Privacy policy

File Controller
Nordiska Institutionen för Vidareutbildning inom Arbetsmiljöområdet (Business ID: 0496588–9)
Topeliusgatan 20, 00250 Helsingfors
+358 40 0416 122, henrik.backstrom@niva.org, www.niva.org

Contact person
Henrik Bäckström
Topeliusgatan 20, 00250 Helsingfors
+358 40 0416 122, henrik.backstrom@niva.org, www.niva.org

Name of the register
Event participant and customer register

Processor to whom personal data is transferred
Lyyti Oy (2117752-6)
Linnankatu 13a A18, 20100 Turku
02 480 911 91 help@lyyti.com

Purpose of processing personal data and legal basis
Personal data is being processed to implement the contract between the File Controller (NIVA) and the
Registered Person. Where applicable and subject to the prior consent of the Registered Person, personal data
is processed in connection to measures relating to customer relationship management (registration, contacts,
service use, marketing, and reporting). Data processed as part of the register can also be used for profiling and
for targeting marketing and customer communications based on the interests of the Registered Person.
Personal data will also be processed in connection to the sending of newsletters and to participation in events
and other marketing measures.

If the Registered Person fails to provide information that is required to register for an event, the File Controller
cannot accept the said registration or commit to the contract between the File Controller and the Registered
Person on participation in the event.

Storage period of personal data
Personal data will be stored for as long as it is necessary to facilitate the registration of the Registered Person
and the related event. In addition, the data will be stored according to the consent given by the registered
person.

Groups of persons, data content, and personal data groups of the register
Groups of persons whose personal data can be processed include participants of events organized by the File
Controller or persons who have consented to marketing measures.

The personal data that can be processed within the register include the first and last names and any contact
details of the person registered for the event organized by the File Controller, and any necessary information
provided relating to the event. Information provided by the Registered Person in connection to registration to
the event can contain an email address, telephone number, street address, date of birth, or information of
allergies.

Regular sources of information
Information provided by the participant, customer information and invoicing database.

Regular disclosure of information
Information contained in the register can be distributed within the organization and between the interest
groups of the event. In addition, information contained in the register will be forwarded to the named
personal data processor. Information will not be transferred outside the EU or EEA.

Data security principles
Data will be stored in a technically secure location. Physical access to the data is prevented by means of access
control and other security measures. Access to the data requires adequate rights and multi-phase
identification. Unauthorized access is also prevented by means of e.g. firewalls and other technical protection
measures. Data contained in the register can only be accessed by the File Controller and separately named
technical persons. Only the named persons have the right to process and maintain information contained in
the register. The users are bound by confidentiality obligation. Back-ups are made of the data contained in the
register in a secure manner and the data can be restored where needed. The level of information security is
audited regularly through either external or internal audits.

The rights of the Registered Persons
The right of the Registered Persons:

  • The right to request from the File Controller access to his or her personal data and the right
    to request that any error in the said data be corrected or removed or its processing be
    restricted, and to oppose to the processing or transferring of the said data from one system
    to another;
  • The right to view and, where required, to correct the personal data stored in the register; all
    requests must be submitted to the File Controller in writing. The Registered Persons have the
    right to require that any incorrect personal data saved in the register be corrected.
  • To the extent that the processing of the personal data is based on the consent of the
    Registered Person, the Registered Person has the right to cancel this consent at any time
    without this cancellation having any effect on the legality of processing completed before the
    said cancellation.
  • The right to submit claims to the supervisory authority on the processing of personal data

https://niva.org/app/uploads/data-protection-appendix-new.pdf