Privacy policy
This is the privacy policy for Tekstin talo – Textens hus ry, which complies with the EU General Data Protection Regulation (GDPR). Created 22.09.2023. Last modified 22.9.2023.
1. Data controller
Tekstin talo – Textens hus ry, Lintulahdenkatu 3, 00530 Helsinki
2. Data controller’s contact person
Laura Serkosalo, laura.serkosalo@tekstintalo.fi, p. +358 44 2305 044
3. Stored data
Tekstin talo – Textens hus ry stores the following data:
- member and tenant register
- client register
- register of weekly bulletin subscriber addresses
- register of newsletter subscriber addresses
4. Legal basis and purpose of processing personal data
The legal grounds for processing personal data under the EU General Data Protection Regulation are
- documented voluntary consent of the individual
- the data controller’s right to keep records of memberships
- client and contractual relationship management
Member and tenant register
The member and tenant register contains data about Tekstin talo’s member organisations and other tenants, as well as their contact details and billing details. The purpose of processing contact details is to communicate with members and tenants, and to manage the client and contractual relationship. The data will not be used for automated decision-making or profiling.
Client register
The client register contains data about the persons and organisations that have rented space at Tekstin talo, their contact details and billing details, as well as information about the rented space and the event taking place there. The purpose of processing contact details is to manage the client and contractual relationship. The data will not be used for automated decision-making or profiling.
Register of weekly bulletin subscriber addresses
Employees or trustees of Tekstin talo’s member organisations or an organisation that has signed a lease agreement of indefinite duration with Tekstin talo can subscribe to the weekly bulletin. Personal data is processed based on voluntary consent and for the purpose of managing the client relationship and providing the ordered service. The data will not be used for automated decision-making or profiling.
Register of newsletter subscriber addresses
Any private person can subscribe to the newsletter.
Contact details are processed based on voluntary consent. Personal data is processed for the purpose of managing the client relationship and providing the ordered service. The data will not be used for automated decision-making or profiling.
5. Stored data
Member and tenant register
The stored data includes: the name of the association or company, business ID and address, contact person’s details (name, phone number, email address), billing details, membership payment status, membership type. Contact details are only kept for the duration of the membership or tenancy and are deleted at the end of the year when this ends. The yearly list of members and tenants, which contains only the names of the member and tenant organisations, is kept permanently as part of the annual report.
Client register
The stored data includes: the name of the association, company or individual renting the premises, business ID (if any), address, contact details (telephone number, email address), billing details, rental details, payment status.
Contact details are only kept for the duration of the client relationship and are deleted when this ends.
Register of weekly bulletin subscriber addresses
Only the email address of the weekly bulletin subscriber is stored. The data is kept until the subscriber unsubscribes.
Register of newsletter subscriber addresses
Only the email address of the newsletter subscriber is stored. The data is kept until the subscriber unsubscribes.
6. Regular sources of data
Member and tenant register
The stored data is provided by email. Data on contact persons in businesses and other organisations can also be collected from public sources such as websites and directory services.
Client register
The stored data is obtained from the client by email or telephone. Data on contact persons in businesses and other organisations can also be collected from public sources such as websites and directory services.
Register of weekly bulletin subscriber addresses
The stored data is obtained from the client by email.
Register of newsletter subscriber addresses
The stored data is obtained from messages sent by the client via online forms.
7. Legal transfer of data outside the EU or EEA
In accordance with legislation, data is not disclosed to other parties. Data is not published anywhere.
The data controller does not transfer data outside of the EU or EEA without the explicit consent of the data subjects.
8. Data protection principles
All stored data is processed with care and data processed in information systems is properly protected. The data is stored in Excel format on the server of Office Management Oy, which is responsible for the data controller’s information systems and data security. The data controller ensures that the stored data is processed confidentially and only by those Tekstin talo employees for whom it is relevant to their tasks.
9. The right to view and correct data
Any person or entity has the right to check their stored data and to request that any inaccurate or incomplete data be corrected or updated. If a person or entity wishes to check the stored data about them or to request a correction, the request must be sent in writing to the controller. The data controller may, if necessary, ask the data subject to prove their identity. The data controller will respond to the client within the time limit set by the EU General Data Protection Regulation (usually within one month).
10. Other rights related to processing personal data
Data subjects who are private persons have the right to request that personal data concerning them be deleted (“right to be forgotten”). Other Rights under the EU General Data Protection Regulation include the right to restrict the processing of personal data in certain circumstances. You can do this by making a written request to the data controller. The data controller may, if necessary, ask the data subject to prove their identity. The data controller will respond to the client within the time limit set by the EU General Data Protection Regulation (usually within one month).