PRIVACY STATEMENT

Controller: Aalto-yliopiston kauppatieteiden ylioppilaat ry (”Association”)
Business ID: 22149760-2
Address: Konemiehentie 4, 02150 Espoo
Email: palvelu@ky.fi
Phone: +358 40 353 8283

Contact person: Heidi Riihimäki, Executive Director
Email: heidi.riihimaki@ky.fi
Phone: 0500 430 546

Association Register of Aalto University Business Students.

This register includes data of associations that operate within the environment of the Association and are a member of the association register (“Data subjects”). It also contains personal data of the members of said associations.

The legal basis for gathering personal data is consent.

The purpose of the register is keeping the contact information of the members of the Association up to date during the membership within the data system (“System”), upkeeping the benefits and rights of the member and marketing.

The register contains contact information of the associations that operate within the Association’s environment, personal data of the associations members and other useful information related to the associations’ membership. This includes following data:

• Data subject’s name;

• Data subject’s registration number or business ID;

• Data subject’s purpose of existence;

• Data subject’s email address;

• Data subject’s home page;

• Data subject’s annual meeting date;

• Data subject’s board’s term duration;

• Data subject’s board’s members’ first and last names;

• Data subject’s board’s members’ areas of responsibility;

• Data subject’s chairman’s and vice chairman’s email addresses; and

• Data subject’s chairman’s and vice chairman’s phone numbers.

Personal data is collected from the data subjects themselves.

Personal data is regularly disclosed to the Foundation for Business Students in Aalto University when data subjects apply for grants and scholarships. Personal data is also regularly transferred to the member register of Aalto University Business Students in terms of information about positions of trust within the Association.

Personal data can be disclosed to Association’s cooperation partners in order to carry out services related to the membership. Personal data can be disclosed to Association’s cooperation partners in order to carry out services that are not related to the membership only with the data subject’s consent.

Personal data can be transferred to other service providers in order to execute the System. The service provider executing the technical maintenance of the member register may transfer personal data in accordance with applicable privacy legislation and this privacy statement.

Personal data won’t be transferred outside the European Union or the European Economic Area by the Association. However, the Association may use a service provider that is located outside of the EU or the EEA. The transfer of personal data outside of EU or the EEA is always carried out on one of the following legal grounds:

• The European Commission has decided that an adequate level of data protection has been ensures in the recipient country;

• The Association has implemented the appropriate safeguards for the transfer of personal data using standard terms of privacy approved by the European Commission. The data subject has the right to obtain a copy of these standard clauses by contacting the Association’s contact person; or

• The data subject has consented to the transfer of their personal data, or there is a lawful ground for the transfer.

Access to the personal data is limited to what is necessary in order to carry out the services. The transfer of personal data outside of the EU or the EEA is always based on current legislation on the processing of personal data and is carried out in accordance with that legislation.

All digitally handled personal data is stored securely in the Association’s System. Access to the System is limited to only authorized individuals that need the access in order to handle their work assignments. These individuals use their personal usernames and passwords to access the System.

Personal data is secured from outsiders and the use of member data is supervised. Personal data sent outside the Association is encrypted. Workstations and storages are secured.

Suomen Ekonomit ry (0202108-3) and Microsoft are responsible for the technical maintenance and protection of the member register.

Personal data is stored in the register for as long as the data subject is a member of the Association’s association register.

Personal data will be retained for a maximum of 10 years after the membership has ended on the basis of the Association’s legitimate interest. Personal data may be stored for longer time periods if the applicable legislation or Association’s contractual obligations require it.

The data subject has the right to object to the processing of his/hers personal data for direct marketing purposes at any given time. The data subject may provide the Association with channel-specific consents and restrictions (e.g. prohibit marketing via email).

In addition, the data subject has per se following rights at any time in accordance with applicable data protection legislation:

• receive information about the processing of his/hers personal data;

• have access to his/hers own personal data and inspect his/hers personal data processed by the Association;

• demand correction and supplementation of inaccurate or incorrect personal data;

• demand the removal of own personal data;

• withdraw his/hers consent and object to the processing of personal data insofar as the processing of personal data is based on consent;

• receive his/hers personal data in digital form and transfer those to another service provider given that the data subject has delivered the data to the Association personally, the Association processes the personal data in question based on consent and the processing is automatic; and

• demand the processing of his/hers personal data to be restricted.

