Processing of personal data and data protection in the Finnish Jewellery Art Association

The Finnish Jewellery Art Association's Privacy Statement

Combined registry description and information of members and interest groups
Updated  17 Feb 2024

Korutaideyhdistys ry - the Finnish Jewellery Art Association (hereinafter the Jewellery Art Association) complies with Regulation (EU) 2016/679 of the European Parliament and of the Council, i.e. the general EU data protection regulation and national data protection legislation.

Registrar

‍Korutaideyhdistys ry
Valtakatu 66, 53100 Lappeenranta, Finland

Data Protection Officer

‍Executive Director of the Jewellery Art Association or a person in charge named from the board members
info@korutaideyhdistys.fi

Names of registers

The official register of members of the Jewellery Art Association and the contact information register of interest groups.

Registrant

‍‘Registrant’ refers to the person whose personal data is processed in the registers defined above. Registrants are:
· Members and former members of the Jewellery Art Association, including support members
· Applicants and participants in exhibitions, education, events and functions produced by the Jewellery Art Association
· Members of interest groups involved in the activities of the Jewellery Art Association. Interest groups can be both individuals and communities.
. Subscribers of our newsletters

Purpose and basis of the register  ‍

‍The purpose of the Jewellery Art Association is to promote and make known contemporary jewellery as a form of art and design in Finland and abroad. Thus, its core activities include information, education and events. The Jewellery Art Association collects and processes personal information so that it can implement, maintain and develop the association's appropriate activities, public relations, marketing and communication with various interest groups.

The processing of personal data is based on legislation, the registrant’s consent, as well as membership and/or other agreement depending on the registrant's affiliation with the Jewellery Art Association.The information in the statutory membership register maintained by the Jewellery Art Association is used for example for:
· internal communication of the association (e.g. electronic Member Newsletters, Invitations and Membership Surveys)
· invoicing of membership fees
· planning and organizing trainings and events

The information in the contact register of interest groups is used e.g. for communication about events organized by the Jewellery Art Association. This information is generally provided by e-mail.

Description of the stored data

‍The membership register contains the following information on members:
· First Name, Last Name, Address, Phone Number, Email Address, Joining Date, and Possible Date of Resignation
· Additionally the bank details of members participating in sales events organized by the Jewellery Art Association are stored for payment of the sales proceeds. After payment, the bank contact information will be deleted, at the latest within one year.
· Information provided by the members themselves meant for publication on the Association’s online distribution platforms, this being information related to the members' artistic work, such as date and place of birth, biography in Finnish and English, web address and image material.
· The information in the contact register of interest groups is organized according to the activities and communication needs of the Jewellery Art Association.
· The contact register of interest groups contains the following information: first name, last name, employer / community / organization represented by the registered, position in the community / organization, industry, e-mail address, telephone number and date of when the information was added to the register.
· In addition to the information listed above, the following information may be collected from participants in trainings, exhibitions and events: CV (from applicants for an exhibition), billing information, business ID, web address, food allergies, marketing bans and consents and other additional information provided by the registrant in connection with the training, exhibition and event.
· Not all of the above information is necessarily collected from all registrants.‍

By joining the mailing list on the KORU8.fi website, the subscriber’s email address is saved in the database of our service provider Squarespace, Inc.

Regular sources of information

The information in the member register of the Jewellery Art Association has been obtained from the members themselves. Upon joining as a member, the new member consents to the storage of the above-mentioned personal data in the member register.

The personal data in the contact register of interest groups has been obtained from a person belonging to the Jewellery Art Association's interest groups themselves or from publicly available sources, such as the internet. The registers are updated on the basis of a change notification submitted by the registrant themself to the registrar.

Disclosure and transfer of data

‍As a general rule, personal data will not be disclosed from the register to third parties. Information may only be disclosed to third parties for justified reasons. For example, concerning participants of an exhibition, in addition to a list of names also other generally public information from the webpage of the Jewellery Art Association may be disclosed directly to curators or similar parties.

In addition, the Jewellery Art Association may also publish on its own websites, social media channels or other communications the information and material provided by the members to the association for publication purposes, such as the artist's / author's name, year and place of birth, place of residence, biography, website address and image material. At events organized by the Association, information about a participants' special diets can be passed on to a catering service responsible for serving food or drinks. In this case, the catering service is responsible for the proper handling and storage of the personal register itself.

‍Content embedded from other sites

‍Website articles may contain embedded content (e.g. videos, images, articles, etc.). Opening the embedded content imported from other sites is comparable to the fact that the visit actually happens on a third-party site.These sites may collect information from you, use cookies to embed third-party tracking cookies and monitor interaction with embedded content, including the monitoring of interaction if and when you are signed in as a user to the site.

