Data Protection Act (5.12.2018/1050) data handling description

Krishna-liike ISKCON Suomessa
Vanha Helsingintie 14, 00700 Helsinki


Gurmann Saini
Privacy data coordinator
+358 44041 1997

Tapio Paljakka (Tapo Divyam Dasa)
+358 45131 0016

Name of the register
ISKCON Finland’s register (donors)

Use of the register
The purpose of the register is to maintain and update the personal data of the registered persons. The register acts as a donor list and a donor register. The register is used for information, maintenance of software, donation tracking, donation statistics and representative lists. The basis for processing is, as the case may be, a legitimate interest based on the purposes of the association and, in the case of members, membership.

The register may hold the following information:
First and last name
Phone number
Birth date
Home address
Date of the given information
Donated sum
Donation date

Saving the data
The personal data is saved at least for two years from the date of submitting.

Disclosures and transfers of data outside the EU or the EEA

Third-party services, such as Google Services and Mailchimp, are used to store the data, and the servers maintained by them may be physically located outside the EU and EEA. Other information will not be disclosed.

The association may also outsource the processing of your personal data to companies outside the association, which may also be located in countries outside the European Union and the European Economic Area, such as the United States. These companies may process personal data in order to provide, for example, infrastructure and IT services, or other services. In such cases, the EU-U.S will provide adequate security and record keeping. – Privacy Shield, or contractually using model clauses approved by the EU Commission.

More information on G-suite services
More information on Mailchimp
More information on Paytrail Oyj

Registry security principles
The information provided is stored in the systems of the controller. The access to the systems is restricted. Only certain predefined administrators have access to and access to the data stored in the registry on the systems. The information contained in the register is located in locked and guarded premises.

Right of prohibition for the data subject
The data subject shall have the right to prohibit the controller from processing data relating to him / her for direct marketing, distance selling and other direct marketing, market and opinion polling, as well as for personal data and genealogy. The restriction must be in writing and addressed to those responsible for registry matters.

Right of inspection of the data subject
The data subject has the right to inspect the personal data stored in the register and to obtain copies thereof. The request for inspection must be made in writing and addressed to the person responsible for registry matters.

Correcting Information
The Registrar shall, on its own initiative or at the request of the data subject, rectify, delete or complete personal data contained in the Register which are inaccurate, unnecessary, incomplete or outdated for the purpose of processing. The data subject should contact the data controller of the controller in order to correct the information.