NVF

Home Processing of Personal Data in the Nordic Road Association NVF

Privacy Policy

Processing of personal data in the Nordic Road Association NVF

This privacy policy concerns the processing of personal data in the activities of the Nordic Road Association. From this privacy policy, you will find out for what purposes your personal data is used and what rights you have as a data subject.

 

1. Data controller and contact person

Data controller is the Finnish department of the Nordic Road Association (PTL ry/NVF).

Contact information:

Pohjoismaiden tie- ja liikennefoorumi PTL ry / Suomen osasto
c/o Väylävirasto
Yliopistonkatu 38
33100 Tampere

 

Contact person responsible for the register:

Anne Ranta-aho
+358 40 8488 638
anne.ranta-aho(a)ftia.fi

 

2. Purpose and Legal Basis for Processing Personal Data

The purpose of processing personal data is to maintain NVF’s membership activities and working group activities, as well as to communicate with NVF members and member companies (including communication related to the distribution of materials).

Personal data is not used for automated decision-making or profiling.

The legal basis for processing personal data in accordance with the General Data Protection Regulation (GDPR) is:

  • The legal obligation of the data controller to maintain a membership register (Associations Act, Section 11)
  • The individual’s consent for the maintenance of data related to association activities and its working groups, where individuals participate as either members or representatives of a member organization.

The legal basis for processing personal data is based on the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679 of the European Parliament and of the Council).

 

3. Types of Personal Data Collected and Retention of the Data

Following personal data of data subjects are processed:

  • name
  • title
  • contact information (email address and phone number)
  • name of the organization
  • working group membership
  • membership of the national association board or the NVF Board
  • position in the Board or the working group (member, chairperson, vice-chairperson, secretary)

Personal data is maintained through the membership register. The personal data will be kept in the register for as long as the data subject is a member of the NVF.

 

4. Regular Sources of Data

The personal data is collected directly from the data subjects themselves or from the organization they represent.

 

5. Regular Disclosures of Data

Data is disclosed to NVF’s Nordic national associations, which include the national associations of the Faroe Islands, Iceland, Norway, Sweden, Denmark and Finland.

The disclosure of data occurs through the information entered in the NVF’s Nordic membership register. The Nordic membership register is a prerequisite for NVF’s working group activities. (Members of the working groups are expected to be in contact with each other to collaborate.)

We publish a summary of the member organizations on the NVF website.

 

6. Data Transfer Outside the EU or EEA

Data is transferred outside the European Union or European Economic Area to the Faroe Islands, when data is disclosed to the national association of the Faroe Islands. Data is disclosed to the NVF department of the Faroe Islands. Other national associations are located within the EU or EEA area.

The transfer of personal data is based on the decision of the European Commission regarding the adequacy of personal data protection for the Faroe Islands (Article 45 of the General Data Protection Regulation).

 

7. Principles of Register Protection

The register is handled with care, and information processed through data systems is protected appropriately. Measures are taken to ensure the security of register information. The data controller ensures that stored information, server access rights, and other critical data relevant to the security of personal data are handled confidentially and only by personnel who require such access.

 

8. Obligation to Provide Information

As a practical requirement for membership in NVF, participants must provide their contact information (email address) so that members can be contacted.

 

9. Data Subject Rights

According to the General Data Protection Regulation (GDPR), you have the following rights regarding the processing of your personal data. If you wish to exercise your rights, please contact us using the contact details provided in section 1.

 

Your rights:

  • You have the right to receive clear and understandable information about the processing of your personal data.
  • You have the right to obtain confirmation as to whether your personal data is being processed or not,and if s o, the right to obtain a copy of this data.
  • You have the right to request the correction of inaccurate or incomplete personal data.
  • In certain situations, you have the right to request the erasure of your personal data before the gen-
    eral data retention period.
  • In certain situations, you have the right to request the restriction of the processing of your personal data. If you have the right to restrict processing, we may in the future only process your data – except for storage – with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
  • In certain situations, you have the right to object to the processing of your personal data. You may also object to the use of your data for direct marketing purposes.
  • You have the right to receive your personal data concerning you in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without
    hindrance.
  • You also have the right to withdraw your consent at any time. If you wish to withdraw your consent, please contact us using the contact details provided in section 1. If you withdraw your consent, this will not affect the lawfulness of the processing based on your consent before its withdrawal. Your withdrawal will only take ef-fect from the time of withdrawal.
  • Additionally, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates applicable data protection regulations. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman (www.tietosuoja.fi; Office of the Data Protection Ombudsman, P.O. Box 800, 000531 Helsinki).