Privacy Statement: Register for Contact Information
This is the Privacy Statement for the Register for Contact Information maintained by the Finnish Cultural Institute for the Benelux (below: the Institute). Read it carefully! The Institute is committed to protect your personal data and to respect your privacy. The Institute collects and processes personal data according to the General Data Protection Regulations and the best practices for data handling and processing. General Data Protection Regulations refer particularly to the Regulation of the European Union as well as national legislation concerning personal data.
1 Controller of the Register
Name: Finnish Cultural Institute for the Benelux
Business ID Finland: 0982406-5
Business ID Belgium: 0851.551.914
Contact Information: Rue de l’Arbre/Boomstraat 14/3, 1000 Brussels, Belgium / email@example.com / tel. +32 468 15 56 72 (office)
2 Name of the Register
Register for Contact Information for the Finnish Cultural Institute for the Benelux.
3 Contact Person for Matters Regarding the Register
Communications Officer Ela Suleymangil
Contact Information: Rue de l’Arbre/Boomstraat 14/3, 1000 Brussels, Belgium, firstname.lastname@example.org, tel. +32 486 84 42 48
4 The Purpose, Legal Ground, and Sources of Information for Collecting and Processing Personal Data
Personal data is collected to maintain the Institute’s co-operation relationships and for communicating about the Institute’s activities.
The legal ground for collecting and processing personal data is the voluntary and conscious consent by the Registered Person.
The data is collected from the Registered Persons. The data and consent to process it are given for example by subscribing a newsletter or by signing a co-operation or other kind of agreement with the Institute.
5 Content of the Register
Name, title, organization, phone number, e-mail address, city of residence, language, and country of residence.
Data concerning the Connection between the Registered Person and the Institute
The relationship between the Registered Person and the Institute, the contact person at the Institute.
6 Users of the Register
The personal data is processed and accessed by the members of Staff at the Institute. Access is limited to viewing or updating the data on a need-to-know basis.
7 Protecting the Register
The data is collected and stored in the Mailchimp marketing, automation, and email platform. Login to the platform requires 2-factor authentication and happens through an SSL protocol.
The data is stored in the platform databases that are protected by firewalls and other technical measures. Physically the servers are in locked and guarded buildings and the data can be accessed only by authorized personnel.
The user agreement between the Institute and Mailchimp details protection of personal data and includes the assurances by the provider as well as their subcontractors being aware of regulations and up to date in their protective measures.
The personal data is stored and protected in such a way that outsiders cannot access them and that they cannot be deleted, changed, handed over, moved, or otherwise illegally processed.
The Institute is committed to observe in all its activities sufficient measures to protect the personal data in its possession. These include all necessary technical measures such as firewalls and virus protection in computers, or access control of the Institute’s premises. Personal data is processed as confidential information and the personnel or collaborators working with it have signed confidentiality agreements or they are bound by other kinds of confidentiality clauses. In addition, the Staff is trained and kept up to date in the latest regulations and sufficient resources are allocated to acquire expert services if needed. The performance and efficiency of all protective measures are evaluated regularly by the Institute to ensure rigorous protection of all personal data.
8 Data Transfer
Personal data is not transferred to third parties outside the Institute.
Data is not transferred outside the European Union or the European Economic Area.
9 Keeping and Deleting Personal Data
The Institute keeps the personal data while activities related to them are being organised.
The Registered Person can ask for removal of their personal data at any moment in time.
10 The Rights of the Registered Persons
The Registered Person has a right to see the data concerning them. They also have a right to claim correction of mistaken data or supplement insufficient data. The Registered Person has a right to ask for the removal of their data if there are no legal grounds to store it.
In addition, the Registered Person has a right to request restriction of processing personal data concerning them and oppose processing personal data concerning them. The Registered Person has also a right to transfer their personal data from one system to another.
The Controller of the Register has a right to ask proof of identity from any person requesting information on personal data. The Controller replies to requests within the time prescribed by General Data Protection Regulations (primarily within one month).
Requests for checking, correcting and deleting personal data should always be made directly to the Responsible for the Register:
Communications Officer, Ela Suleymangil, Rue de l’Arbre/Boomstraat 14/3, 1000 Brussels, Belgium, email@example.com, tel. +32 486 84 42 48.
11 Right to File a Complaint
The Registered Person has a right to file a complaint to appropriate authorities if they think their personal data has been managed incorrectly.