CIW Data Privacy Statement
The Community Impact Wheel service is owned and manahed by Communication Squared Oy and sold exclusively to associations by the Association of Association Executives. This statement applies to data privacy for the tool itself, while AAE's data and privacy statement applies in the sales process.
According to the General Data Protection Regulation, the personal data controller of a register is obliged to inform the register’s data subjects in a clear and informative manner. This statement fulfils this informing obligation.
1. Personal data controller
Communication Squared Oy, Rahkoilankatu 15, 13220 Hämeenlinna, Finland
+358 41 540 5940
[email protected]
2. Data subjects
Current and potential clients, suppliers and collaborators
Users of the Community Impact Wheel
3. Purpose of use of personal data
Grounds for keeping the register:
-
Personal data is being processed based on an existing or potential client, supplier or collaboration relationship
Purpose of the register and the processing of personal data
Personal data is only being processed for predetermined purposes, which are:
-
Contractual purposes
-
Client, supplier or collaboration relationship management
-
Delivery of services
-
Informing existing and potential clients of services
4. Personal data recorded in the register
The registers may contain the following information.
Client register:
-
Contact information
-
Payment and bank information
-
Information on purchased services
User register:
-
Contact information for user organisation’s admin users
-
Information on used services
-
No personal data is collected on regular users of the Community Impact Wheel
Marketing register:
-
Contact information
-
Information on proposed services
5. The data subject’s rights
The data subject has the following rights, and requests for their use should be sent to the above contact.
Right to access data
The data subject may check the data we have recorded.
Right to rectification
The data subject may request the rectification of inaccurate or incomplete personal data.
Right to object
The data subject may object to the processing of personal data if the data subject feels that personal data has been processed unlawfully.
Right to forbid direct marketing
The data subject has the right to forbid the use of personal data for direct marketing.
Right to deletion
The data subject has the right to request the deletion of data if personal data processing is not necessary. We will handle the request for deletion and proceed to either delete the data or state a justified reason for not being able to delete the data.
It should be noted that the controller may have legal or other rights to not delete the requested data. The controller is obligated to preserve accounting materials for the duration (10 years) set out in the Finnish Accounting Act (Chapter 2, Section 10). For this reason, materials related to accounting cannot be deleted before that term has expired.
Withdrawing consent
If the processing of personal data is only based on the data subject’s consent and not for instance on a customer relationship or membership, the data subject may withdraw consent.
The data subject may complain of the decision to the Data Protection Supervisor
The data subject has the right to demand us to restrict the processing of controversial data until the matter is solved.
Right to complain
The data subject has the right to complain to the Data Protection Supervisor if the data subject feels that we are violating the effective data protection regulation when processing personal data.
Contact information of the data protection supervisor: www.tietosuoja.fi/en/index/yhteystiedot.html
6. Regular information sources
Client, supplier and collaborator information is regularly obtained from:
-
From the data subject as the relationship is formed
7. Regular disclosure of data
The data is not generally disclosed for marketing purposes outside the company.
8. Duration of processing
Personal data is actively processed for the duration the relationship exists, and retained for 24 months after the end of the relationship.
9. Personal data processors
The controller and its employees process personal data. We may also outsource the processing of personal data partly to a third party, in which case we will guarantee with contractual arrangements that personal data is processed in compliance with valid data protection legislation and also otherwise appropriately.
10. Transferring data outside the EU
Personal data is not generally transferred outside the EU, the EEA or adequate countries without express permission by the data subject.
Data held within the Community Impact Wheel application, including admin users’ contact details, is securely stored on Microsoft Azure servers which use industry-leading security measures and privacy policies to safeguard data in the cloud.
11. Automatic decision-making and profiling
Data is not used for automatic decision-making or profiling.