Finnish Association of Civil Engineers’ event customer and marketing registry
Valid from 1 April 2018
1. The Controller
Finnish Association of Civil Engineers RIL
Lapinlahdenkatu 1 B
FI-00180 Helsinki, Finland
2. Contact persons
+358 40 770 4832
miimu.airaksinen (at) ril.fi
+358 50 366 8687
ville.raasakka (at) ril.fi
3. Name of registry
RIL's event customer and marketing registry
4. Purpose of filing system
Personal data is used for registrations, orders, credits, billing, recovery, contacts, transactions, customer enquiries, service development, reporting, marketing, and other customer relationship management measures.
Purchasing, transaction and location information in the filing system can also be used for profiling and targeting marketing activities and customer communications to make them more interesting to the registered. Personal information is also used when sending newsletters, or when people attend events and other marketing activities.
5. Data content and information categories of the filing system
Data that can be used includes participants of RIL events and persons who have approved to receive marketing from RIL.
The registry may contain data from following information categories relevant to the purpose of the use of the registry:
a) Basic information such as name and contact details (address, email address, telephone number)
b) Billing and financial information such as credit card and payment information.
c) Other relevant information provided during registration process such as title, organisation, food allergies, date of birth, memberships in selected associations, passport number or personal ID.
d) Transaction information from the controller’s website on different websites, information on behaviour on websites and other related category information, participation in events, information entered for events, contacts made with customer service, contacts made with other RIL employees and services, and information related to subscribing to the newsletter.
6. Regular sources of information
Regular sources of information include
a) Information provided by the customer,
b) Customer data system and billing database,
c) User and transaction information on websites, blogs and newsletters,
d) Information on customer relationship management and customer service systems,
e) Partners and companies and authorities offering personal information services.
7. Regular disclosure of information
Filing system information can be shared within the RIL and with the dealers or subcontractors of the event to which the customer has registered.
RIL can also outsource the processing of your personal data to companies outside the enterprise which may also be in countries outside the European Union and the European Economic Area, such as the United States of America. These companies can process personal data to provide, for example, infrastructure and IT services, or other services. In such cases, sufficient data security and the handling of the filing system are taken care of by an EU-U.S. - Privacy Shield arrangement, or by contract using templates approved by the EU Commission.
8. Principles of filing system protection
The information is technically protected. Access to information requires adequate rights and identification. The filing system information can only be accessed by the controller and by specially designated technical persons. Only designated persons have the right to process and maintain the filing system information. Users are bound by professional secrecy. The filing system is backed up safely and can be restored as needed. The level of secrecy is audited at recurring intervals either by external or internal auditing.
9. The right to check and amend the filing system information
A person on the filing system has the right to check what information there is on him or her on the filing system. The request must be made in writing to the controller. A data subject has the right to amend any incorrect information on the filing system.
10. Period of retention of documents
Registration information is stored as needed for enabling the event and after that for 7 years as the Bookkeeping Act demands. As this period has passed, the information will be removed.