The data subject must submit the request for execution of the above-mentioned according to section 13 of this privacy statement. The Association may ask the data subject to specify the request in writing and verify the data subject’s identity before processing the request. The Association may refuse to execute the request based on applicable legislation.

Each data subject has the right to complain to the relevant supervising authorities or to the supervisory authorities of the Member State of the European Union where the data subject’s resident or workplace is located if the data subject sees that his/hers personal data has not been processed according to applicable data protection legislation.

Requests considering the data subject’s rights, questions about this privacy statement and other contacts should be sent via email to the contact person.

Contact person: Heidi Riihimäki, Executive Director
Email: heidi.riihimaki@ky.fi

The data subject may also contact us personally or in writing at the address below:

Aalto-yliopiston kauppatieteiden ylioppilaat ry
Konemiehentie 4
02150 Espoo

This privacy statement has been accepted by the Executive Board of the Association in its meeting on 4.3.2021. This privacy statement can be updated from time to time, for example, when legislation changes. This privacy statement was last updated 5.4.2023.

Controller: Aalto-yliopiston kauppatieteiden ylioppilaat ry (”Association”)
Business ID: 22149760-2
Address: Konemiehentie 4, 02150 Espoo
Email: palvelu@ky.fi
Phone: +358 40 353 8283

Contact person: Valtteri Häkkinen, IT Coordinator
Email: valtteri.hakkinen@ky.fi
Phone: +358 40 353 8277

Event Signup Register of Aalto University Business Students.

This register includes personal data of individuals attending the Association’s events (“Data subjects”).

The legal basis for gathering personal information, complying with the EU GDPR, is the legitimate interest of the controller of the register.

The purpose of the register is to collect and process the personal data needed to organize the events.

The register contains information needed to organize the Association's events. This includes following data:

• Data subject’s first and last name;

• Data subject’s email address;

• Data subject’s phone number;

• Data subject’s special dietary needs;

• Data subject’s preferred communication language; and

• Alternating event-specific information.

Personal data is collected from the data subjects themselves.

Personal data is not disclosed or transferred regularly.

Personal data can be disclosed to Association’s cooperation partners in order to organize the Association’s events. Personal data can be disclosed to Association’s cooperation partners for other than event-related purposes only with the data subject’s consent.

Personal data can be transferred to other service providers in order to execute the personal data system (“System”). The service provider executing the technical maintenance of the member register may transfer personal data in accordance with applicable privacy legislation and this privacy statement.

Personal data won’t be transferred outside the European Union or the European Economic Area by the Association. However, the Association may use a service provider that is located outside of the EU or the EEA. The transfer of personal data outside of EU or the EEA is always carried out on one of the following legal grounds:

• The European Commission has decided that an adequate level of data protection has been ensures in the recipient country;

• The Association has implemented the appropriate safeguards for the transfer of personal data using standard terms of privacy approved by the European Commission. The data subject has the right to obtain a copy of these standard clauses by contacting the Association’s contact person; or

• The data subject has consented to the transfer of their personal data, or there is a lawful ground for the transfer.

Access to the personal data is limited to what is necessary in order to carry out the services. The transfer of personal data outside of the EU or the EEA is always based on current legislation on the processing of personal data and is carried out in accordance with that legislation.

All digitally handled personal data is stored securely in the Association’s System. Access to the System is limited to only authorized individuals that need the access in order to handle their work assignments. These individuals use their personal usernames and passwords to access the System.

Personal data is secured from outsiders and the use of member data is supervised. Personal data sent outside the Association is encrypted. Workstations and storages are secured.

Treanglo Oy (2623329-1) and Google LLC (US41503674)  are responsible for the technical maintenance and protection of the event signup register.

Personal data is stored only for as long as necessary and data will be deleted from the register within a reasonable time after the event has ended. For a normal event this usually means two weeks after the event has ended. If some of the information is still required after this for exceptional reasons such as collecting delayed payments, can the data of the affected data subjects be retained until the situation has passed.

Personal data will be retained for a maximum of 10 years after the event has ended on the basis of the Association’s legitimate interest. Personal data may be stored for longer time periods if the applicable legislation or Association’s contractual obligations require it.

