Privacy
statement of Event signup register
Privacy
statement – Event signup register of Aalto Beer Pong ry
This privacy statement complies with the EU General Data
Protection Regulation (GDPR).
Controller of the register
Aalto Beer Pong ry (ABP)
Jämeräntaival 319 C 319, 02150, Espoo
Person in charge of the register
IT-Manager Ville Hakoniemi
ville.hakoniemi (at) aalto.fi
Name of the register
Event signup register of Aalto Beer Pong ry
Legal basis and the purpose of gathering personal
information
The legal basis for gathering personal information, complying with the EU GDPR,
is the legitimate interest of the controller of the register.
The purpose of gathering personal information is the maintenance of a member
register, required by the Associations Act (503/1989), and keeping the contact
information of the members of the association up to date.
Information in the register
The register will contain the following information:
- Name
- Email
address
- Phone
number
- Changing
event-specific further information
The information in the register is deleted after a
reasonable amount of time after the event.
Regular sources of information
The information in the register comes via online www forms.
Handing over information and transferring information
outside of the EU or the EEA
The information in this register is not to be handed over to outside parties
without separate approval from person intending to register.
The information is not to be handed over or stored outside the European Union
or the European Economic Area.
Principles of protecting the register
The register is handled carefully. The information is stored only in electronic
format, in trustworthy servers operated by third parties, which complies with
the EU GDPR. The encryption of the register is done using own passwords of
Aalto Beer Pong ry. The information is only available to authorized persons of
Aalto Beer Pong ry. The controller of the register will ensure that access to
the register is only limited to the appropriate individuals.
Right to check and request for corrections in the
information
Each member who is in the register has the right to check their information
that has been saved in the register and demand for corrections if any
information is incorrect or missing. If the person wishes to see the
information the register has on them or requests for a correction, the request
must be sent to the controller of the register in writing. The controller of
the register can ask the sender of the request to verify their identity or to
specify the request. The controller of the register will answer the requesting
party within the time limit
specified by the GDPR (primarily within one month).
Retention period of the information in the register
The information shall be stored in the register only for as long as is
necessary. The information for normal events is removed approximately two weeks
after the event. If some of the information is required after this, for e.g.
collecting participation fees, the information can be stored longer until there
is no longer need for it.