Lean Construction Finland ry’s member register Privacy statement
Document in accordance with the General Data Protection Regulation (EU) 2016/679 on data protection practices.
1. Registrar
Lean Construction Finland ry
PO Box 4610
University of Oulu
2. Contact person of the controller
Miika Ronkainen
Postal address:
Lapinrinne 3
00100 Helsinki
Email address:
miika.ronkainen@vison.fi
3. The purpose of keeping the register and the legal basis for the processing
Personal data is used for the following purposes related to membership of the association, such as communication about the association’s affairs.
The legal basis for processing is the person’s consent.
4. Information contained in the register
The register may contain the following information:
- Name
- Email address
- Telephone number
- Organization and position
- The organization’s address information and Y ID
- Other possible information provided by the registered person
5. Regular data sources and numbering of personal data
The information contained in the register is regularly obtained from the registered person himself.
Participant lists of group projects and events can be shared among the people participating in group projects or events.
In accordance with the rules, the controller does not hand over the data of the registered person to outsiders, except when required by Finnish legislation or the authorities. Personal data is stored in electronic form on servers that can be located in the USA in addition to the EU region and the EEA region.
6. Principles of registry protection
Manually saved data is stored in a locked state. Electronically stored information is located on a password-protected server. Persons processing personal data are obliged to maintain confidentiality regarding the information they receive from the register.
7. Right to inspect, correct and delete data
Everyone has the right to check what information about them is in the personal register. The inspection request must be sent to the contact person (see section 2) in writing and signed by mail or e-mail.
The registered person has the right to require the controller to correct, delete or complete personal data in the register that is incorrect, unnecessary, incomplete or outdated in terms of the purpose of data processing by contacting the person responsible for register matters in writing (see section 2). The registered person can also withdraw their consent at any time.
The registered person also has the right to file a complaint with the data protection authority if he considers that his data is being used in violation of regulations.
8. Personal data retention periods
Personal data, the processing of which is no longer necessary due to, for example, a finished group project, is deleted once a year (in March). However, in the case of an expired membership, the data will be deleted within two weeks of termination of the membership.