Privacy Policy

Baltic Region Association’s Privacy Policy

Baltic Region ry complies with the requirements of the EU’s general data protection regulation (2016/679 EU) and related laws and other regulations. Baltic Region ry makes sure that everyone

 is aware of the data protection obligations related to their own position.

Baltic Region ry respects and protects the fundamental right of everyone to privacy and data protection. This policy applies to the processing of all personal data for which the Baltic Region

 is responsible, regardless of the place, means or other arrangements for their processing.


Coverage

Baltic Region ry maintains the report required by law and regulations on the processing 

operations for which it is responsible. More detailed information can be found in the privacy statement of  the personal register.

  Principles of personal data processing

  The following requirements shall apply to the processing of personal data:

    Legality, reasonableness and transparency
    Purpose limitation
    Data minimization
    Punctuality
    Limitation of storage
    Integrity and confidentiality

   The principles are implemented e.g. so that:

  The processing of personal data has a legal basis for processing
   Adequate information shall be provided to the persons whose data are processed
   treatment.
  Treatment is limited according to the intended use the processing complies with data security    regulations.
 Those whose personal data are processed are given effective opportunities to exercise their

 rights and their requests are responded to without delay.

 The risks of the processing of personal data are assessed from the perspective of the data

 subject, the risks are minimized, for example through pseudonymous, and an impact assessment

 of the processing is carried out if the risks are high.

   Only necessary personal data will be processed

   Ensure the accuracy of the information
   Data processing activities are documented

    Data processing practices are regularly evaluated
    The principle of privacy by design is respected

 The Baltic Region Association must be able to demonstrate that the above-mentioned

 principles of personal data processing are complied with.

 In its role as an employer, the Baltic Region Association must ensure that every employee is

 aware of the importance of the principles of personal data processing and adheres to them,

 and takes care of more detailed conditions and protection of data belonging to special groups

 of personal data (sensitive personal data).

 The information may be used only by the persons who need it in the course of their work and

 to the extent necessary for the performance of their duties. Data may only be disclosed with 

 the person’s own consent or in accordance with law.

A separate consent is requested from the data subject if the data is transferred outside the EU

 and EA  not to safe countries. The consent specifically mentions this data protection risk.

Strengthening data protection policy

The Baltic Region Association’s Data Protection Policy was confirmed at the Board meeting 

on 15 October 2018.