Privacy Notice: MyyntiAkatemia Website and Activities
This privacy notice is based on Articles 13 and 14 of the EU General Data Protection Regulation (EU 679/2016).
Controller
Turku University of Applied Sciences Ltd
Joukahaisenkatu 3
20520 Turku, Finland
Telephone (switchboard): +358 (0)2 263 350
Email: kirjaamo@turkuamk.fi
Person in Charge and Contact Person(s)
Person in charge:
Arto Kuuluvainen, Senior Lecturer (Turku University of Applied Sciences, MyyntiAkatemia)
Contact person:
The person responsible for MyyntiAkatemia / the organiser of the respective event at Turku University of Applied Sciences
Data Protection Officer
Harri Kilpiö, Data Protection Officer (Turku University of Applied Sciences)
Telephone: +358 50 598 5830
Please send all data protection–related enquiries to: tietosuoja@turkuamk.fi
Messages sent to the data protection email address are processed by the Data Protection Officer as well as a data protection specialist acting as their counterpart and deputy.
Purpose of Processing Personal Data
Personal data are collected and processed for the planning, implementation, development and communication of MyyntiAkatemia’s website, trainings, coaching programmes and events (for example, for managing registrations and participant lists, distributing materials, sending newsletters and managing partner cooperation).
Legal Basis for Processing Personal Data
The processing of personal data is based on the data subject’s consent (EU 679/2016, Article 6(1)(a), for example when subscribing to a newsletter) and/or the performance of a contract (EU 679/2016, Article 6(1)(b), for example when registering for a MyyntiAkatemia training or event).
Legitimate Interests of the Controller or a Third Party
Not applicable. In the context of MyyntiAkatemia, the processing of personal data is not based on legitimate interests, but on the data subject’s consent and/or the performance of a contract.
Categories of Personal Data and Retention Periods
The categories of personal data processed may include, for example: first name, last name, email address, telephone number, organisation (company/affiliation), job title, choices related to a MyyntiAkatemia event (such as registration, participation, language and topic preferences), as well as any special dietary requirements and other information affecting the practical arrangements of the event.
Personal data related to MyyntiAkatemia events and trainings are retained for a maximum of 24 months after the end of the event, unless legislation (for example accounting obligations) requires a longer retention period. Data in newsletter and mailing lists are retained for as long as the data subject is a subscriber and the consent is valid. Data belonging to special categories of personal data (for example special dietary requirements) are erased after the event once the data are no longer needed for practical arrangements
Regular Sources of Data
Personal data have been obtained directly from the data subject, for example via forms on the MyyntiAkatemia website (registration and contact forms), by email, by telephone or in other similar contact situations. Providing data is voluntary, but in some cases (for example when registering for a training or event) the provision of certain personal data is a prerequisite for participation.
Recipients or Categories of Recipients of Personal Data
Personal data are processed by employees of Turku University of Applied Sciences responsible for MyyntiAkatemia’s activities, as well as by students involved in organising events. Where necessary, data may also be disclosed to partners whose involvement is essential for the practical arrangements of MyyntiAkatemia events (for example venue services or catering services), and only to the extent required for the implementation of the event.
Relevant Information on Transfers of Personal Data to Third Countries (Outside the EU/EEA)
As a rule, personal data are not transferred outside the EU or EEA. If, by way of exception, data are transferred to third countries (for example via a communication or newsletter system that uses an international online service), such transfers are always carried out using safeguards required by the General Data Protection Regulation (such as the European Commission’s standard contractual clauses).
Principles of Data Security
Access to personal data is restricted to those persons who need the data in order to perform their work duties. Access is controlled by user IDs and access rights. Data are stored in an encrypted and otherwise appropriately protected form so that they cannot be accessed by unauthorised persons or accidentally destroyed, altered, disclosed, transferred or otherwise processed unlawfully
Rights of the Data Subject
Under the General Data Protection Regulation, the data subject has the right to:
· obtain information on the processing of their personal data, unless an exception laid down in law applies
· access their personal data and to have inaccurate or incomplete data rectified
· have their data erased (“right to be forgotten”) (this does not apply if the legal basis for processing is a legal obligation or the performance of a task carried out in the public interest)
· restrict the processing of their personal data
· object to the processing of their personal data, where the legal basis for the processing is public interest or legitimate interest
· receive the personal data they have provided to the controller in a structured, commonly used and machine-readable format and to transmit those data to another controller, where the legal basis for processing is consent or contract and the processing is carried out by automated means
· withdraw their consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal
· receive information on the controller’s obligation to notify in connection with rectification or erasure of personal data or restriction of processing
· not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning them or similarly significantly affects them (the data subject may, however, consent to automated decision-making).
The data subject may exercise their rights by contacting the contact person or the Data Protection Officer indicated in this notice. Further information on the rights of data subjects is available from the contact person and/or the Data Protection Officer.
If the processing of personal data does not require the identification of the data subject by the controller without additional information, and the controller is unable to identify the data subject, the rights of access, rectification, erasure, restriction of processing, notification and data portability do not apply.
You have the right to lodge a complaint with the Office of the Data Protection Ombudsman if you consider that the processing of your personal data infringes the applicable data protection legislation. The contact details of the Data Protection Officer are provided at the beginning of this privacy notice. All requests and matters are handled on a case-by-case basis.