Privacy Policy
Baltic Region Association’s Privacy Policy
Baltic Region ry complies with the requirements of the EU’s general data protection regulation (2016/679 EU) and related laws and other regulations. Baltic Region ry makes sure that everyone is aware of the data protection obligations related to their own position.
Baltic Region ry respects and protects the fundamental right of everyone to privacy and data protection. This policy applies to the processing of all personal data for which the Baltic Region is responsible, regardless of the place, means or other arrangements for their processing.
Baltic Region ry complies with the requirements of the EU’s general data protection regulation (2016/679 EU) and related laws and other regulations. Baltic Region ry makes sure that everyone is aware of the data protection obligations related to their own position.
Baltic Region ry respects and protects the fundamental right of everyone to privacy and data protection. This policy applies to the processing of all personal data for which the Baltic Region is responsible, regardless of the place, means or other arrangements for their processing.
Coverage
Baltic Region ry maintains the report required by law and regulations on the processing operations for which it is responsible. More detailed information can be found in the privacy statement of the personal register.
Principles of personal data processing
The following requirements shall apply to the processing of personal data:
Legality, reasonableness and transparency
Purpose limitation
Data minimization
Punctuality
Limitation of storage
Integrity and confidentiality
The principles are implemented e.g. so that:
The processing of personal data has a legal basis for processing
Adequate information shall be provided to the persons whose data are processed treatment.
Treatment is limited according to the intended use the processing complies with data security regulations.
Those whose personal data are processed are given effective opportunities to exercise their rights and their requests are responded to without delay.
The risks of the processing of personal data are assessed from the perspective of the data subject, the risks are minimized, for example through pseudonymous, and an impact assessment of the processing is carried out if the risks are high.
Only necessary personal data will be processed
Ensure the accuracy of the information
Data processing activities are documented
Data processing practices are regularly evaluated
The principle of privacy by design is respected
The Baltic Region Association must be able to demonstrate that the above-mentioned principles of personal data processing are complied with.
In its role as an employer, the Baltic Region Association must ensure that every employee is aware of the importance of the principles of personal data processing and adheres to them, and takes care of more detailed conditions and protection of data belonging to special groups of personal data (sensitive personal data).
The information may be used only by the persons who need it in the course of their work and to the extent necessary for the performance of their duties. Data may only be disclosed with the person’s own consent or in accordance with law.
A separate consent is requested from the data subject if the data is transferred outside the EU and EA not to safe countries. The consent specifically mentions this data protection risk.
Strengthening data protection policy
The Baltic Region Association’s Data Protection Policy was confirmed at the Board meeting on 15 October 2018.
Baltic Region ry maintains the report required by law and regulations on the processing operations for which it is responsible. More detailed information can be found in the privacy statement of the personal register.
Principles of personal data processing
The following requirements shall apply to the processing of personal data:
Legality, reasonableness and transparency
Purpose limitation
Data minimization
Punctuality
Limitation of storage
Integrity and confidentiality
The principles are implemented e.g. so that:
The processing of personal data has a legal basis for processing
Adequate information shall be provided to the persons whose data are processed treatment.
Treatment is limited according to the intended use the processing complies with data security regulations.
Those whose personal data are processed are given effective opportunities to exercise their rights and their requests are responded to without delay.
The risks of the processing of personal data are assessed from the perspective of the data subject, the risks are minimized, for example through pseudonymous, and an impact assessment of the processing is carried out if the risks are high.
Only necessary personal data will be processed
Ensure the accuracy of the information
Data processing activities are documented
Data processing practices are regularly evaluated
The principle of privacy by design is respected
The Baltic Region Association must be able to demonstrate that the above-mentioned principles of personal data processing are complied with.
In its role as an employer, the Baltic Region Association must ensure that every employee is aware of the importance of the principles of personal data processing and adheres to them, and takes care of more detailed conditions and protection of data belonging to special groups of personal data (sensitive personal data).
The information may be used only by the persons who need it in the course of their work and to the extent necessary for the performance of their duties. Data may only be disclosed with the person’s own consent or in accordance with law.
A separate consent is requested from the data subject if the data is transferred outside the EU and EA not to safe countries. The consent specifically mentions this data protection risk.
Strengthening data protection policy
The Baltic Region Association’s Data Protection Policy was confirmed at the Board meeting on 15 October 2018.