Privacy policy of the register of members and contacts

1. Controller and contact detailsPAM Porvoo Region Section Association. PAM Borgånejdens avdelning rf 188
·         Petri Pasanen
2. Name of the personal registerRegister of members and contacts
3. Grounds for the right of accessLegal basis for the processing of personal data by the trade union in the register of members and contacts:
Legal basis for the processing of personal data by the trade union in the register of members and contacts:
·         Marketing: a legitimate interest
·         Training and events: agreement (registration), consent
·         Organisational activity: contract (membership, acceptance of an organisational or representative position)
·         Organising activities: consent
4. UsesThe purpose of the Trade Union is to work for the improvement of the economic, social and legal status and quality of life of employees, students, self-employed persons and self-employed persons working in the service and related sectors, and the unemployed, in the ways described in Article 2 of the Statutes of the Trade Union.
In the course of its activities, the trade union processes personal data of its members and non-members for the following purposes.
Managing member relations and organisational activities:
·         Membership management, member services and advice, and feedback handling
·         Operations, management, analysis and development
·         Communication, campaigns and marketing
Planning and implementing activities and services:
·         Providing and developing activities and services, such as
·         Training and events
·         Providing member benefits
·         Identification of members
·         Verification, reporting, statistics and analysis of service and events.
Information security:
·         Ensuring the availability, integrity, confidentiality, reliability and continuity of data.
·         Risk management and the prevention, detection, resolution and follow-up of irregularities and problems.
·         Ensuring legal certainty and fulfilling obligations under the law and public authorities’ regulations.
5. Data contentAs registered in the register of members and contacts, the following are processed.
information on categories of personal data:
·         Members of the trade union
·         Former members
·         No members
The following types of data are processed in order to carry out the tasks and purposes described above:
·         Identifying and unique data such as membership number
·         Contact
· Membership details, such as type of membership, trade union, workplace
·         Information on positions of trust and representation
·         Service and event information
6. Use of cookiesThe trade union uses cookies on its online services to provide services and to facilitate the use of services. Cookies and data collected from the web service are also used to analyse and develop the use of the web service and services, to improve usability and ensure data security and for marketing purposes.
You can block the use of cookies in your browser settings. However, cookies are necessary for the functioning of online services, so the trade union does not guarantee the functionality of all services if cookie functionality is not enabled.
7. Regular sources of informationThe personal data in the register of members and contacts is primarily obtained from the data subject himself/herself, which is provided by the PAM Association on the basis of an affiliation agreement. In addition, data is obtained directly from the data subject himself/herself.
The PAM Association maintains data quality by updating personal data from information services such as the Postal Address Information Service.
8. Recipients or categories of recipientsPersonal data will not be disclosed to third parties.
Personal data will not be transferred or disclosed outside the EU or EEA.
9. Automatic decision-makingNo automated decisions within the meaning of the EU General Data Protection Regulation are made in the activities of the trade union.
10. Right of inspectionThe data subject can check what information has been stored about him or her. The data subject must provide sufficient identification information about himself or herself in the request for inspection. The request for inspection must be submitted electronically or signed in writing.
11. Portability of personal dataThe data subject may request personal data concerning him or her which he or she has provided on the basis of a contract or consent. At the request of the data subject, such data may also be transferred to another controller who is able to receive such personal data in a secure manner. The data subject shall provide sufficient identification of himself/herself in the request for inspection. The request should be submitted
electronically or in writing with a signature.
12. Right to rectificationThe data subject may request that incorrect or incomplete data be corrected or supplemented by electronic means or in writing by means of a signed request for rectification.
In the request, the data subject must provide sufficient identification information about him/herself and describe the data to be rectified.
The request for rectification must be submitted electronically or signed in writing.
13. Right of restrictionThe data subject may request restriction of the processing of his or her personal data in accordance with Article 18 of the EU Data Protection Regulation.
The data subject must provide in the request sufficient identification information about him/herself and identify the data to be restricted. The restriction request must be submitted electronically or signed in writing.
14. Consents and prohibitions on direct marketing (right to object)The data subject may give the trade union consents and prohibitions in relation to direct marketing and surveys as follows:
·         direct mail marketing
·         mobile direct marketing
·         direct marketing by mail
·         telemarketing
·         survey questionnaires by post, telephone or telegram
The use of cookies on the website of the trade union is informed and consent is requested upon accessing the website.
The user of the web service may refuse the cookies necessary for the production of the web service by setting their browser preferences. In this case, however, the functionality of the web services cannot be guaranteed.
The prohibitions and consents do not apply to member communications that do not include marketing.
15. Retention periods and destruction of personal dataOnly data on active members and those who use the services of the trade union are kept.
The data will be deleted when the legal basis or the need for the use ceases or the data is no longer necessary for the purpose for which it was collected.
For training and events, event data will be deleted when the need for processing and use is removed.
16. Principles of register protectionThe Department ensures the security of personal data through comprehensive technical, physical and administrative safeguards. Personal data may only be processed by authorised persons. The integrity and reliability of the data is ensured and the data is available for the purposes for which it is needed. Data security is ensured from the design of the processing of personal data at all stages of the life cycle of the processing of personal data, up to the secure destruction of the data. Through comprehensive agreements and guidelines and adequate controls, the ETUC also ensures the secure processing of personal data by those working on behalf of the ETUC.
17. Right of appeal to the supervisory authorityThe data subject has the right to lodge a complaint with the Data Protection Authority about processing operations that he or she considers unlawful. For more information on the right to complain
on the implementation of