1. You are here:
  2. Homepage
  3. RESOURCES
  4. Take the pulse of every community member
  5. CIW Data Privacy Statement 

CIW Data Privacy Statement 

The Community Impact Wheel service is owned and manahed by Communication Squared Oy and sold exclusively to associations by the Association of Association Executives. This statement applies to data privacy for the tool itself, while AAE's data and privacy statement applies in the sales process.

According to the General Data Protection Regulation, the personal data controller of a register is obliged to inform the register’s data subjects in a clear and informative manner. This statement fulfils this informing obligation. 

1. Personal data controller 

Communication Squared Oy, Rahkoilankatu 15, 13220 Hämeenlinna, Finland 
+358 41 540 5940 
[email protected] 

2. Data subjects 

Current and potential clients, suppliers and collaborators 

Users of the Community Impact Wheel 

3. Purpose of use of personal data 

Grounds for keeping the register: 

  • Personal data is being processed based on an existing or potential client, supplier or collaboration relationship 

Purpose of the register and the processing of personal data 

Personal data is only being processed for predetermined purposes, which are: 

  • Contractual purposes 

  • Client, supplier or collaboration relationship management 

  • Delivery of services 

  • Informing existing and potential clients of services 

4. Personal data recorded in the register 

The registers may contain the following information. 

Client register: 

  • Contact information 

  • Payment and bank information 

  • Information on purchased services 

User register: 

  • Contact information for user organisation’s admin users 

  • Information on used services 

  • No personal data is collected on regular users of the Community Impact Wheel 

Marketing register: 

  • Contact information 

  • Information on proposed services 

5. The data subject’s rights 

The data subject has the following rights, and requests for their use should be sent to the above contact. 

Right to access data 

The data subject may check the data we have recorded. 

Right to rectification 

The data subject may request the rectification of inaccurate or incomplete personal data. 

Right to object 

The data subject may object to the processing of personal data if the data subject feels that personal data has been processed unlawfully. 

Right to forbid direct marketing 

The data subject has the right to forbid the use of personal data for direct marketing. 

Right to deletion 

The data subject has the right to request the deletion of data if personal data processing is not necessary. We will handle the request for deletion and proceed to either delete the data or state a justified reason for not being able to delete the data. 

It should be noted that the controller may have legal or other rights to not delete the requested data. The controller is obligated to preserve accounting materials for the duration (10 years) set out in the Finnish Accounting Act (Chapter 2, Section 10). For this reason, materials related to accounting cannot be deleted before that term has expired. 

 

Withdrawing consent 

If the processing of personal data is only based on the data subject’s consent and not for instance on a customer relationship or membership, the data subject may withdraw consent. 

The data subject may complain of the decision to the Data Protection Supervisor 

The data subject has the right to demand us to restrict the processing of controversial data until the matter is solved. 

Right to complain  

The data subject has the right to complain to the Data Protection Supervisor if the data subject feels that we are violating the effective data protection regulation when processing personal data. 

Contact information of the data protection supervisor: www.tietosuoja.fi/en/index/yhteystiedot.html  

6. Regular information sources 

Client, supplier and collaborator information is regularly obtained from: 

  • From the data subject as the relationship is formed 

7. Regular disclosure of data 

The data is not generally disclosed for marketing purposes outside the company. 

8. Duration of processing 

Personal data is actively processed for the duration the relationship exists, and retained for 24 months after the end of the relationship. 

9. Personal data processors 

The controller and its employees process personal data. We may also outsource the processing of personal data partly to a third party, in which case we will guarantee with contractual arrangements that personal data is processed in compliance with valid data protection legislation and also otherwise appropriately. 

10. Transferring data outside the EU 

Personal data is not generally transferred outside the EU, the EEA or adequate countries without express permission by the data subject. 

Data held within the Community Impact Wheel application, including admin users’ contact details, is securely stored on Microsoft Azure servers which use industry-leading security measures and privacy policies to safeguard data in the cloud. 

11. Automatic decision-making and profiling 

Data is not used for automatic decision-making or profiling.