This document is the Organization’s GDPR-compliant Privacy and Data Protection Notice. Created on October 28, 2024. Last updated on October 28, 2024.
- Data Controller
The Finnish Society for Surgery of the Hand (“Organization”) - Contact Person Responsible for the Register
Leena Kuuramaa, secretary@fssh.fi - Name of the Register
Participant Register for the 2nd Finnish Wrist Arthroscopy Course organized by the Organization. - Legal Basis and Purpose of Personal Data Processing
The legal basis for personal data processing in compliance with the EU General Data Protection Regulation (GDPR) is the consent of the individual (documented, voluntary, specific, informed, and unambiguous).
The purpose of processing personal data is the Organization’s communication with participants.
The data is not used for automated decision-making or profiling. - Content of the Register
The register includes the following data: name, contact details (email address, postal address, phone number), workplace, number of completed arthroscopy procedures, course type, and credit card identifier (last four digits).
The data is retained for the duration of the course.
Website visitor IP addresses and cookies necessary for service functions are processed based on legitimate interest for purposes such as ensuring data security and collecting visitor statistics, if such data is considered personal data. Consent for third-party cookies is requested separately as required. - Regular Sources of Data
The data stored in the register is obtained from the customer via messages sent through web forms, by email, by phone, through social media services, contracts, customer meetings, and other instances where the customer provides their information.
Information on contact persons of companies and other organizations may also be collected from public sources, such as websites, directory services, and other companies. - Regular Data Disclosures and Transfer Outside the EU or EEA
Data is not regularly disclosed to other parties. Data may be published if agreed upon with the customer.
Data is not transferred outside the EU or EEA by the data controller. Data is not transferred to the United States without the explicit consent of the data subjects. - Principles of Register Security
Care is taken in the processing of the register, and the data handled through information systems is properly protected. When register data is stored on internet servers, the physical and digital security of the equipment is appropriately ensured. The data controller ensures that all stored data, server access rights, and other critical data for the security of personal data are processed confidentially and only by employees whose job description includes such duties. - Right of Access and Right to Rectify Data
Each individual in the register has the right to inspect their personal data stored in the register and to request the correction of any inaccurate or incomplete data. If a person wishes to inspect or request the correction of data stored about them, the request must be sent in writing to the data controller. The data controller may ask the requester to verify their identity if necessary. The data controller will respond to the customer within the timeframe set by the EU Data Protection Regulation (usually within one month). - Other Rights Related to the Processing of Personal Data
Individuals in the register have the right to request the erasure of their personal data from the register (“right to be forgotten”). Registered individuals also have other rights under the EU General Data Protection Regulation, such as restricting data processing in certain situations. Requests must be sent in writing to the data controller. The data controller may ask the requester to verify their identity if necessary. The data controller will respond to the customer within the timeframe set by the EU Data Protection Regulation (usually within one month).