28th of January 2020
ProCom Viestinnän ammattilaiset ry (ProCom)/ProCom – The Finnish Association of Communication Professionals
Business ID 0288699-2
Kasarmikatu 23 A 5
00130 Helsinki, Finland
(+358 9) 135 7775
Purpose of and Grounds for Processing Personal Data
For the purposes of organising [Helsinki Ethics 2020], we collect certain data of the members of ProCom or ProCom’s potential and existing customers and the users of our website www.helsinkiethics2020.com. We also process personal data of the speakers or other special quests in our events in the manners explained further in detail below.
Website user data
Our website is open to the public and browsing it does not require registration. We collect cookies and data through different forms (e.g. the information you provide in our contact form).
When you visit our website, our site will save cookies, which are small text files, on your device. All cookies used in our website are technical cookies. They enable our website to function and help us serve you better.
When you register to our event, we process your personal data such as your name and data related to your employment (e.g. organisation and job title). In such case, our processing is based on our legitimate interest to manage and develop our events. After the event, some data (name, email address, job title) can be transferred to our marketing and stakeholder register that we use to inform you about our similar events in the future. We will not send you any electronic direct marketing without your prior consent, unless otherwise permitted by law.
When you register to our event, we collect the following data:
- contact information (email address)
- data related to an employment or service relationship (e.g. organisation, job title)
- information on dietary requirements
- billing information
If you are a speaker, in addition to the above-mentioned information, we may process the following information:
- information required to book flights/hotels (e.g. passport number)
- picture of the speaker that is published on our website
- information related to the speech.
Feedback from our events
After the event, we may send you a questionnaire in which you can provide feedback on the event. As part of this, we will register your name, email address and your responses in the questionnaire. When collecting your feedback, our processing is based on our legitimate interest in improving our events in the future.
We may take pictures and record video footage of our events. We do not intend to photograph the attendees directly but rather groups, except for the speakers who we may photograph directly. Such processing is based on our legitimate interest to market our events. We may publish some of the pictures taken in the event in social media.
Storage Period of Personal Data
We do not store your personal data longer than is legally permitted and necessary for the purposes described in this Privacy Notice. The storage period depends on the nature of the information and on the purposes of processing. We will, for example, remove the data related to your dietary requirements after the event.
The data on our stakeholder and marketing register will be made passive when three years have passed from your latest contact with us. The passive data will be removed after one more year has passed, unless you have contacted us.
Regular Sources of Data
We mainly process personal data we obtain from you directly, for example when you register to the event, contact us or when you sign up to receive marketing material. We may also collect the data from public sources (e.g. to contact speakers).
Regular Disclosures of Data and Categories of Recipients
As a rule, we do not disclose data to third parties. The data can be accessed by third parties providing services for ProCom (e.g. registration platform). ProCom uses agreements to ensure that these third parties only process personal data in compliance with its instructions and this Privacy Notice.
We will publish information of the speakers (e.g. name, picture) in order to market the event. Additionally, we may hire an external photographer, and we may publish pictures taken from the event in social media.
Transfer of Data outside the EU or the EEA
In certain circumstances, personal data may also be processed by subcontractors located outside the EU or the EEA. In these cases, we will ensure a sufficient level of data security through the standard contractual clauses prepared by the European Commission or through other legal transfer mechanisms (e.g. a decision of the European Commission on the adequate level of data protection in a third country).
Register Security Principles
The data are stored on appropriately secured servers. The technical data security of the servers is managed by various different means. Access to the data is managed using job role-based management of access rights.
The purpose of the activities above is to secure the confidentiality of the personal data stored in the register, the availability and integrity of the data and the rights of the data subjects.
The personal data will not be used for automated decision-making that could have legal effects or corresponding effects on you.
Right of to Object Direct Marketing
You can consent to or prohibit direct marketing separately for each marketing channel. You may also give your consent to or object our direct marketing by contacting us in accordance with section “Contacts” of this Privacy Notice.
Other Rights of the Data Subject
Right of the Data Subject to Access the Data
You have a right of access your data in the register. The access request must be made in accordance with the instructions given in this Privacy Notice. The right of access can be refused on the grounds set out in law. Exercising the right of access is generally free of charge.
Right of the Data Subject to Request Rectification, Erasure or Restriction of Processing of Personal Data
If you become aware of or observe an error in the data, you must rectify, erase or supplement any data contained in the register that conflicts with the purpose of the register or is incorrect, unnecessary, incomplete or outdated on your own initiative and without undue delay if you are able to do so on their own.
If you cannot rectify the data on your own, you must request rectification in accordance with section “Contacts” of this Privacy Notice.
You also have the right to demand that we restrict the processing of your personal data, e.g. while you are waiting for our response to a request for the rectification or erasure of the data.
Right of the Data Subject to Object to Processing of Personal Data
You have the right to object to profiling and other processing of your personal data by us on grounds related to your particular situation if the processing is based on our legitimate interest.
You can use your objection right in accordance with section ‘Contacts’ of this Privacy Notice. When presenting your request, you must specify the particular situation based on which you are objecting to processing. We can refuse to comply with the objection on the grounds set out in law.
Right of the Data Subject to Data Portability
If you have provided data for the register, and such data are processed based on your consent, you generally have the right to receive the data in a machine-readable format and to transmit them to another data controller.
Right of the Data Subject to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with the competent supervisory authority if we have not complied with the data protection regulations applicable to our operations.
Right to Withdraw Consent
If personal data are processed based on your consent, you have the right to withdraw your consent by giving a notice to us in accordance with section ‘Contacts’ of this Privacy Notice.
In case of questions related to the processing of personal data and situations related to the exercise of your rights, you should contact us. You can use your rights by sending an e-mail message to email@example.com.
Changes to the Notice
ProCom can make changes to this Privacy Notice in case of changes to the methods or purposes of the processing of personal data.