This is a translation of UDK's data protection and privacy policy. The official data policy is written in Finnish and in accordance to the Finnish law and appropriate EU regulations. The purpose of this translation is to provide clarity to our non-Finnish speaking members. In any and all legal proceedings, UDK uses the official data policy written in Finnish. UDK respects the General Data Protection Regulation (GDPR) of the EU and operates in accordance with it. Personal data is processed lawfully, appropriately, and transparently from the perspective of the data subject. Data is collected only to the extent necessary for the purpose of processing, and it is handled confidentially and securely. Data is updated when needed and retained in identifiable form only for as long as necessary to fulfill the purpose of data processing.
Below you will find the registry and privacy policies, as well as summaries of them.
Member Registry
The UDK ry member registry collects the information specified in the registry policy for individuals who have paid the UDK ry membership fee.
Membership information is maintained based on association law. Additionally, the data may be used to verify the member's right to participate in UDK ry events or to receive discounts or benefits intended for members of UDK ry.
The data is not shared outside the UDK ry board and is not transferred outside the EU or EEA. As required by association law, mandatory member data is retained for as long as the individual remains a member of the association. A member is considered to have resigned from the association, and their information is deleted from the member registry if it is not updated at least biennially.
Registry and Privacy Policy
This is the registry and privacy policy of UDK ry in accordance with the Personal Data Act (§ 10 and § 24) and the EU General Data Protection Regulation (GDPR). Created on May 21, 2018. Last updated on April 11, 2022.
1. Data Controller
UDK ry
PinniB 0033, 33014 Tampereen yliopisto
Business ID: 1790523-6
2. Contact Person Responsible for the Registry
UDK ry treasurer
talous@udk.fi
3. Name of the Registry
UDK ry Member Registry
4. Legal Basis and Purpose of Processing Personal Data
The legal basis for processing personal data in accordance with the EU GDPR is the Association Act (503/1989, 11 §), which requires the board to maintain a list of members.
The purpose of processing personal data is to track the number of members in the organization. Additionally, the data may be used to verify the member’s right to participate in UDK ry activities or to receive member-specific discounts or benefits. The data is also used for essential communication targeted at members, such as sending meeting invitations. The data is also used for the annual member survey in accordance with UDK ry's regulations and to monitor the biennial update of member data.
The data is not used for automated decision-making or profiling.
5. Content of the Registry
Mandatory data stored in the registry based on association law includes the full name and place of residence of each member. Additionally, the member's email address and information about their membership in the Student Union of Tampere University is recorded.
Member data is retained for as long as the individual remains a member of the association. Membership can end through resignation, presumed resignation, or expulsion. A member is considered resigned, and their data is deleted from the registry if not updated at least biennially.
6. Regular Data Sources
Data recorded in the registry is obtained from the member upon joining and is updated annually through a member data survey form.
7. Regular Disclosures and Data Transfers Outside the EU or EEA
Data is not regularly disclosed to other parties. Data may be published if agreed with the member.
Data is not transferred outside the EU or EEA.
8. Principles of Registry Protection
Care is taken in the processing of the registry, and data processed through information systems is adequately protected. When registry data is stored on internet servers, appropriate physical and digital security measures are taken for the hardware. The data controller ensures that stored data, server access rights, and other critical personal data security information are handled confidentially and only by board members whose duties involve such tasks.
9. Right of Access and Right to Request Correction of Information
Each person in the registry has the right to inspect their data and request correction of any erroneous or incomplete information. If a person wishes to inspect their stored data or request corrections, they must submit a written request to the data controller. The data controller may, if necessary, ask the requester to prove their identity. The data controller will respond within the time required by the GDPR (usually within a month, excluding summer months).
10. Other Rights Related to Personal Data Processing
Individuals in the registry have the right to request the deletion of their personal data ("right to be forgotten"). Registered individuals also have other rights under the GDPR , such as the restriction of data processing in certain situations. Requests must be submitted in writing to the data controller. The data controller may, if necessary, ask the requester to prove their identity. The data controller will respond within the time required by the GDPR (usually within a month, excluding summer months). However, association law obliges the board to retain each member's full name and place of residence as long as the individual remains a member.
Event Participant Registry
The event participant registry collects information on individuals who register for specific events. The data is used for organizing the event, ensuring sufficient venue capacity, and arranging catering if applicable. The data is collected with the consent of the participants.
Data is not shared with individuals other than those involved in organizing the event, and it is not transferred outside the EU or EEA. Personal data of participants in free events is deleted no later than 30 days after the event ends. For paid events, participant data is deleted, except for names and contact details, no later than 30 days after the event ends.
Registry and Privacy Policy
This is the registry and privacy policy of UDK ry in accordance with the Personal Data Act (§ 10 and § 24) and the EU General Data Protection Regulation (GDPR). Created on May 21, 2018. Last updated on April 11, 2022.
1. Data Controller
UDK ry
PinniB 0033, 33014 Tampereen yliopisto
Business ID: 1790523-6
2. Rekisteristä vastaavat yhteyshenkilöt
UDK ry Event organizer(s)
tapahtumat@udk.fi
3. Name of the Registry
UDK ry Event Participant Registry
4. Legal Basis and Purpose of Processing Personal Data
The legal basis for processing personal data under the EU General Data Protection Regulation is the individual's consent.
The purpose of processing personal data is to assess the number of participants in events and to collect essential information for organizing the event, such as food allergies and special diets. The information will also be used for billing any potential participation fees for the events.
