Privacy policy statement for stakeholder register
Privacy policy statement according to the EU’s Data Protection Regulation.
Controller
Finnish Pension Alliance TELA
Salomonkatu 17 B
00100 Helsinki
Contact person for matters concerning the register:
Register name
Stakeholder register
Purpose of the processing of personal data
Provision of information and services for stakeholders closely involved in TELA’s operations, the maintenance of other contacts with them.
Personal data are used for communications, advocacy, providing information about training and events, sending invitations, reports, surveys and analysis of TELA’s operations.
In addition, personal data are used for submitting an operational declaration pursuant to Section 8 of the Transparency Register Act.
Data are not used for commercial purposes.
Basis for the processing of personal data
The processing of personal data is based on the data subject’s consent or on TELA’s legitimate interest.
Categories of personal data concerned
The register contains data on the representatives of the following stakeholders:
- members of the Finnish Parliament, ministers, Members of the European Parliament and their assistants
- civil servants employed by the State, other public bodies and EU institutions
- trade unions and employers’ organizations
- political parties and their organizations
- student and youth organizations
- pensioner organizations
- journalists
- universities, research institutes, think tanks and other organizations
- personnel of TELA’s members
- TELA service providers and cooperation partners
The persons stored in the register are, to a large extent, chosen based on their social position and via the organizations’ and persons’ employment and service duties.
Contents of the register
The following data on stakeholder representatives and the personnel of TELA’s members are stored in the register:
- Person’s name
- Organization represented by the person
- Position in the organization
- Contact details: email address and work phone number,
- Information about communication related to submission of an operative report pursuant to Section 8 of the Transparency Register Act
- Other additional information potentially related to communication
Regular data sources
Personal data are generally gathered from publicly available sources, chiefly from organizations’ websites. In addition, personal data may be obtained from the persons themselves and their employers.
Recipients of personal data
TELA does not disclose data to parties outside the organization, apart from requirements arising from the Transparency Register Act or other legislation.
Period for which personal data are stored, or the criteria used to determine that period
Data are stored for as long as TELA maintains contact with the data subject. The register is updated as needed at least once per year.
Data are deleted when TELA no longer has contact with the data subject and therefore no longer needs to store the personal data, or if the data subject requests deletion of their data.
However, TELA is obliged to store the data of persons falling under the scope of Transparency Register reporting for as long as the person falls under the scope of the Transparency Register legislation and the reporting obligations to the Transparency Register concerning the person have been fulfilled.
Rights of data subjects
Data subjects have the right to request access to their personal data and the right to request the rectification or erasure of data or restriction of the processing. In addition, data subjects have the right to object to the processing of data on grounds relating to their particular situation, insofar as the processing is based on legitimate interest.
Automatic decision-making
Personal data are not processed automatically, nor are they used for automatic decision-making.
Right to lodge a complaint to the supervisory authority
Data subjects have the right to lodge a complaint to the Data Protection Ombudsman if they consider that the processing of their personal data violates the General Data Protection Regulation.
Protection of personal data
The register is maintained and protected by various technical and organizational measures. Access to the data is limited by user credentials.
The third-party personal data processor (CRM system administrator) is responsible for protecting the register in accordance with a personal data processing agreement.