Register and Privacy Statement
This is Malmi Airfield Association’s Register and Privacy Statement conforming to the Personal Data Act (sections 10 and 24) and the EU’s General Data Protection Regulation (GDPR). Created 24 May 2018. Last changed on 24 May 2018.
1. Register keeper
Malmi Airfield Association
2. The contact person responsible for the register
Niko Lamberg, firstname.lastname@example.org, tel. +358 50 522 7535
3. Name of the register
This statement covers the following registers maintained by Malmi Airfield Association:
Membership Register of Malmi Airfield Association
Season Card Register of Malmi Airfield Association
The PPR register of Malmi Airfield Association
Billing system of Malmi Airfield Association
4. Legal basis and the purpose of processing personal data
By filing a membership application, a season card order, a PPR request, or a traffic circuit slot reservation to Malmi Airfield Association, the registered user agrees to the processing of personal data. Processing of personal data is necessary to implement the agreement between the parties and to comply with the statutory obligations of the register keeper.
The purpose of processing personal data is to communicate with customers, maintain customer relationship, billing and keeping track of traffic and security at Helsinki-Malmi Airport.
The information is not used for automated decision-making or profiling.
5. Information stored in the registers
The information recorded in the registers consists of: the person’s name, company / organization, contact information (phone number, e-mail address, address), IP address of the network connection, information on subscribed services and changes therein, billing information, aircraft registration number and other information relating to customer relationship and services ordered.
6. Regular sources of information
The information stored in the registers is obtained from the customer via (among others) email, phone, social media, contracts, customer meetings and other situations where the customer provides information.
7. Ordinary transfers of data and transfer of data outside the EU or EEA
As a rule, information will not be disclosed to other parties. Information may be published to an extent that has been agreed upon with the customer.
Data can also be transferred outside the EU or the EEA by the register keeper.
The information is stored in the Yhdistysavain cloud service maintained by Avoine Ltd, the Helpostilasku.mobi service maintained by Billgo Ltd and the services maintained by Google LLC and DigitalOcean, Inc.
8. Principles of register protection
The registers are managed carefully, and data processed using the information systems is adequately protected. When keeping records on Internet servers, the physical and digital security of their hardware is taken care of appropriately. The keeper of the registers ensures that stored data, server access privileges and other critical data related to the security of personal data are processed confidentially and only by employees with the appropriate job description.
9. The right of inspection and the right to request correction of data
A person in the register has the right to check their stored data and to demand that any incorrect information be corrected or incomplete information supplemented. If a person wishes to check or request correction of their record, the request is to be sent in writing to the register keeper. The register keeper may, if necessary, request the applicant to prove his identity. The register keeper will respond to the customer within the time limit defined in the EU Data Protection Regulation (usually within one month).
10. Other rights related to the processing of personal data
A person in the register has the right to request the deletion of their personal data from the register (“the right to be forgotten”). Also, those who are registered have other rights under the EU’s general data protection regulation such as restricting the processing of personal data in certain situations. Requests are to be sent to the register keeper in writing. The register keeper may, if necessary, request the applicant to prove his identity. The register keeper will respond to the customer within the time limit defined in the EU Data Protection Regulation (usually within one month).