Privacy statement

1 INTRODUCTION

Legio Ostiensis ry ('the Provider') commits to ensuring the security and privacy of its website legio.fi. This Terms of Use Agreement applies between the Provider and the user of the website ('the User').

By using the website, you accept this Agreement. If you do not agree to these terms and conditions, please do not use the website.

2 PERSONLA DATA

More on personal data see: membership register. We collect the public IP address of the Users to ensure that the website is not subject to Denial of Service, and to keep a rough overview of the areas from which the site is accessed. 

3 DISCLOSURE OF INFORMATION

The Provider may disclose to third parties information about the website usage, but this does not include any identifying information. 

4 INFORMATION SECURITY

The connection between the website and the User is encrypted. Access to the site is restricted and secured by passwords and other organisational and technical means. Natural persons who process personal data are bound by a duty of confidentiality. Our partners are committed to respecting the principles of data protection. 

5 THE USE OF COOKIES

Cookies are small amounts of data that are stored on the User's computer. They are used to provide videos, links to social media and other rich content on the website. You can disable all cookies in your browser settings, but please note that this may degrade your experience. 

An automatically generated and updated list of cookies in use can be found here.

6 TRANSFER OF PERSONAL DATA

We do not transfer the User's information outside the EU or EEA, except to our partners who may do so when providing their services. Even then, they will comply with EU data protection legislation.

7 THIRD-PARTY SITES

This Agreement is only valid when you visit the pages under the legio.fi domain name. The website contains links to other sites that are not covered by this Agreement.

1 REGISTER AND REGISTERS

Controller and contact information

Legio Ostiensis ry, Itä-Suomen yliopisto/oikeustieteet PL 111 80101 Joensuu  Y-tunnus: 17769166

hallitus.legio@uef.fi

Registers

Legio Ostiensis ry's member register

Legio Ostiensis ry's payment register

Legio Ostiensis ry's event registrations

2 BASIS OF PERSONAL DATA PROCESSING

There must be a legal basis for the processing of personal data. The personal data provided will not be processed for purposes other than those presented for it.

The primary basis for processing personal data is the membership relationship between Legio Ostiensis ry and the member. We can also process data based on consent, such as when registering for events organized by the association. 

3 WHICH INFORMATION IS COLLECTED

We collect information from our members that is necessary to manage the membership relationship between the member and the association. 

We also collect payment information, which may include, for example, account number or credit card number. We use this information to confirm the payment of the membership fee and to enable the sale of our support products. For card payments, we use the iZettle supplier. You can familiarize yourself with iZettle's data protection hereThe subdomain kauppa.legio.fi uses Stripe as a payment intermediary, whose data protection you can familiarize yourself with here. 

We collect information from the registrant himself, e.g. via e-mail or a form on the website, but in special cases we may also receive information from the Student Union of Eastern Finland or the University of Eastern Finland. 

Sometimes the collection of personal data takes place using a form created for Google Forms or Microsoft Forms, Kide.ap or Mailchimp. You can familiarize yourself with Google's data protection hereMicrosoft's data protection here. Kide.app data protection hereMailchimp data protection here.

In order to organize events, we may collect, process and store the following information:

• Name
• Position in the association
• Email and phone number
• Address
• Personal identification number / social security number or date of birth
• Gender
• Nationality
• Identity card information
• Health information that directly affects participation, such as special diets and allergies
• emergency contact name, phone number and email
• bank contact information

The following information can be collected, processed and stored from the association's administration:

• Name
• email
• Address
• Personal identification number
• Nationality
• Political influence
• Identity card information
• bank contact information

Regarding the membership register, the following information can be collected, processed and stored:

• Name
• Position in the association
• Email and phone number
• Address and place of birth
• Year of starting studies
• Student ID number
• Free-form membership application sent to the association

Legio Ostiensis ry also reserves the opportunity to process personal data other than those mentioned above if necessary.

4 STORAGE PERIODS

We keep personal information about your membership for the duration of your membership. We store payment information for 10 years, as stipulated in Section 2:10 of the Accounting Act (1336/1997). After this, the data will be deleted without delay, unless otherwise dictated by legislation, official regulations or the legitimate interests of the data controller. 

The participation data collected for the organization of the event will be deleted immediately and at the latest after two weeks have passed since the organization of the event, unless otherwise dictated by legislation, regulations of the authorities or the legitimate interests of the data controller.

5 TRANSFER OF PERSONAL DATA

In principle, Legio Ostiensis ry does not disclose personal data to third parties. Exceptions:

• Obligation by law to hand over information to authorities, such as assisting preliminary investigation authorities 
• When organizing events, the necessary information is released to external parties, such as accommodation or catering service providers

In terms of the association's administration, information can be disclosed to financial institutions, the Patent and Registration Office and authorities based on the right based on the law.

We do not transfer the User's information outside the EU or EEA, except to our partners who may do so when providing their services. Even then, they will comply with EU data protection legislation.

6 REGISTRY PROTECTION

The registers are stored in encrypted form on a password-protected server. Acts as a service provider for the member register Yhdistysavain. Care is taken when processing the registers and all processed information is protected using appropriate technical, administrative and organizational measures. The registrar ensures that stored data as well as server access rights and other data critical to the security of personal data are handled confidentially and only by the board members of the association who need the data to perform their duties.

7 RIGHTS OF THE REGISTRANT

The registered person has the right to check, change, correct and delete or demand the restriction of the processing of information about her and to transfer the information about her to another controller.  The registered person also has the right to withdraw consent to the processing of personal data at any time. 

In order to exercise these rights, the data subject must contact the controller by e-mail or letter. However, it should be noted that in order to take care of data security, we do not hand over the collected data by e-mail. 

If the data subject wants to delete or limit the processing of his data, we may no longer be able to offer our services to the data subject. We hereby reserve the right to cancel the right to participate in events organized by the association or to cancel membership or not be accepted as a member in the event that the information is no longer sufficient to maintain membership. 

The registered person has the right to file a complaint with the competent complaint authority if they feel that the controller has not complied with their obligations stated by law.

In Finland, the competent supervisory authority is the Data Protection Commissioner.