Register and Privacy Statement
This is the association’s register and privacy statement in accordance with the EU General Data Protection Regulation (GDPR). Prepared on September 19, 2025. Last updated on September 19, 2025.
1. Data Controller
Maa- ja kalliorakentajat ry
Rakentajanaukio 4, 02150 Espoo
2. Contact Person Responsible for the Register
Alexander Norkin
rahastonhoitaja@mkr-aalto.fi
3. Name of the Register
Membership Register of Maa- ja kalliorakentajat ry
4. Legal Basis and Purpose of Processing Personal Data
The legal basis for processing personal data under the EU General Data Protection Regulation is the controller’s legitimate interest. The purpose of processing personal data is to maintain the membership register as required by Section 11 of the Finnish Associations Act (503/1989), as well as to maintain the contact information of the club’s members.
5. Data Content of the Register
The following information is stored in the register:
i. Full name
ii. Place of residence
iii. Email address
The register does not store information of persons who are not members of the club. Such information will be deleted immediately if membership is terminated.
6. Regular Sources of Data
The information stored in the register is obtained from individuals joining the club and from existing members through online forms as well as in writing at events.
7. Regular Disclosure of Data and Transfer of Data Outside the EU or EEA
Data will not be disclosed to third parties. Data will not be transferred or stored outside the European Union or the European Economic Area.
8. Principles of Register Protection
The processing of the register is carried out with due care. Data is stored only in electronic form on reliable internet servers of a third party that complies with EU data protection legislation. The data is accessible only to responsible persons of the association. The controller ensures that only authorized persons have access to the register.
9. Right of Access and Right to Request Rectification
Every individual in the register has the right to check the information stored about them and to request the correction of any incorrect information or the completion of incomplete information. If a person wishes to check their stored data or request a correction, the request must be sent in writing to the controller. The controller will respond to the request within the timeframe stipulated in the EU General Data Protection Regulation, generally within one month.
10. Storage Period of Register Data
The register contains only the information of individuals who are members of the association. Data of persons who have resigned or been expelled from the association will be deleted from the register within a reasonable time, and no later than one month after the decision on resignation or expulsion.