The data subject has the right to object to the processing of his/hers personal data for direct marketing purposes at any given time. The data subject may provide the Association with channel-specific consents and restrictions (e.g. prohibit marketing via email).

In addition, the data subject has per se following rights at any time in accordance with applicable data protection legislation:

• receive information about the processing of his/hers personal data;

• have access to his/hers own personal data and inspect his/hers personal data processed by the Association;

• demand correction and supplementation of inaccurate or incorrect personal data;

• demand the removal of own personal data;

• withdraw his/hers consent and object to the processing of personal data insofar as the processing of personal data is based on consent;

• receive his/hers personal data in digital form and transfer those to another service provider given that the data subject has delivered the data to the Association personally, the Association processes the personal data in question based on consent and the processing is automatic; and

• demand the processing of his/hers personal data to be restricted.

The data subject must submit the request for execution of the above-mentioned according to section 13 of this privacy statement. The Association may ask the data subject to specify the request in writing and verify the data subject’s identity before processing the request. The Association may refuse to execute the request based on applicable legislation.

Each data subject has the right to complain to the relevant supervising authorities or to the supervisory authorities of the Member State of the European Union where the data subject’s resident or workplace is located if the data subject sees that his/hers personal data has not been processed according to applicable data protection legislation.

Requests considering the data subject’s rights, questions about this privacy statement and other contacts should be sent via email to the contact person.

Contact person: Valtteri Häkkinen, IT Coordinator
Email: valtteri.hakkinen@ky.fi

The data subject may also contact us personally or in writing at the address below:

Aalto-yliopiston kauppatieteiden ylioppilaat ry
Konemiehentie 4
02150 Espoo

This privacy statement has been accepted by the Executive Board of the Association in its meeting on 4.3.2021. This privacy statement can be updated from time to time, for example, when legislation changes. This privacy statement was last updated 5.4.2023.

Controller: Aalto-yliopiston kauppatieteiden ylioppilaat ry (”Association”)
Business ID: 22149760-2
Address: Konemiehentie 4, 02150 Espoo
Email: palvelu@ky.fi
Phone: +358 40 353 8283

Contact person: Heidi Riihimäki, Executive Director
Email: heidi.riihimaki@ky.fi
Phone: 0500 430 546

Member Register of Aalto University Business Students.

This register includes personal data of current and former members, volunteers and contact persons of the Association (“Data subjects”).

The legal basis of gathering personal information is the maintenance of a member register as required by the Associations Act (503/1989) 11§ 1. subsection and in some cases fulfilling Association's co-operation agreements.

The purpose of the register is keeping the contact information of the members of the Association up to date during the membership within the personal data system (“System”), upkeeping the benefits and rights of the member and marketing.

The register contains Association’s members personal data and contact information as well as other necessary information related to the membership. This includes following data:

• Data subject’s first and last name;

• Data subject’s address;

• Data subject’s date of birth;

• Data subject’s social security number;

• Data subject’s email address;

• Data subject’s phone number;

• Identification of digital communication;

• Data subject’s student number;

• Data subject’s starting year of studies;

• Data subject’s stage of studies upon joining the Association;

• Data subject’s positions of trust within the Association; and

• Information about grants and scholarships the data subject has applied for.

Personal data is collected from the data subjects themselves upon joining the Association. Information about positions of trust are collected from the associations, committees and working groups that operate within the Association’s environment and from the association register of Aalto University Business Students. Information about the data subject’s stage of studies is received from Aalto University School of Business in order to accept and end memberships.

Personal data is regularly disclosed to (1) the Foundation for Business Students in Aalto University when data subjects apply for grants and scholarships, and to (2) Finnish Business School Graduates, as all Association’s student members are its members.

Personal data can be disclosed to Association’s cooperation partners in order to carry out services related to the membership. Personal data can be disclosed to Association’s cooperation partners in order to carry out services that are not related to the membership only with the data subject’s consent.

Personal data can be transferred to other service providers in order to execute the System. The service provider executing the technical maintenance of the member register may transfer personal data in accordance with applicable privacy legislation and this privacy statement.

