Finnish Cyclists’ Federation, Business ID 2662156-9
Iso Roobertinkatu 3-5 A 22
00120 Helsinki
www.pyoraliitto.fi
pyoraliitto@pyoraliitto.fi
Janne Paananen / Executive Director
Iso Roobertinkatu 3-5 A 22
00120 Helsinki
Tel. +358 44 2795588
janne.paananen@pyoraliitto.fi
Finnish Cyclists’ Federation’s membership register, individual membership
Dynamo membership register
Registers for marketing, surveys, research and collaborations, as well as for service and event production
Register for the Finnish Center for Cycling Tourism
The purpose for collecting personal data is to maintain a membership register in accordance with the Association Act (Section 11 of the Association Act). The general conditions for collecting personal data are fulfilled in accordance with section 4 (1) of the Data Protection Act.
Personal data is used for purposes of membership and collaboration, such as invoicing membership fees, creating a record of payments, and membership communication.
The primary method of all communication is email. Other contact information is used only when a person cannot be reached by email. Information such as gender or date of birth is only used for statistical purposes in grant reporting and operational development. The statistical data is produced in a way that individuals cannot be identified. Sometimes, in connection with events and projects, we collect additional, event-related information, such as cycling skills, cycling routes, dietary restrictions etc.
Generally, all data is collected directly from the individual through a membership or a volunteer sign-up form or by email (data modification requests, other registers).
For events, data is collected using an event registration form. In the case of lobbying and direct marketing, data is collected either directly from the individuals or from public sources, such as corporate websites, various directories and public databases.
Any individual has the right to review and edit their own data in a register (membership registers) or to submit an email request for data modification or removal. The registers also collect data generated automatically by information systems, such as log data and payment transactional data.
Collected personal data
Dynamo membership
Registers for marketing, surveys, research and collaborations, as well as for service and event production
Data collected by information systems
All registered data is handled confidentially and the registers are appropriately protected from public access. Data access is limited to authorized personnel with a legitimate need to handle it for performing tasks assigned to them. Logging into the registry or any other Federation system requires an active username and password. Each login authentication creates a log entry. Authorized employees handling data are committed to confidentiality.
Any personal data collected from a member will be permanently deleted no later than six months after the end of their membership.
Electronic data processing
Individual membership data register (1.) is stored in the electronic registry service FloMembers, by service provider Flo Apps Oy. For electronic mailing lists, we use MailChimp, Creamailer and Google Groups. The data for (2.) Dynamo business memberships is stored in Google Suite (Sheets, Docs, Mail, Calendar) and in Asana. The registers for marketing, lobbying, and events (3.) are stored in Google Suite (Forms, Mail, Calendar, Sheets, Groups), Gravity Forms, Asana, FloMembers and Lyyti. Additionally, the Cyclists’ Federation uses financial management systems for invoicing/payment processing.
These systems meet EU’s General Data Protection Regulation (GDPR) requirements. They are monitored 24 hours a day. Data security for membership data is managed through:
SSL-encrypted networks
Encrypted password storage
Data is secured through technical security controls, data processing restrictions based on employee roles, access control, transaction logs and geographical diversification of data processing resources to ensure availability within the EU. Critical operations are recorded in the system logs. Confidential data is never handled manually in paper format.
Some information may be disclosed to third parties, e.g. in cases where the holder of the register (the Finnish Cyclists’ Federation) provides insurance coverage or some other benefit to the registered individual, or because the federation transmits billing or payment information through its financial administration system. In general, all registers are only for the use of the Finnish Cyclists’ Federation.
Rights of a registered individual
A registered individual has the right to review, request modification or removal of their personal data, as well as the right to object or restrict the handling of their data. A request must be submitted to the person in charge of the register, who will then verify the individual’s identity prior to agreeing on any changes in handling the data. The request for processing personal data must include the individual’s name and address, as well as the name of the register.
A registered individual can update their own contact information by logging into the registry (individual membership). Using the system requires a username and password. To request data review and/or modifications in any other register, please send a request by email to the person in charge of the register.
A registered individual has the right to request all personal data they have provided to the owner of the register. Additionally, they have the right to request a transfer of any data to another registry. The information shall be provided in machine-readable format.
A registered individual has the right to submit a complaint to the data protection authority if they suspect improper handling of personal data.