On this page you will find the association’s register and Privacy Statement.
Member register description
Register and Data Protection statement
This is a register and Privacy Statement prepared by the Aurora Borealis Association for development and culture. The leaflet is in accordance with the personal data Act (sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Drawn up on 19.3.2020.
Aurora Borealis Association for development and culture
Taitoniekantie 11 b 19, 40740 Jyväskylä
Contact person responsible for the register
Fund manager Nelli Niemistö
Name of the register
Register of members of the association.
- Legal basis and purpose of processing personal data
The legal basis for processing personal data in accordance with the EU General Data Protection Regulation is a legitimate interest of the controller. The purpose of processing personal data is to maintain the member register and to provide member benefits. The data is not used for automated decision-making or profiling.
- Data content of the register
The data stored in the register are: the person’s name, address, email and information about paid membership fees.
- Regular sources of information
The data stored in the register are obtained from the member after the member has paid the membership fee to the association.
- Regular disclosure and transfer of data outside the EU or EEA
The data will not be released to third parties.
- Principles of register protection
Care is taken when processing the register and the data processed by the information systems are properly protected. When registry data are stored on Internet servers, the physical and digital security of their hardware is taken care of appropriately. The controller ensures that stored data, server access rights and other data critical to the security of personal data are treated confidentially and only by the controller.
- Right of inspection and right to request correction of data
Every person in the Register has the right to check their data stored in the register and to require the correction of any incorrect information or the completion of incomplete information. If the person wishes to check the data stored about him or her or to request rectification of the data, the request must be sent electronically to the controller. The controller may, if necessary, ask the applicant to prove his or her identity. The controller will respond to the customer within the time period laid down in the EU Data Protection Regulation (usually within one month).
- Other rights related to the processing of personal data
A person in the Register has the right to request the deletion of personal data concerning him or her from the register (the”right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests must be sent electronically to the controller. The controller may, if necessary, ask the applicant to prove his or her identity. The controller will respond to the customer within the time period laid down in the EU Data Protection Regulation (usually within one month).