Privacy Policy

This is the Privacy Policy of Technology Academy Finland as required by the Personal Data Act (Articles 10 and 24) and the EU General Data Protection Regulation (GDPR).

1. DATA CONTROLLER
Technology Academy Finland Foundation (Business ID: FI18113302)
Otakaari 24, 02150 Espoo
Tel. +358 9 6980 410, info@taf.fi

 

2. DATA OFFICER
Minna Zaknoun, minna.zaknoun@taf.fi, tel. +358 40 7473 035

 

3. NAME OF REGISTER
Technology Academy Finland Contact Register.

 

4. PURPOSE OF AND LEGAL BASIS FOR PROCESSING PERSONAL DATA
Personal data are processed for the purpose of implementing the agreement between the Data Controller (TAF) and the data subject and, where applicable and with the consent of the data subject, in connection with and the facilitation of the processing of orders, notifications, contacts, transactions, marketing, reporting and other measures affecting the customer relationship. Data on purchases and transactions, as well as location data retained in the register, may be used for profiling and targeting marketing activities and customer communications to make them of relevance to the data subject. Personal data are also used for sending invitations, newsletters and other communications, for organising and developing TAF’s operations and for the organisation 0f the Millennium Technology Prize process and celebrations.
If the data subject does not provide the information requested as regards registration for an event, the Data Controller cannot accept the data subject’s registration, nor commit to the agreement between the Data Controller and the data subject concerning participation in the event.

 

5. CONTENT OF THE REGISTER
The register can contain the following data on a single person:
– name and, if applicable, former last name
– position/title
– gender
– date of birth and a notice if the person is deceased
– any discipline practised by the person
– degree/education
– native language
– any organisation represented by the person
– reference group; that is, how the person is associated with TAF’s activities, or the reference group of the organisation as represented by the data subject
– contact information (work address, home address, email address, phone number, mobile phone number)
– name and email address of the person’s assistant
– information regarding whether the person has opted out of submission of material to him/her
– transaction history; that is, information about TAF events in which the person has participated, registered for or been invited to

In the case of an organisation, the register may contain the following data:
– name of organisation
– contact information and website address
– reference group; that is, the category in which the organisation is classified, from TAF’s point of view
– business ID
– turnover
– number of employees
– field of operation
– list of people in the register who belong to the organisation
In the case of an event, the register may additionally include a list of individuals who have been invited to, registered for or have attended a particular event, and who are in the TAF contact register.
We make every effort to keep all personal information up to date and accurate.
Personal data will be retained for as long as it is necessary to enable registration by the data subject to an event and the implementation of that event. Personal information will be deleted upon request. We will make every effort to delete obsolete and unnecessary data.

 

6. REGULAR DATA SOURCES
Data in the register are obtained from data subjects via online forms, email, telephone, social media services, agreements and at meetings and other situations where people disclose their personal information.

Moreover, the Finnish Academy of Technical Sciences (TTA) and Svenska Tekniska Vetenskapsakademien i Finland (STV) serve as membership data controllers of their respective associations. Based on a separate agreement, TAF serves as data controller for these registers.

 

7. REGULAR DISCLOSURES OF DATA AND TRANSFER OF DATA OUTSIDE THE EU OR THE EEA
Data in the register may be shared within the organisation, as well as among the stakeholder groups of an event. Register data are also transferred to the data protection officer. No data is transmitted outside the EU or EEA.

 

8. PRINCIPLES OF PROTECTION OF THE REGISTER
All store data are protected with secure technology. Physical access to data is blocked by access control, as well as other security measures. Access to data requires sufficient rights, as well as multi-stage identification. All data are processed with care. Access to data is possible only with personal access code created for the staff of TAF. Only the controller and specifically appointed technicians can access data in the register. Only designated persons have the right to process and maintain data in the register. Other critical information regarding the security of personal data is handled confidentially and only by employees under whose job description they belong.

Users are bound by confidentiality. Register data are backed up safely and can be restored as needed. The level of data security is audited regularly either by external or internal auditing.

 

9. AUDIT RIGHT AND RIGHT TO DEMAND CORRECTION OF DATA
Every person in the register has the right to check his/her data stored in the register and to demand that incorrect data be rectified or incomplete data be completed. If a person wishes to check or request a correction of his/her data, the request must be sent in writing to the controller. The controller may request the applicant to prove his/her identity. The controller will respond to the customer within the time limit set by the EU General Data Protection Regulation (usually within one month).

 

10. OTHER RIGHTS PERTAINING TO THE PROCESSING OF PERSONAL DATA
Data subjects have the right to request the deletion of their personal data from the register (‘right to be forgotten’). Data subjects also have other rights set out in the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests must be submitted in writing to the Data Controller. The controller may ask the requester to prove his/her identity. The controller will respond to the customer within the time limit set by the EU General Data Protection Regulation (usually within one month).