Personal data won’t be transferred outside the European Union or the European Economic Area by the Association. However, the Association may use a service provider that is located outside of the EU or the EEA. The transfer of personal data outside of EU or the EEA is always carried out on one of the following legal grounds:

• The European Commission has decided that an adequate level of data protection has been ensures in the recipient country;

• The Association has implemented the appropriate safeguards for the transfer of personal data using standard terms of privacy approved by the European Commission. The data subject has the right to obtain a copy of these standard clauses by contacting the Association’s contact person; or

• The data subject has consented to the transfer of their personal data, or there is a lawful ground for the transfer.

Access to the personal data is limited to what is necessary in order to carry out the services. The transfer of personal data outside of the EU or the EEA is always based on current legislation on the processing of personal data and is carried out in accordance with that legislation.

All digitally handled personal data is stored securely in the Association’s System. Access to the System is limited to only authorized individuals that need the access in order to handle their work assignments. These individuals use their personal usernames and passwords to access the System.

Personal data is secured from outsiders and the use of member data is supervised. Personal data sent outside the Association is encrypted. Workstations and storages are secured.

Suomen Ekonomit ry (0202108-3) is responsible for the technical maintenance and protection of the member register.

Possible print documents are protected by storing them in a locked space preventing access from third parties.

Personal data is stored in the register for as long as the data subject is a member of the Association or the retention is justified by executing benefits and rights related to the Association.

Personal data will be retained for a maximum of 10 years after the membership has ended on the basis of the Association’s legitimate interest. Personal data may be stored for longer time periods if the applicable legislation or Association’s contractual obligations require it.

The data subject has the right to object to the processing of his/hers personal data for direct marketing purposes at any given time. The data subject may provide the Association with channel-specific consents and restrictions (e.g. prohibit marketing via email).

In addition, the data subject has per se following rights at any time in accordance with applicable data protection legislation:

• receive information about the processing of his/hers personal data;

• have access to his/hers own personal data and inspect his/hers personal data processed by the Association;

• demand correction and supplementation of inaccurate or incorrect personal data;

• demand the removal of own personal data;

• withdraw his/hers consent and object to the processing of personal data insofar as the processing of personal data is based on consent;

• receive his/hers personal data in digital form and transfer those to another service provider given that the data subject has delivered the data to the Association personally, the Association processes the personal data in question based on consent and the processing is automatic; and

• demand the processing of his/hers personal data to be restricted.

The data subject must submit the request for execution of the above-mentioned according to section 13 of this privacy statement. The Association may ask the data subject to specify the request in writing and verify the data subject’s identity before processing the request. The Association may refuse to execute the request based on applicable legislation.

Each data subject has the right to complain to the relevant supervising authorities or to the supervisory authorities of the Member State of the European Union where the data subject’s resident or workplace is located if the data subject sees that his/hers personal data has not been processed according to applicable data protection legislation.

Requests considering the data subject’s rights, questions about this privacy statement and other contacts should be sent via email to the contact person.

Contact person: Heidi Riihimäki, Executive Director
Email: heidi.riihimaki@ky.fi

The data subject may also contact us personally or in writing at the address below:

Aalto-yliopiston kauppatieteiden ylioppilaat ry
Konemiehentie 4
02150 Espoo

This privacy statement has been accepted by the Executive Board of the Association in its meeting on 4.3.2021. This privacy statement can be updated from time to time, for example, when legislation changes. This privacy statement was last updated 5.4.2023.

Controller: Aalto-yliopiston kauppatieteiden ylioppilaat ry (”Association”)
Business ID: 22149760-2
Address: Konemiehentie 4, 02150 Espoo
Email: palvelu@ky.fi
Phone: +358 40 353 8283

Contact person: Heidi Riihimäki, Executive Director
Email: heidi.riihimaki@ky.fi
Phone: 0500 430 546

Office Personnel Register of Aalto University Business Students.

This register includes personal data of individuals working or being a part of the executive board of the Association or Aalto University Business Students Foundation (“Data subjects”).

The legal basis for gathering personal information, complying with the EU GDPR, is consent.

The purpose of the register is to collect and process the personal data needed to organize work in the Association.

