Northern Forest & Wood Association, Nuottatie 6 A, 96300 Kuusamo
2. Contact person
Tanja Koukkula, [email protected], +358 40 676 4016
Northern Forest & Wood Association member and stakeholder register.
4. When do we gather personal data and why?
We gather personal data when
- the person allows it
- we have a contract with the person
- we take care of the association’s work related to our members
– Controller’s legitimate advantage:
Legitimate advantage includes taking care of memberships, offering and producing association’s services including organising events. We deal with the personal data only when necessary and in a way that the registered can reasonably expect when they give us their personal data.
We collect data mainly from persons, companies and organisations who are interested in our operation or membership and accept our purposes.
The purpose of using the data is to communicate with our member companies and stakeholders, upkeeping the membership and cooperation with the stakeholders. We do not use the data for automated decision making or marketing profiling.
5. What data do we gather?
Information we gather includes:
- company name
- contact person name
- contact information: phone number, email, address
- website address
- billing information
- other information that is related to customer relations and cooperation.
6. How do we gather personal data?
The information saved in our register comes from the persons giving data. We receive data from online messages via our website forms, via email, phone, social media services, contracts, customer meetings and other occasions when the customer gives their personal data.
Additionally, the information can be gathered and updated for depicted purposes from public sources, administrative sources, or from other parties according to legislation. This kind of information updating will be performed manually.
7. Will your personal data be transferred outside the EU or the European Economic Area?
We usually do not hand data over to other parties. Company information can be published in the association’s services (for example, member register). A member company can modify its coverage in services.
Personal data can be transferred to co-organisers of events, sponsors of publicly funded projects or other representatives of administration only to the necessary extent or according to an agreement with the customer.
We do not principally hand information over outside EU or EEA. In a single occasion we can hand contact information over to a cooperation partner.
We do not hand personal data over for marketing purposes.
8. How do we protect your data?
We are careful when using the register and protect the information adequately. When storing the registered information on online servers the digital and physical safety of the devices is being ensured. The controller of the register takes the responsibility of keeping the information and access rights confidential. Only those employees whose job includes using the data will be using it.
9. Your rights
The European Union’s General Data Protection Regulation gives you certain rights related to your personal data. You have the right to receive a copy of your personal data. You have the right to correct or update inaccurate or incomplete personal data concerning yourself.
If you would like to inspect the data we have gathered of you, you need to send a written request to the register’s controller. The controller may have to ask you for a confirmation of identity. The controller will answer to your request in a time decreed in General Data Protection Regulation of European Union, usually within one month.
10. Other rights
You have all the rights that are included in General Data Protection Regulation of European Union. For example, you have the right to ask us to remove your personal data from our registers and the right to ask us to restrict the processing of your data.
The requests must be sent in written from to the controller of the register. The controller may have to ask you for a confirmation of identity. The controller will answer to your request in a time decreed in General Data Protection Regulation of European Union, usually within one month.