Description of personal data processing
Statement according to Article 30 of the EU's General Data Protection Regulation (GDPR) on the processing of personal data in Kansanten sukuseuura ry (Kansanen Family society)
1. Registrar: Kansanten sukuseura ry
Representative of the registrar: Chairman Antti Kansanen
Personal data processors
Member register: secretary Leena Kansanen
Genealogy register: chairman of the genealogy working group Eeva Fihlman
2. Purpose and legal basis of processing
Fulfilling the obligation according to Section 11 of the Associations Act, the association must keep a list of its members.
Legal basis: Complying with the legal obligation of the controller (Article 6 paragraph 1c of the data protection regulation).
Collection and storage of family and personal history data in the genealogy register
Legal basis: Fulfilling the obligation according to Section 11 of the Associations Act (Article 6, Section 1e of the Data Protection Regulation and Section 4, Section 3 of the Data Protection Act)
Publication of genealogical research on a website controlled by the controller Legal basis: Performing a task in the public interest for historical research (Article 6 Section 1e of the Data Protection Regulation and Section 4 Section 3 of the Data Protection Act)
Publication of a genealogy book consisting mainly of a genealogy register Legal basis: Legitimate interest of the register keeper (Article 6 paragraph 1f of the data protection regulation). Legitimate interest of the data controller: Exercising freedom of expression
3. Groups of registrants
Membership register: Members of the Kansanten sukuseura ry.
Genealogy register: Persons belonging to the Kanstane family with their ancestors and their spouse's parents.
4. Personal data to be processed
Member register: The registrant's full name and contact information, for foreigners, citizenship. The information has been obtained from the registrants themselves.
Genealogical register: The person's full name and birth information, other personal information necessary for genealogical research, and consent and prohibition information. Personal data belonging to the special personal data groups of the living are only processed with the data subject's consent or after the data subject has made them public. The information has been obtained partly from the registrants themselves, partly from the population information system, various archival materials and printed sources.
5. Recipients of personal data and further processing
Member register: Joining the family club is voluntary and the registered contact information is processed for the family club's communication purposes.
Genealogy register: Personal data is transferred from the genealogy register as the base material for the manuscript of the genealogy and to a network disk aimed at a limited user base for genealogy research.
The registrar does not hand over personal data of the living outside the family association or transfer it to a third country.
The controller does not intend to further process personal data for a purpose other than that for which it was collected.
6. Personal data retention period
Membership register: The registrant's personal data is kept in the membership register as long as he is a member of the family association and is deleted without delay after the registrant's departure from the family association has taken effect or he has been deemed divorced, after which the personal data is destroyed.
Genealogical register: Personal data is kept as long as the maintenance of the genealogical register is part of the statutory activities of the genealogical society. After it ends, the genealogy register is either transferred to the archive authority for archiving purposes or destroyed.
7. Handling security measures
In order to guarantee the integrity and availability of data and to prevent illegal use, the genealogical society uses reliable suppliers of information systems and server services that take care of the appropriate technical protection of personal data.
Reliable operators have been selected as suppliers of software and server services, who are required to immediately inform the controller of data security breaches in order to document them. The controller does not process personal data that would likely cause a high risk for the rights and freedoms of the data subject.
8. Rights of the data subject
The registered person has the right to receive a copy of his personal data
The registered person has the right to have incorrect personal data concerning him corrected
The registered person has the right to have his personal data removed from the register or to prohibit the processing of his personal data
The registered person has the right to have the personal data he/she has provided transferred to another system when the processing of personal data is based on consent
The registered person has the right at any time to withdraw his consent to the processing of his personal data
The registered person has the right to file a complaint with the data protection commissioner about the processing of their personal data in violation of the data protection regulation or other legislation