Privacy Policy

Document updated on 6.11.2024

Data Controller

The Peace Education Insitute

Address: Siltasaarenkatu 4, 00530 Helsinki

Phone: +358 44 302 2042

Contact for registry-related inquiries

Riikka Jalonen

Email address: riikka.jalonen[at]rauhankasvatus.fi

Phone: +358 44 302 2042

Registry Name

Registry of Participants for Events and Training by the Peace Education Institute, Partner Registry

Basis and Purpose of Maintaining the Registry and Processing Personal Data

Personal data is processed, where applicable, based on the consent given by the data subject in connection with registrations, contacts, partnerships, communications, marketing, reporting, and other related actions necessary for handling relevant matters.

The registration, cooperation, and personal data processed in the registry may also be used to target communications regarding The Peace Education Institute’s events and training, for marketing purposes related to these events and training, to manage partnerships, for project reporting, and potentially for research purposes.

Data is not used for automated decision-making or profiling.

Regular Data Sources

The information stored in the registry is collected from the data subjects themselves via messages sent through online forms, email, phone, social media services, agreements, and in other instances where the data subject provides their information.

Contact information of representatives from companies and other organizations may also be collected from public sources such as websites, directory services, and other companies.

The Peace Education Institute does not collect cookie data from its own websites.

Content of the Registry

The registry may include data provided by individuals registering for events or training organized by the Peace Education Institute, or other necessary data obtained from public sources. These may include:

Contact Person’s:

Name
Address
Phone numbers
Email address
Organization and role
Membership fee payment information
Billing information
Information related to agreements or ordered services
Dietary preferences
Date of birth
Other relevant information necessary for the event or cooperation.

Data Disclosure and Transfer

No personal data will be disclosed to external parties unless required by the data controller’s statutory obligations. Data is not transferred outside the EU or EEA.

Data Security

Personal data is secured in a Microsoft cloud environment with up-to-date security, including strong authentication. System access requires a personal username and password. Data retrieval in case of system failure is ensured by regular backups, and the availability of services is further supported by regular software maintenance.

Duration of Data Processing

Personal data is retained as long as necessary to enable the registration and associated event, for the duration of the cooperation agreement, and for billing purposes as required by law (six years). Data is deleted when the retention periods specified above have expired.

Data Processors

The registry is managed by the executive director, communications planner, communications manager, or a similar coordinating party within the organization.

Data Subjects’ Rights

Right of Access: The right to check the personal data stored in the registry. If there are inaccuracies or omissions, the data subject may request corrections or updates.
Right to Object: The right to object to the processing of personal data if the data subject believes that data is being processed unlawfully or without proper justification. The data subject also has the right to restrict data processing.
Right to Erasure: The right to request the deletion of stored data. The data subject also has the right to be forgotten.
Right to Data Portability: The right to transfer data from one system to another.
Right to File a Complaint: The right to lodge a complaint with the Data Protection Ombudsman if the data subject feels that data protection legislation has been violated.

The data controller may refuse to fulfill an objection or deletion request only on legal grounds. If the data controller does not comply with the data subject’s request, the data subject has the right to lodge a complaint with the Data Protection Ombudsman. The data subject also has the right to request the restriction of data processing while any dispute is resolved.

Contacts

All contacts and requests regarding this policy should be submitted in writing or personally to the contact person named in section two (2). The data controller will respond to contacts and requests within the time period specified in the EU’s data protection regulation (generally within one month).

Changes to the Privacy Policy

If we change this policy, we will update the date of the policy. If the changes are significant, we may also inform about them in other ways, such as by email or by posting a notice on our website.