The activities of the student union require the processing of personal data based on the fulfillment of a statutory obligation, a legitimate interest, some other material connection or the express consent of the data subject. Personal information is used, for example, to manage and develop membership and customer relationships, to perform activities required by the employment and trust relationship, to exercise member democracy, to study tutoring or trust activities, to communicate and inform, and to organize events.
The data may also be used for archival purposes in the public interest or for scientific or historical research or statistical purposes.
Privacy and information security are important values for the student body that receive special attention. The student union follows good data processing practices.
Personal data is collected mainly from the data subject themselves. In addition, websites collect information about users’ terminals through cookies and other similar technologies, such as analytics. CRM information related to the customer relationship comes from the joint online store of the student unions.
To the extent necessary, the collected information will be disclosed to relevant entities. The substantiveness of the matter depends on the situation. In order for a member to have access to the member ID, his or her information will be disclosed to the member ID provider. In order for a student to purchase member-priced products, his or her information is released to the online store. In order for a tutor or trustee to have the credits earned for his / her activities recorded in the study register, his / her information will be disclosed to the school. In order for the student representative of the administration to receive the invitations to the meetings and to carry out his or her duties, his or her information shall be disclosed to the entity for which he or she has been selected as the student representative. In order for a student to use the Zone Sports Services, his or her information will be disclosed to Zone. In order for a student employee or a trustee to receive his / her salary, his / her information will be disclosed to the payer. And so on.
The information may be disclosed to the authorities in accordance with the applicable legislation.
According to the General Privacy Regulation, the data subject has the right to check his or her stored data. Requests for verification must be made in writing, either through the messaging feature on the member pages or by email to firstname.lastname@example.org, so the requester can be identified. The request must specify what information is to be checked and for what period. If the requests are unfounded or unreasonable, especially if they are made repeatedly, a reasonable fee may be charged or the action requested may be refused. The fee is 25 euros.
The student union corrects, deletes or supplements personal data contained in the Register which are inaccurate, unnecessary, incomplete or outdated for the purpose of processing, either spontaneously or at the request of the data subject. To correct this information, the data subject should contact email@example.com. In the case of the membership register, the student can also, if necessary, change his / her information through the membership page.
More information on the processing of personal data is available in each privacy statement. Questions regarding privacy can also be sent to firstname.lastname@example.org.
The registrant has the opportunity to contact the student union data protection officer Vellu Taskila, whose up-to-date contact information can be found here.
The student union is committed to the following principles in the processing of personal data:
- Legality, reasonableness, transparency
- There is a legal basis for all the proceedings.
- The data will be communicated to the data subjects.
- Purpose limitation
- Information will only be processed for the purposes for which it was collected or for compatible purposes.
- Data Minimization
- Information is collected and processed only to the extent necessary.
- Inaccurate data will be corrected, outdated data will be updated, and data that is no longer needed will be properly destroyed confidentially.
- Restriction of storage
- Information is deleted when it is no longer needed for the purpose. Unless archived or used for scientific, historical or statistical purposes for public interest.
- Integrity and confidentiality of information
- The overall level of security shall be ensured by appropriate technical and organizational measures.
The most up-to-date privacy statements can be found here, under GDPR.
Data protection deviations
It is possible to report any privacy violations using the Privacy Form.