We take the processing of personal data seriously. We keep your data safe. Any personal data collected is linked to supporting the presidential candidacy and presidential campaign of Pekka Haavisto. We need your contact information to be able to inform you of the progress of the campaign, and to offer further opportunities to join the campaign.
1. Data controller and personal data register contact person:
Data controller: Mahdollisuuksien Suomi 2030 ry
Address: P.O. Box 211, 00181 Helsinki
Contact person / data protection officer: Jarno Lappalainen
2. Name of the personal data register
Pekka Haaviston tukijat -henkilörekisteri
3. Purpose of the data and basis for the processing
The sole purpose of the personal data register is to message the registered persons about the activities of Mahdollisuuksien Suomi 2030 ry and of the electoral association to be set up to support Pekka Haavisto. The ways of communication are for example emails and digital newsletters that can contain both communication and marketing materials.
The primary legal basis for processing personal data is the data subject’s consent [TSA 6.1(a) and TSA 9.2(a, b ja d)] as well as the data controller’s legal obligation [TSA 6.1(c)].
4. Time of processing the data
The data is processed until 28 February 2024. After this all data will be deleted.
5. Content of the personal data register
The following data types are collected to the personal data register:
- first name and last name
- phone number
- municipality of residence
- data subject’s selected ways to support the campaign
- data concerning receiving or denying messages
- data generated by donations or becoming a supporting member
6. Sources of data for personal data register
Data for the personal data register is collected from the registered themself as they sign up as a supporter for a presidential campaign of Pekka Haavisto and as a subscriber for further information, as well as become a member or a supporting member of the association, or make a donation for the support association. The data is collected both digitally and by paper form.
7. Data disclosure and data transfer
No personal data will be disclosed to external operators, except as the data controller is required by its legal obligations.
No personal data will be transferred outside the European Economic Area for processing.
8. Processors of personal data
Only the employees of the association and other specifically authorised persons process personal data.
9. Safety of personal data
Safety of processing the personal data is ensured appropriately in proportion to the estimated risk level:
Confidentiality of the data is secured by using encrypted communications.
The usability and fault tolerance of the service has been secured either by the data controller’s own technical measures, or by requiring adequate freedom from interference from the used service provider, as well as regularly maintaining the used programs.
Data protection is taken into account already in the procurement process when purchasing systems, software and services for processing.
Editing and accessing the data of the personal data register are technically prevented from anyone other than persons qualified for data processing as specified above. Qualified persons are identified with proper access control.
10. Data subject rights
In accordance with the General Data Protection Regulation (GDPR) data subjects have a right to obtain, at their own request, information about their data recorded in the register. Information can be requested from the controller’s contact person if necessary.
In accordance with the General Data Protection Regulation (GDPR) data subjects have a right to request the correction of inaccurate information or completion of incomplete information. Ratification may be requested from the controller’s contact person if necessary.
In accordance with the General Data Protection Regulation (GDPR) data subjects have a right to decline or limit the processing of their personal information, and require erasing personal data stored in the register. If the data subject limits, opposes or declines the processing of data in a manner deemed necessary by the association for the purpose of processing, the data subject is considered to have withdrawn from their consent to the processing of data, requiring its deletion.
If the person registered considers that processing of their personal data is in violation of the General Data Protection Regulation (GDPR), they have a right to file a complaint with the national supervisory authority either in their country of residence or employment, or in a Member state where the breach took place. The jurisdiction is Finland in case the data subject sees that the breaching party is this association. This right is without prejudice to the rights of the registered to other means of legal recourse.
The national supervisory authority for matters related to the General Data Protection Regulation (GDPR) in Finland is the Data Protection Ombudsman.