Privacy statement

Register and Privacy Statement

This register and privacy statement has been prepared in accordance with the Finnish Personal Data Act (Sections 10 and 24 §) and the EU General Data Protection Regulation (GDPR).

Name of the Register

The membership, event registration, and corporate partnership register of the Finnish Supply Chain and Production Planning Association (STO).

Data Controller and Contact Person

Finnish Supply Chain and Production Planning Association (STO)
Business ID: 0971215-1
Tähdenlennontie 63, 02240 Espoo, Finland

Secretary of association: Raila Luhtala
Phone: +358 50 555 3978
Email: toimisto@sto-ry.com
Website: www.sto-ry.fi

Purpose and Legal Basis of Processing

The purpose of processing personal data is to maintain contact with the association’s members, inform members about events, and carry out actions required for managing membership. The register is also used to keep in contact with those registered for open events organized by the association, as well as with contact persons of partner companies. The data is not used for automated decision-making or profiling.

Data Content of the Register

The register may contain the following information:
– Name, position, employer, contact details (phone number, email, address)
– Billing information
– Other data related to membership or services provided, as requested in membership applications or event registrations.

Regular Sources of Data

Personal data is collected from members, registrants, and partner company representatives via:
– Online membership applications and forms
– Email, phone calls, and member meetings
– Other situations where the individual knowingly provides information to the association.

Disclosure, Publication, and Transfer of Data

Data is generally not disclosed to third parties, with the exception of participant lists for events and seminars being shared with organizers, participants, speakers, or partners. Data may also be disclosed if required by Finnish authorities. Data may be published if the member has given written consent.

Data may be transferred (but not disclosed) by the data controller to service providers in Finland or abroad, if necessary to carry out the service. The principle of data minimization is applied, meaning only the necessary information is transferred. Data may also be transferred outside the EU/EEA (e.g., to the United States) if the service used by the association is located outside the EU/EEA.

Principles of Register Protection

The register is handled with care, and data processed via IT systems is protected with appropriate passwords and technical solutions. Access to personal data is restricted to individuals whose work duties require it.

Right of Access, Rectification, and Deletion

Every individual has the right to review their personal data stored in the register and request corrections or updates. Requests must be sent in writing to the contact person of the register, with proof of identity required. The association aims to respond without undue delay, but at the latest within the time frame required by the GDPR (usually within one month). Data will be deleted upon written request by the registered individual.

Right to Restrict Processing

Individuals have the right to restrict the use of their data in the association’s communications. The request must be made in writing to the contact person. STO ry may refuse the request if required by law.

Retention Period of Data

Data will be retained as long as necessary for the purpose of the register.
– Member data will be retained until STO ry ceases operations.
– Data of participants in open events and of corporate partnership contacts will be retained as long as needed for billing or cooperation.
– Data based on consent will be retained until consent is withdrawn.

Right to Lodge a Complaint

Every registered individual has the right to lodge a complaint with the relevant supervisory authority, or with the supervisory authority of the EU member state where they reside or work, if they believe their personal data has not been processed in accordance with applicable data protection rules.

Mandatory Data

– For members: data required by the Associations Act and essential for the association’s activities (name, contact details, billing information).
– For corporate partners: basic company and contact details.
– For event participants: basic contact details, food allergies, and special diets (vital interest of the data subject).
– Any other information required by third parties for event arrangements (specified during registration).

Consequences of Failing to Provide Data

– A person cannot be accepted as a member without providing mandatory data.
– A corporate partner cannot be selected without providing mandatory contact details.
– Event participation cannot be accepted without providing mandatory data.

Contact Information

Requests to exercise rights, questions about this privacy statement, and other inquiries should be sent by email to: toimisto@sto-ry.com

Or by post/personal contact to:
Finnish Supply Chain and Production Planning Association (STO)
Raila Luhtala
Tähdenlennontie 63
02240 Espoo, Finland
Phone: +358 50 555 3978
Email: toimisto@sto-ry.com

Changes to This Privacy Statement

This privacy statement may be updated from time to time, for example due to changes in legislation. Last updated: 13 November 2024.