Privacy statement – Member register
This privacy statement complies with the EU General Data Protection Regulation (GDPR). Creation date 13th of March 2022.
1. Controller of the register
Aalto-yliopiston jatko-opiskelijayhdistys ry (Aallonhuiput), U 254, Otakaari 1, 02150 Espoo
2. Person in charge of the register
Web administrator Tejas Kotha, tejas(at)aallonhuiput.fi
3. Name of the register
Aalto-yliopiston jatko-opiskelijayhdistys ry member register
4. Legal basis and the purpose of gathering personal information
The legal basis for gathering personal information, complying with the EU GDPR, is the legitimate interest of the controller of the register. The purpose of gathering personal information is the maintenance of a member register, required by the Associations Act (503/1989), and keeping the contact information of the members of the association up to date.
5. Information in the register
The register will contain the following information:
Full name
Municipality of residence
Email address
School of studies
Starting year of doctoral studies
The register does not contain information of people who are not members of the association. This information is removed immediately when membership is terminated.
6. Regular sources of information
The information in the register comes from members who join or have already joined the association via online Google form on the association’s website. The form submissions are only accessible to the web administrator, who upon approval during the board meeting would add the individuals into the association’s mailing list and member register.
7. Handing over information and transferring information outside of the EU or the EEA
The information in this register is not to be handed over to outside parties. The information is not to be handed over or stored outside the European Union or the European Economic Area.
8. Principles of protecting the register
The information is stored only in electronic format, on the personal computer of the person responsible for the register. The back-up of the encrypted data is kept on the association’s usb-stick which is in custody of the person responsible for the register which is updated after the Spring and Annual Meetings. The encryption of the register is done using the password on the register file. The information is only available to authorized persons of the Aallonhuiput (Web Administrator, President and Vice President(in President’s absence)). It is the responsibility of the controller of the register to ensure that access to the register is only limited to the appropriate individuals.
9. Right to check and request for corrections in the information
Each member who is in the register has the right to check their information that has been saved in the register and demand for corrections if any information is incorrect or missing. If the person wishes to see the information the register has on them or requests for a correction, the request must be sent to the controller of the register in writing. The controller of the register can ask the sender of the request to verify their identity. The controller of the register will answer the requesting party within the time limit specified by the GDPR (primarily within one month).
10. Retention period of the information in the register
The register shall contain information only of people who are members of Aallonhuiput. It is the responsibility of the individual to inform the board of any changes in their study status and personal information. Individuals who quit or are expelled from the association will have their information removed from the register within a reasonable timeframe, at most within one month from the decision of expulsion or quitting.