World Federation of the Deaf Register Description for monthly donors
World Federation of the Deaf ry (2276868-6)
PO Box 65
- Representative of the Controller / Contact person
Phillipa Sandholm, Administrative Secretary
PO Box 65
- Names of the register
World Federation of the Deaf Register for Monthly Donors
- Purpose of the processing of personal data
The purpose for processing personal data is to maintain and improve the relationship of the supporters of the WFD with the organisation. Processing the necessary personal data is vital for maintaining the donor relationships.
The processing of personal data is based on an agreement on monthly donations, which can be created in writing, via text message, email, or the internet.
The personal data in the monthly donors’ register is used for the following purposes:
- Donor identification
- Distributing information on the use of and need for donated funds
- Maintenance, analysis, development, statistics, segmentation and profiling related to donating and other appropriate contexts.
- Managing the donors’ data and contact history. Providing support and information services to the donors, managing the service measures and assuring quality.
- Marketing and distance selling, such as direct marketing, digital marketing, product marketing, requests for donations and invitations to events. Market research or opinion polls.
- Recordings of video calls with donors are used to verify service events, ensure the legal protection of customers and the WFD, and develop the quality of the service and prevent misuse, as well as for training purposes and security reasons.
The personal data may be processed by third parties for purposes permitted by applicable legislation, including marketing, distance selling, market research and opinion surveys. These third parties may be advertising agencies, printing houses or similar cooperation partners that support the operating principle of the register and whose purpose for using the personal data is consistent with the purpose of use of the WFD for this register. The WFD has signed the necessary agreements with the third parties for the processing of personal data.
A donor’s data will be retained for one year after the termination of their agreement.
- Information contained in the register
The following data on the donors may be processed:
- Identification data
- Date of birth
- Contact information:
- Telephone number
- Email address
- User language
- Bank account number
- E-invoice address
- Donor number
- Information related to the monthly donations agreement
- Donation target
- Donation amount
- Donation due date
- Payment method
- Donation amounts and dates
- Data related to bank transactions
- Data from profiling and on interests
o Campaign and contact information
- Data concerning the use of services
- Bans against direct marketing and surveys
- Identifiers used to focus marketing
- Grouping data and other information on a volunteer accumulated through data derived from analytics
- Data provided by cookies
- Log data
- Session identifiers
- IP addresses
- Payment and transaction data
- Recordings of donor’s video calls
o Donor feedback
WFD only stores data that is necessary for the organisation’s operation and the data’s purpose of use and has a legal basis for processing. Any data that has become unnecessary for its purpose of use, as well as any outdated data and data for the processing of which there is no longer any other basis, will be anonymised or disposed of in a secure manner.
- Where do we collect data from?
Data concerning monthly donors is collected from the monthly donations agreement and complementing information received from video calls, text messages, bank transfers, or email and internet.
Personal data is received and updated according to regulations:
- From donors themselves
- Via the online service
- During video-calls
- Via email
- During the use of the products and services
- By the WFD Secretariat or the WFD Board.
- Via the Population Information System’s personal data updating service
- From the registers of telephone companies or similar public enterprises
- To whom do we disclose and transfer the personal data? Do we transfer personal data outside the EU or ETA?
The personal data contained in the monthly donors’ register will not be disclosed to outside parties.
Personal data is only disclosed to the authorities if required by law, for example for investigating and preventing misuse.
Users data may be disclosed for marketing purposes or opinion polls.
Data may be transferred outside the area formed by the member states of the European Union or outside the European Economic Area to the extent necessary for the technical implementation of data processing, in which case the WFD complies with the requirements of the EU General Data Protection Regulation. Data may be transferred under model clauses approved by the European Commission or to recipients in the USA who are committed to the EU-US Privacy Shield arrangement.
- How do we protect personal data and for how long do we store them?
Personal data processed in physical form:
Material that is processed in its physical form is stored and handled in locked and monitored facilities.
The data is processed within databases that are secured with firewalls, passwords and other technical means. The data on the websites and other services is secured with an SSL-encrypted connection and other necessary means. Databases and their backup copies are located in locked rooms, and the data may only be accessed by certain individuals named in advance.
Systems containing personal data may only be used by employees whose work role gives them the right to process personal data. Each user has their own user ID and password to the system.
- The rights of a data subject – Inspection rights and correction data
Data subjects have the right to:
- Request a copy of their own personal data
- Request that their personal data is amended or deleted, unless applicable data security regulations require that the data be retained.
- Request restrictions to the processing of their personal data or oppose this processing
- Request the right to transfer their data from one system to another, in accordance with applicable data security regulations
- Refuse, in full or in part, any contact made for the purpose of direct marketing and research.
- Submit a complaint to the data security authorities
If the processing of personal data has been based on a data subject’s permission, the data subject has the right to cancel their permission to process their personal data. Cancelling this permission will not affect the processing of personal data that has been conducted prior to the cancellation.
A person who has voluntarily provided their personal data to the WFD and subsequently entered into the register of the WFD has the right to deny the provision of their information for direct advertising or another similar purpose, the right to alter the consent of their publication, and the right to resort to other rights defined in the Personal Data Act.
Any requests pertaining to checking or correcting data or the right to refuse contact must primarily be made in writing and sent to the email address specified in Section 2.
If contact by email is not possible, the data subject may alternatively send a letter, contact the WFD Secretariat or personally visit the WFD’s Secretariat offices in Finland. The WFD will deliver the reply to the data subject’s email address, as listed in the register of the WFD. Under special conditions, the reply may be sent to a postal address that is listed in the register of the WFD.
An individual has the right to inspect their information in the WFD register and request that erroneous information is corrected. The inspection request must be made by contacting the representative of the controller. The inspection is free of charge, once a year.
- Whom can you contact?
If a person does not wish to receive mail from us, they can refuse it by contacting the representative of the controller or unsubscribe from the WFD.
Information can be corrected or complemented by the controller or at the request of the registered person and by the controller when the relationship is terminated.