World Federation of the Deaf Register Description for Donors
World Federation of the Deaf Register Description for Membership
World Federation of the Deaf Register Description for Subscribers
REGISTER NAMES AND WHAT PERSONAL DATA IS BEING PROCESSED
World Federation of the Deaf Register Description for Marketing
World Federation of the Deaf Register Description for monthly donors
World Federation of the Deaf Register Description for volunteers
World Federation of the Deaf Register Description for Marketing
In accordance with Section 10 of the Personal Data Act (523/1999)
World Federation of the Deaf ry (2276868-6)
PO Box 65
- Representative of the Controller / Contact person
Phillipa Sandholm, Administrative Secretary
PO Box 65
- Names of the register
WFD Marketing Register
- Purpose of the processing of personal data
he purpose for processing personal data is to distribute information about the operations of the WFD and inspire people to take part in the activities.
The prerequisite for processing the personal data of any data subject is a permission from that subject. The same processing principles are followed in all of the marketing registers of the WFD Secretariat.
The personal data in the marketing register is used for the following purposes:
- Identifying people and managing users. Managing the data security of the services, as well as user authorisations and access to these services.
- Maintenance, monitoring, analysis, statistics, development, profiling and segmentation related to appropriate contexts.
- Managing a person’s data and contact history. Providing support and information services, managing the service measures and assuring quality.
- Communication concerning the operations of the WFD Board and the WFD Secretariat.
- Marketing and distance selling, such as direct marketing, digital marketing, product marketing, requests for donations and invitations to events. Market research or opinion polls.
- Recordings of video- calls with members and users are used to verify service events, ensure the legal protection of members and users and the WFD, and develop the quality of the service and prevent misuse, as well as for training purposes and security reasons.
The data subjects’ personal data will be retained for three years.
- Information contained in the register
The following data in the marketing register may be processed:
- Identification data
- Date of birth
- Contact information:
- Telephone number
- Email address
- User language
- User/Member/Partner number
- Information related to the WFD
- Data from profiling and on interests
- Campaign and contact information
- Data concerning the use of services
- Bans against direct marketing and surveys
- Identifiers used to focus marketing
Grouping data and other information on a volunteer accumulated through analytics derived data
- Data provided by cookies
- Log data
- Session identifiers
- IP addresses
- Payment and transaction data
- Recordings of user/members/partners video calls
- Users/partners/Members/donors/ feedback
The WFD only stores data that is necessary for the organisation’s operation and the data’s purpose of use and has a legal basis for processing. Any data that has become unnecessary for its purpose of use, as well as any outdated data and data for the processing of which there is no longer any other basis, will be anonymised or disposed of in a secure manner.
- Where do we collect data from?
Personal data for the marketing register is collected via various channels on people who have provided the WFD with their contact information. These channels may include filling in an online form, subscribing to the newsletter, filling in a raffle card, visiting a WFD event or exhibitions stand, or providing contact information via text, email or video-call.
Personal data is received and updated according to regulations
- From people themselves
- Via the online service
- During Video-calls
- With a reply card
- Via email
- By the WFD Secretariat or the WFD Board.
- Via the Population Information System’s personal data updating service
- From the registers of telephone companies or similar public enterprises
- To whom do we disclose and transfer the personal data? Do we transfer personal data outside the EU or ETA?
Data may be transferred outside the area formed by the member states of the European Union or outside the European Economic Area to the extent necessary for the technical implementation of data processing, in which case the WFD complies with the requirements of the EU General Data Protection Regulation. Data may be transferred under model clauses approved by the European Commission or to recipients in the USA who are committed to the EU-US Privacy Shield arrangement.
The personal data in the marketing register will not be disclosed to a party outside the organisation.
Personal data is only disclosed to the authorities if required by law, for example for investigating and preventing misuse.
Users data may be disclosed for marketing purposes or opinion polls.
- How do we protect personal data and for how long do we store them?
Material that is processed in its physical form is stored and handled in monitored and locked facilities.
The data is processed within databases that are secured with firewalls, passwords and other technical means. The data on the websites and other services is secured with an SSL-encrypted connection and other necessary means. Databases and their backup copies are located in locked rooms, and the data may only be accessed by certain individuals named in advance.
Systems containing personal data may only be used by employees and volunteers whose work role gives them the right to process personal data.
Each user has their own user ID and password to the system.
- The rights of a data subject – Inspection rights and correction data
Data subjects have the right to:
- Request a copy of their own personal data
- Request that their personal data is amended or deleted, unless applicable data security regulations require that the data be retained.
- Request restrictions to the processing of their personal data or oppose this processing
- Request the right to transfer their data from one system to another, in accordance with applicable data security regulations
- Refuse, in full or in part, any contact made for the purpose of direct marketing and research.
- Submit a complaint to the data security authorities
If the processing of personal data has been based on a data subject’s permission, the data subject has the right to cancel their permission to process their personal data. Cancelling this permission will not affect the processing of personal data that has been conducted prior to the cancellation.
A person who has voluntarily provided their personal data to the WFD and subsequently entered into the register of the WFD has the right to deny the provision of their information for direct advertising or another similar purpose, the right to alter the consent of their publication, and the right to resort to other rights defined in the Personal Data Act.
Any requests pertaining to checking or correcting data or the right to refuse contact must primarily be made in writing and sent to the email address specified in Section 2.
If contact by email is not possible, the data subject may alternatively send a letter, contact the WFD Secretariat or personally visit the WFD’s Secretariat offices in Finland. The WFD will deliver the reply to the data subject’s email address, as listed in the register of the WFD. Under special conditions, the reply may be sent to a postal address that is listed in the register of the WFD.
An individual has the right to inspect their information in the WFD register and request that erroneous information is corrected. The inspection request must be made by contacting the representative of the controller. The inspection is free of charge, once a year.
- Whom can you contact?
If a person does not wish to receive mail from us, they can refuse it by contacting the representative of the controller or unsubscribe from the WFD.
Information can be corrected or complemented by the controller or at the request of the registered person and by the controller when the relationship is terminated.