The register contains information needed to organize the Association's work. This includes following data:

• Data subject’s first and last name;

• Data subject’s email address;

• Data subject’s phone number;

• Data subject’s special dietary needs;

• Data subject’s personal identification number;

• Data subject’s home address;

• Data subject’s account number;

• Data subject’s ICE contact’s name;

• Data subject’s ICE contact’s number.

Personal data is collected from the data subjects themselves.

Personal data is not disclosed or transferred regularly.

Personal data can be disclosed to Association’s cooperation partners in order to organize the Association’s events. Personal data can be disclosed to Association’s cooperation partners for other than event-related purposes only with the data subject’s consent.

Personal data can be transferred to other service providers in order to execute the personal data system (“System”). The service provider executing the technical maintenance of the member register may transfer personal data in accordance with applicable privacy legislation and this privacy statement.

Personal data won’t be transferred outside the European Union or the European Economic Area by the Association. However, the Association may use a service provider that is located outside of the EU or the EEA. The transfer of personal data outside of EU or the EEA is always carried out on one of the following legal grounds:

• The European Commission has decided that an adequate level of data protection has been ensures in the recipient country;

• The Association has implemented the appropriate safeguards for the transfer of personal data using standard terms of privacy approved by the European Commission. The data subject has the right to obtain a copy of these standard clauses by contacting the Association’s contact person; or

• The data subject has consented to the transfer of their personal data, or there is a lawful ground for the transfer.

Access to the personal data is limited to what is necessary in order to carry out the services. The transfer of personal data outside of the EU or the EEA is always based on current legislation on the processing of personal data and is carried out in accordance with that legislation.

All digitally handled personal data is stored securely in the Association’s System. Access to the System is limited to only authorized individuals that need the access in order to handle their work assignments. These individuals use their personal usernames and passwords to access the System.

Personal data is secured from outsiders and the use of member data is supervised. Personal data sent outside the Association is encrypted. Workstations and storages are secured.

Google LLC (US41503674)  is responsible for the technical maintenance and protection of the Office members register.

Personal data is stored only for as long as necessary and data will be deleted from the register within a reasonable time after the event has ended. For a normal event this usually means two weeks after the event has ended. If some of the information is still required after this for exceptional reasons such as collecting delayed payments, can the data of the affected data subjects be retained until the situation has passed.

Personal data will be retained for a maximum of 10 years after the event has ended on the basis of the Association’s legitimate interest. Personal data may be stored for longer time periods if the applicable legislation or Association’s contractual obligations require it.

The data subject has the right to object to the processing of his/hers personal data for direct marketing purposes at any given time. The data subject may provide the Association with channel-specific consents and restrictions (e.g. prohibit marketing via email).

In addition, the data subject has per se following rights at any time in accordance with applicable data protection legislation:

• receive information about the processing of his/hers personal data;

• have access to his/hers own personal data and inspect his/hers personal data processed by the Association;

• demand correction and supplementation of inaccurate or incorrect personal data;

• demand the removal of own personal data;

• withdraw his/hers consent and object to the processing of personal data insofar as the processing of personal data is based on consent;

• receive his/hers personal data in digital form and transfer those to another service provider given that the data subject has delivered the data to the Association personally, the Association processes the personal data in question based on consent and the processing is automatic; and

• demand the processing of his/hers personal data to be restricted.

The data subject must submit the request for execution of the above-mentioned according to section 13 of this privacy statement. The Association may ask the data subject to specify the request in writing and verify the data subject’s identity before processing the request. The Association may refuse to execute the request based on applicable legislation.

Each data subject has the right to complain to the relevant supervising authorities or to the supervisory authorities of the Member State of the European Union where the data subject’s resident or workplace is located if the data subject sees that his/hers personal data has not been processed according to applicable data protection legislation.

Requests considering the data subject’s rights, questions about this privacy statement and other contacts should be sent via email to the contact person.

Contact person: Heidi Riihimäki, Executive Director
Email: heidi.riihimaki@ky.fi

The data subject may also contact us personally or in writing at the address below:

Aalto-yliopiston kauppatieteiden ylioppilaat ry
Konemiehentie 4
02150 Espoo

This privacy statement has been accepted by the Executive Board of the Association in its meeting on 4.3.2021. This privacy statement can be updated from time to time, for example, when legislation changes. This privacy statement was last updated 5.4.2023.