the EU General Data Protection Regulation is the legitimate interest of the controller.
The purpose of the processing of personal data is to maintain the register of members as required by Section 11 of the Associations Act (503/1989) and to maintain contact details of the association’s members.

5. Data content of the register

The following data may be stored in the register:

Name
E-mail address
Membership of the association
Membership of the Student Union
Field of study

The data in the register will be deleted within a reasonable period of time if membership is terminated.

6. Regular data sources

The information to be entered in the register is obtained through web forms or written registration.

7. Disclosure and transfer of data outside the EU or EEA

The data will be stored encrypted in Google Drive; however, the data will not be readable by the service provider.

8. Principles for the protection of the register

The processing of the register will be carried out with due care. Data will only be stored in electronic form on trusted third party internet servers that comply with EU data protection legislation. Encryption of the register is carried out by means of GAYY ry’s own password. The data cannot be read by anyone other than the responsible persons of GAYY ry. The controller will ensure that only relevant persons have access to the register.

9. Right of inspection and right to request correction of data

Every person in the register has the right to check the data stored in the register and to request the correction of any inaccurate data or the completion of incomplete data. If a person wishes to check or request the rectification of data stored about him or her, the request must be sent in writing to the controller. The controller may, if necessary, ask the applicant to prove his or her identity. The controller will reply to the customer within the time limit laid down in the EU General Data Protection Regulation (as a general rule, within one month).

10. Retention period of data in the register

The data in the register will be kept only for as long as necessary.