20.1.2022 ASSOCIATION’S EU GDPR DATA PROTECTION STATEMENT, STAKEHOLDER REGISTER
Contacts on data protection issues and measures in the event of data protection leakage:
Data protection Officer Bea Tuomi
09 84 981, bea.tuomi@fifur.fi
PRIVACY STATEMENT CONTENT
1. CONTROLLER
2. REGISTRY RESPONSIBLE
3. PURPOSE OF THE REGISTER
4. REASON FOR KEEPING THE REGISTER
5. REGISTRY NAME
6. DATA CONTENT OF THE REGISTER
7. REGISTRY DATA SOURCES
8. DISCLOSURE OF PERSONAL DATA
9. INTERNAL USE OF REGISTERS
10. PROTECTION OF THE REGISTER
11. STORAGE, ARCHIVING AND DESTRUCTION OF PERSONAL DATA FILES AND REGISTER DATA
12. INFORMING THE DATA SUBJECT
13. THE DATA SUBJECT’S RIGHT TO INSPECT AND CORRECTION AND DISCLOSURE OF DATA
14. INTERNAL REGISTER INSTRUCTIONS AND TRAINING
15. ORGANISATION OF MONITORING, REPORTING OF PROBLEMS AND SHORTCOMINGS
1. CONTROLLER
Finnish Fur Breeders’ Association
Martinkyläntie 48
01720 Vantaa, Finland
Business- ID 0202314-2
2. REGISTRY RESPONSIBLE
The association’s data protection officer is Bea Tuomi, who is responsible for the planning and implementation of registry functions in accordance with regulations and general instructions given. She is responsible for determining or verifying the decision-making power over the various functions of registries and record keeping tasks.
Bea Tuomi
09 84 981, bea.tuomi@fifur.fi
3. PURPOSE OF THE REGISTER
The association collects, processes and maintains records in the register for information to its stakeholder groups.
4. REASON FOR KEEPING RECORDS
The records are kept for information to persons whose task or position in business or in public office is considered essential for the purposes of the information and is related to their duties.
5. REGISTRY NAME
Stakeholder register
6. DATA CONTENT OF THE REGISTER
With regard to the information required of the activity, the necessary and lawful register data are stored by the association:
– First and last names
– postal address
– ZIP/postal code
– City
– phone number if necessary
– E-mail
– work or service assignment
– employers
– language Group
– Other information relevant for informing and influencing
Other unnecessary information can be deleted and not collected.
7. REGISTRY DATA SOURCES
The records entered in the register come from public registers.
8. DISCLOSURE OF PERSONAL DATA
Records are not disclosed to third parties for processing other than for the purpose of carrying out the association’s own direct marketing activities. The data are stored by third-party service providers whose servers are located in the EU/EEA. The data is not disclosed to non-EU/EEA countries.
9. INTERNAL USE OF REGISTERS
The employees of the association have been instructed and the processes have been designed to avoid data protection leaks and to facilitate the administration of the register. The processing of employees’ register data is carried out by a guided processor who knows data protection practices and identifies potentially insecure processing methods. The association encourages employees to monitor, assess, improve the association’s data protection and security through their own activities and to report any maladministration.
10. PROTECTION OF THE REGISTER
Devices and software require login IDs and passwords. The devices are protected against viruses. Terminal equipment is protected by regularly updating the operating system and software. The register is kept on servers managed by partners and protected by the security methods generally required by the industry.
The employees of the association have been trained in the processing of register data and information security practices. Employees are familiar with the association’s information security policy and are committed to the association’s data protection practices. Employees have signed a confidentiality agreement covering stakeholder registers and other related information. All stakeholder information is treated by the association as confidential information subject to a non-disclosure agreement.
11. STORAGE, ARCHIVING AND DESTRUCTION OF PERSONAL DATA FILES AND REGISTER DATA
The register is a tool for informing and influencing data subjects. The association stores the data electronically and in archived form in a secure program intended for them. Register data are removed from the systems upon request or when the data are updated.
12. INFORMING THE DATA SUBJECT
In the event of a personal data breach, the association shall communicate with the person concerned as it deems best. In individual cases, the person concerned is reached primarily by telephone. In a larger data security leak, it is primarily communicated by post or email.
13. THE DATA SUBJECT’S RIGHT TO INSPECT AND CORRECTION AND DISCLOSURE OF DATA
In matters concerning the verification, erasure or correction of data in the register, the data subject shall have the right to communicate with the data protection officer. The privacy statement can be read at the association’s office and on request by electronic means.
By post
Contact by post shall contain at least:
– the name of the person concerned,
– postal address
– ZIP/postal code
– City
– the right to be exercised
– date of signature
– place of signature
– signature of the person concerned,
– name clarification
A written request shall be sent by post in a closed envelope with the appropriate markings:
Finnish Fur Breeders’ Association / Data protection officer
Po Box 5
01601 Vantaa, Finland
The written reply shall be submitted to the post office no later than two working days after its arrival. Written requests shall be kept in the office in the relevant file. Written requests are normally destroyed one week after their arrival, unless the handling of the case otherwise requires longer retention.
By email
Contact by e-mail shall include at least the name of the person concerned and the right to be exercised.
At the place of business
When visiting an association’s office, the person concerned must make a prior appointment with the data protection officer by the means of communication he or she has chosen. At the meeting, the person concerned has the right to request, correct or delete his or her information and the association has 72 hours to submit the information to the person concerned for inspection at the association’s premises.
Inspection and telephone services
By calling the data protection officer, the data subject can exercise his or her rights.
Authorization and power of attorney
If the contact person is not an interested party, a power of attorney or other documentation giving an appropriate authority to act on behalf of the interested party shall be submitted to the association in paper form. In case of doubt, the association has the right to ascertain whether the information is necessary to disclose and to inform the contact person within a reasonable period of time. Any refusal to disclose information shall be notified primarily by post to the registered person’s postal address.
14. INTERNAL REGISTER INSTRUCTIONS AND TRAINING
The employees of the association have been instructed on information security activities, data protection leaks, the practices of the association and the use of the register. The association has arranged information security training for each employee and information security instructions can be found at the office. The guidelines are updated and audited annually with an external expert company.
15. ORGANISATION OF MONITORING, REPORTING OF PROBLEMS AND SHORTCOMINGS
The person responsible for the register of the association ensures that the monitoring remains regular and that the description document of the client register operations is updated and maintained as required. Shortcomings and problems that are or may be potential security threats must be addressed without delay and discussed with an external expert company. Users of the register shall, through their own activities, monitor the maintenance of the register and the correct manner of operation, and the person responsible for the register of the association shall be informed in writing of any risks or threats by e-mail and, in urgent matters, by the fastest possible means of communication.