The data is not used for automated decision-making or profiling.
5. Content of the Registry
The data stored in the register includes the individual's name, email address, food allergies, special diet, and any other additional information.
Personal data in the event register will be retained as long as necessary to facilitate the registration and related event. Personal data of participants in free events will be deleted no later than 30 days after the event ends. For paid events, participants' data will be deleted, except for names and contact information, 30 days after the event ends. Names and contact information, along with any other accounting records, will be retained in accordance with accounting law for six years from the end of the financial year in which the accounting period ended.
6. Regular Data Sources
The information stored in the register is obtained from the member when they register for the event, usually via a form or email.
7. Regular Disclosures and Data Transfers Outside the EU or EEA
Data is not regularly disclosed to other parties. Data may be published if agreed with the member.
Data is not transferred outside the EU or EEA.
8. Principles of Registry Protection
Care is taken in the processing of the registry, and data processed through information systems is adequately protected. When registry data is stored on internet servers, appropriate physical and digital security measures are taken for the hardware. The data controller ensures that stored data, server access rights, and other critical personal data security information are handled confidentially and only by event organizers whose duties involve such tasks.
9. Right of Access and Right to Request Correction of Information
Each person in the registry has the right to inspect their data and request correction of any erroneous or incomplete information. If a person wishes to inspect their stored data or request corrections, they must submit a written request to the data controller. The data controller may, if necessary, ask the requester to prove their identity. The data controller will respond within the time required by the GDPR (usually within a month, excluding summer months).
10. Other Rights Related to Personal Data Processing
Individuals in the registry have the right to request the deletion of their personal data ("right to be forgotten"). Registered individuals also have other rights under the GDPR such as the restriction of data processing in certain situations. Requests must be submitted in writing to the data controller. The data controller may, if necessary, ask the requester to prove their identity. The data controller will respond within the time required by the GDPR (usually within a month, excluding summer months).
Asiasana Subscriber Registry
The Asiasana subscriber registry collects information on subscribers to the Asiasana magazine. The data is collected based on the subscription agreement, where the subscriber is one party. Data is used for delivering the magazine and collecting subscription fees.
Data is not shared with anyone other than the association's financial officer and the Asiasana mailing coordinator, nor is it transferred outside the EU or EEA. Subscriber data is retained as long as the subscription is valid.
Registry and Privacy Policy
This is the registry and privacy policy of UDK ry in accordance with the Personal Data Act (§ 10 and § 24) and the EU General Data Protection Regulation (GDPR). Created on May 21, 2018. Last updated on April 11, 2022.
1. Data Controller
UDK ry
PinniB 0033, 33014 Tampereen yliopisto
Business ID: 1790523-6
2. Rekisteristä vastaavat yhteyshenkilöt
UDK ry treasurer and Asiasana mailing officer
asiasana.postitus@udk.fi
talous@udk.fi
3. Name of the Registry
Student association paper Asiasana’s subscriber registry
4. Legal Basis and Purpose of Processing Personal Data
The legal basis for processing personal data under the EU General Data Protection Regulation is the contract in which the subscriber is a party.
The purpose of processing personal data is to monitor the number of subscribers to the Asiasana magazine, as well as to manage distribution and billing.
The data is not used for automated decision-making or profiling.
5. Content of the Registry
The data stored in the register includes the individual's name, street address, postal code and municipality, email address, and any additional information. To receive a student discount, the subscriber must also provide the name of the educational institution and the degree program for which they have valid study rights.
The subscriber's data will be retained for as long as the magazine subscription is active.
6. Regular Data Sources
The information stored in the register is obtained from the subscriber at the time of placing the magazine subscription via a form. The subscriber can also update their information using the subscription form or via email.
7. Regular Disclosures and Data Transfers Outside the EU or EEA
Data is not regularly disclosed to other parties. Data may be published if agreed with the member.
Data is not transferred outside the EU or EEA.
8. Principles of Registry Protection
Care is taken in the processing of the registry, and data processed through information systems is adequately protected. When registry data is stored on internet servers, appropriate physical and digital security measures are taken for the hardware. The data controller ensures that stored data, server access rights, and other critical personal data security information are handled confidentially and only by board members and officers whose duties involve such tasks.
9. Right of Access and Right to Request Correction of Information
Each person in the registry has the right to inspect their data and request correction of any erroneous or incomplete information. If a person wishes to inspect their stored data or request corrections, they must submit a written request to the data controller. The data controller may, if necessary, ask the requester to prove their identity. The data controller will respond within the time required by the GDPR (usually within a month, excluding summer months).
10. Other Rights Related to Personal Data Processing
Individuals in the registry have the right to request the deletion of their personal data ("right to be forgotten"). Registered individuals also have other rights under the GDPR such as the restriction of data processing in certain situations. Requests must be submitted in writing to the data controller. The data controller may, if necessary, ask the requester to prove their identity. The data controller will respond within the time required by the GDPR (usually within a month, excluding summer months).
Other Temporary Registries
Other temporary registries are collected as needed, with data gathered based on the consent of the provider. Data is used for the specific purpose of the registry, such as adding freshmen's email addresses to a mailing list or delivering student overalls.
Data is not shared with anyone other than the holders of the temporary registry, and it is not transferred outside the EU or EEA. Data is retained for the appropriate duration, such as until freshmen are added to the email list or overalls are delivered.
English 
Suomi