Lean Construction Finland ry’s member register Privacy statement

Document in accordance with the General Data Protection Regulation (EU) 2016/679 on data protection practices.

1. Registrar

Lean Construction Finland ry
PO Box 4610
University of Oulu

2. Contact person of the controller

Miika Ronkainen

Postal address:
Lapinrinne 3
00100 Helsinki

Email address:

3. The purpose of keeping the register and the legal basis for the processing

Personal data is used for the following purposes related to membership of the association, such as communication about the association’s affairs.
The legal basis for processing is the person’s consent.

4. Information contained in the register

The register may contain the following information:

  • Name
  • Email address
  • Telephone number
  • Organization and position
  • The organization’s address information and Y ID
  • Other possible information provided by the registered person

5. Regular data sources and numbering of personal data

The information contained in the register is regularly obtained from the registered person himself.
Participant lists of group projects and events can be shared among the people participating in group projects or events.
In accordance with the rules, the controller does not hand over the data of the registered person to outsiders, except when required by Finnish legislation or the authorities. Personal data is stored in electronic form on servers that can be located in the USA in addition to the EU region and the EEA region.

6. Principles of registry protection

Manually saved data is stored in a locked state. Electronically stored information is located on a password-protected server. Persons processing personal data are obliged to maintain confidentiality regarding the information they receive from the register.

7. Right to inspect, correct and delete data

Everyone has the right to check what information about them is in the personal register. The inspection request must be sent to the contact person (see section 2) in writing and signed by mail or e-mail.
The registered person has the right to require the controller to correct, delete or complete personal data in the register that is incorrect, unnecessary, incomplete or outdated in terms of the purpose of data processing by contacting the person responsible for register matters in writing (see section 2). The registered person can also withdraw their consent at any time.
The registered person also has the right to file a complaint with the data protection authority if he considers that his data is being used in violation of regulations.

8. Personal data retention periods

Personal data, the processing of which is no longer necessary due to, for example, a finished group project, is deleted once a year (in March). However, in the case of an expired membership, the data will be deleted within two weeks of termination of the membership.