‍Data transfer outside the EU or the EEA

‍The data will not be transferred outside the European Union or the European Economic Area unless it is necessary for the technical implementation or other reasons of the service used by The Jewellery Art Association. For example, in the case of online meetings (Zoom), the processing of personal data takes place in the USA with the protection required by the GDPR.

The Jewellery Art Association uses MailChimp and Squarespace for its newsletters, which means that data may be stored outside the EU or the EEA. About the data protection of the services in more detail: https://mailchimp.com/legal/ and https://www.squarespace.com/privacy

Registry security

‍Only the Executive Director of the Jewellery Art Association and certain members of the board have access to personal information of registrants. They process personal data only when it is necessary for the performance of their duties.

The Jewellery Art Association member register and contact register of interest groups is maintained by services provided by Google Inc.. Access is protected by a strong password. Google is committed to complying with the European Commission's model contract clauses to ensure an adequate level of data protection for the data it processes (Google Data Processing and Security Terms 2.0).

A backup of data on an external hard drive is stored in a locked location. The data network and computer equipment used to process the registry are protected by a firewall and security programs.

Retention period of personal data

‍All personal data of members and interest groups will be retained for as long as is justified for the purposes defined above. Personal data may, to the extent necessary, also be retained after the termination of the membership to the extent permitted or required by applicable law. Personal data of a registrant may also be retained to the extent necessary to implement a ban on direct marketing by the registrant themself.

Rights of the registrant and their enforcement

The registrant has the right to check, correct and delete the information stored about themselves in the member register of the Jewellery Art Association and the contact information register of interest groups.

The registrant has the right to:
· requests access to their personal data. A member has the right to access their personal data in the register. However, the right may be restricted by law and the protection of the privacy of others.
· request that their data be corrected. If a member's information is incorrect or incomplete, they have the right to request that the information be corrected, unless restricted by law.
· to be forgotten. A member may request the removal of their information from the register. In certain cases, if processing of the data is necessary for normal operation of the association, the Jewellery Art Association may refuse to delete the data upon request. However, in such a case explanation must be provided as to why the data cannot be deleted.
· restrict the processing of personal data. A member may request a restriction on the processing of their personal data if they have challenged the accuracy of the data or the lawfulness of the processing. The processing of the data is then limited to the storage of the data until the accuracy of the data has been verified or until it has been possible to verify whether the rights of the association take precedence over the interests of the member.
· transfer data from one system to another. The registrant has the right to obtain their personal data provided to the registrar in a structured, commonly used and machine-readable form and, if they so wish, to transfer such data to another controller.prohibit the use of their data, for example for direct marketing purposes.

(Source: tietosuoja.fi)

‍Personal information is not required to be provided to the Jewellery Art Association, but in these situations the Jewellery Art Association may not be able to offer all benefits or services. However, some statutory information must be provided by the member. This includes for example, the member's name and place of residence, and is required in the member register as by association law.

A request for verification of personal data must be made by sending a written request by e-mail to the registrar. The registrar will reply to the requester within the time limits set by the EU Data Protection Regulation, usually within one month.

More information on the data subject's rights can be found on the website of the Office of the Data Protection Ombudsman  (https://tietosuoja.fi/en/know-your-rights).

The registrant also has the right to lodge a complaint with the Office of the Data Protection Ombudsman if they consider that the processing of personal data concerning them has violated the applicable data protection legislation (https://tietosuoja.fi/en/notification-to-the-data-protection-ombudsman).

Right to change

‍The Jewellery Art Association reserves the right to change this privacy statement if there are gaps in the information or if the association changes its policies. Changes will be announced on the Jewellery Art Association's website. If significant changes are made to the description, this will be announced separately either in the association's internal membership newsletter or by e-mail.

Cookies

The cookies are used on the KORU8.fi site to improve the user experience and for traffic statistics. The KORU8.fi site uses Google Analytics, which allows us to analyze the activities of the site's users. Cookies placed by Google are subject to Google's terms and practices.

Necessary cookies

Name: Test
Purpose:Investigates if the browser supports cookies and prevents errors
Type: Cookie
Duration: Session

Name: ss_cookieAllowed  
Purpose:Remembers if a visitor agreed to placing analytics cookies on their browser if a site is restricting the placement of cookies
Type: Cookie
Duration: 30 days

Name: Crumb
Purpose: Prevents cross-site request forgery (CSRF)
Type:Cookie
Duration: Session

Analytics and performance cookies

Name: _ga
Purpose: registers a unique ID that is used to generate statistical data on how the visitor uses the website
Type: Cookie
Duration: 2 years

Name: _ga*
Purpose: to store and count pageviews
Type: Cookie
Duration: 2 years