1. The organization
Finnish Cyclists’ Federation, Business ID 2662156-9
Iso Roobertinkatu 3-5 A 22
00120 Helsinki
www.pyoraliitto.fi
pyoraliitto@pyoraliitto.fi
2. Contact person
Matti Koistinen/Executive Director
Iso Roobertinkatu 3-5 A 22
00120 Helsinki
Tel. +358 44 2795588
matti.koistinen@pyoraliitto.fi
3. Data collection registers
Finnish Cyclists’ Federation’s membership register, individual membership
Dynamo membership register
Registers for marketing, surveys, research and collaborations, as well as for service and event production
Register for the Finnish Center for Cycling Tourism
4. Purpose and legal basis for collecting personal data
The purpose for collecting personal data is to maintain a membership register in accordance with the Association Act (Section 11 of the Association Act). The general conditions for collecting personal data are fulfilled in accordance with section 4 (1) of the Data Protection Act.
Personal data is used for purposes of membership and collaboration, such as invoicing membership fees, creating a record of payments, and membership communication. The primary method of all communication is email. Other contact information is used only when a person cannot be reached by email. Information such as gender or date of birth is only used for statistical purposes in grant reporting and operational development. The statistical data is produced in a way that individuals cannot be identified. Sometimes, in connection with events and projects, we collect additional, event-related information, such as cycling skills, cycling routes, dietary restrictions etc.
5. Registered content and typical data sources
Generally, all data is collected directly from the individual through a membership or a volunteer sign-up form or by email (data modification requests, other registers).
For events, data is collected using an event registration form. In the case of lobbying and direct marketing, data is collected either directly from the individuals or from public sources, such as corporate websites, various directories and public databases.
Any individual has the right to review and edit their own data in a register (membership registers) or to submit an email request for data modification or removal. The registers also collect data generated automatically by information systems, such as log data and payment transactional data.
Collected personal data
Cyclists’ Federation’s membership register, individual membership
First and last name
Street address, zip code and city
Phone number and email address
Date of birth, gender and primary language
Membership type
Consent to be added to the membership mailing list
Billing method
Dynamo membership
First and last name
Street address, zip code and city
Name of the employer, business ID and address, company’s annual revenue and profit margin (public information, has an impact on the membership fee amount)
Phone number and email address
Membership type
Consent to be added to the membership mailing list
Billing method
Registers for marketing, surveys, research and collaborations, as well as for service and event production
First and last name
Street address, zip code and city
Name of the employer
Name of the school and field of study (student tickets for events)
Phone number and email address
Date of birth, gender and primary language
Membership type (individual, member association, Dynamo business membership)
Consent to be added to the membership mailing list
Billing method, e-invoicing details
Bank account number (if commissions are paid)
For events and projects: language skills, cycling skills, dietary restrictions, unique participant identifier, cycling route, photo, video or audio recording
Political party for decision-makers (from public sources or as indicated by the individual)
No personal data is stored through surveys, unless an individual provides an email address for the purposes of a raffle.
Register for the Finnish Center for Cycling Tourism: partner information, municipal representatives, mailing list
Name, email address, phone number, city
Data collected by information systems
Membership start date
Payment information
E-invoicing information
Login information and log data related to data modification
6. Information security and data storage
All registered data is handled confidentially and the registers are appropriately protected from public access. Data access is limited to authorized personnel with a legitimate need to handle it for performing tasks assigned to them. Logging into the registry or any other federation system requires an active username and password. Each login authentication creates a log entry. Authorized employees handling data are committed to confidentiality.
Any personal data collected from a member will be permanently deleted no later than six months after the end of their membership.
Electronic data processing
Individual membership data register (1.) is stored in the electronic registry service FloMembers, by service provider Flo Apps Oy. For electronic mailing lists, we use MailChimp and Google Groups. The data for (2.) Dynamo business memberships is stored in Google Suite (Sheets, Docs, Mail, Calendar) and in Asana. The registers for marketing, lobbying, and events (3.) are stored in Google Suite (Forms, Mail, Calendar, Sheets, Groups), Gravity Forms, Asana and FloMembers. Additionally, the Cyclists’ Federation uses financial management systems for invoicing/payment processing.
These systems meet EU’s General Data Protection Regulation (GDPR) requirements. They are monitored 24 hours a day. Data security for membership data is managed through:
- SSL-encrypted networks
- Encrypted password storage
- Data is secured through technical security controls, data processing restrictions based on employee roles, access control, transaction logs and geographical diversification of data processing resources to ensure availability within the EU. Critical operations are recorded in the system logs. Confidential data is never handled manually in paper format.
7. Allowable information disclosures
Some information may be disclosed to third parties, e.g. in cases where the holder of the register (the Finnish Cyclists’ Federation) provides insurance coverage or some other benefit to the registered individual, or because the federation transmits billing or payment information through its financial administration system. In general, all registers are only for the use of the Finnish Cyclists’ Federation.
Rights of a registered individual
A registered individual has the right to review, request modification or removal of their personal data, as well as the right to object or restrict the handling of their data. A request must be submitted to the person in charge of the register, who will then verify the individual’s identity prior to agreeing on any changes in handling the data. The request for processing personal data must include the individual’s name and address, as well as the name of the register.
A registered individual can update their own contact information by logging into the registry (individual membership). Using the system requires a username and password. To request data review and/or modifications in any other register, please send a request by email to the person in charge of the register.
A registered individual has the right to request all personal data they have provided to the owner of the register. Additionally, they have the right to request a transfer of any data to another registry. The information shall be provided in machine-readable format.
A registered individual has the right to submit a complaint to the data protection authority if they suspect improper handling of personal data.