Register and privacy policy

This is the register and privacy policy of International Hobbyhorse Federation ry drawn up in accordance with the EU General Data Protection Regulation (GDPR). Drawn up on 26 October 2024. Last modified on 26 October 2024.

1. Data controller
International Hobbyhorse Federation ry
Lautamies Jopin katu 5 B 7
00790 HELSINKI
FINLAND

2. Contact person in charge of the register
Erika Häyrinen
erika.hayrinen@hobbyhorsefederation.com

3. Name of the register
Membership register (associations, federations, communities, organisations)

The following data will be collected, as appropriate:

1. name of the organisation
2. contact information of the organisation (email address)
3. nationality of the organisation
4. name of the contact person

4. Legal basis and purpose of the processing of personal data
Lawfulness of the processing of personal data under the EU General Data Protection Regulation is based on

– the consent of the data subject (documented, voluntary, individualised, deliberate and unambiguous)

– legitimate interest of the data controller (relations with members and recruitment of volunteers).

The purpose of processing personal data is to communicate with stakeholders.

Data is not used for automated decision-making, profiling or marketing.

5. Data content of the register
Data stored in the register includes the data subject’s name, nationality of the organisation, contact information (email address) and other data pertaining to customer relations and services provided.

The IP addresses of website visitors and cookies that are necessary for the functionalities of the service are processed on the basis of a legitimate interest in order to, inter alia, ensure data security and collect statistics on website visitors in cases where such data can be considered personal data. Consent will be requested separately for third-party cookies where necessary.

6. Regular sources of data
The data stored in the register is obtained from data subjects through, inter alia, messages sent via web forms and through email, contracts, meetings and other situations where data subjects provide data pertaining to them.

Data pertaining to the contact persons of companies and other organisations can also be obtained from public sources, such as websites, directory services and other companies.

7. Regular disclosures and transfers of data outside the EU or EEA
Data is not regularly disclosed to other parties. However, data may be published if it has been agreed upon with the data subject and if it’s necessary for service operations. Member organisation’s name and nationality can be disclosed on International Hobbyhorse Federation’s social media accounts, inter alia Meta, and websites with a consent of the member.

Data may be transferred outside the EU or EEA by the data controller. Data will not be transferred to the United States without the data subject’s consent. By accepting the use of cookies on the website, the user agrees to the following.

We use the following services on our websites: Google Forms, Google Analytics, Google Search Console and Meta.

Transferring or disclosing data outside the EU or EEA when using Google Forms, Google Search Console and Google Analytics:

Personal data contained in these services may be transferred outside the EU. Google complies with the EU Commission’s standard clauses to ensure the necessary level of data protection when personal data is transferred outside the EU. For more information on the personal data collected by Google Forms, please visit https://policies.google.com/privacy?hl=en https://policies.google.com/privacy

Transferring or disclosing data outside the EU or EEA when using Meta:

For information on the personal data collected by Meta, please visit https://www.facebook.com/privacy/policy/

8. Principles of register protection
The register is handled with due diligence and the data processed using information systems is protected with appropriate methods. Where register data is stored on servers connected to the internet, the physical and digital information security of the equipment used is ensured to an appropriate degree. The data controller shall ensure that the stored data as well as the rights of access to the servers and any other data that is critical in terms of personal data security are handled confidentially and only by employees whose job descriptions include these tasks.

9. Right of access and the right to rectification
Each data subject included in the register has the right to review the data pertaining to them stored in the register and to request rectification of any incorrect data or completion of any incomplete data. If a data subject wishes to review the data pertaining to them stored in the register or to request rectification of said data, they must send their request to the data controller via email. Where necessary, the data controller may ask the data subject to verify their identify. The data controller shall respond to the data subject within the time specified in the EU General Data Protection Regulation (within one month in general).

10. Other rights pertaining to the processing of personal data
The data subjects have the right to demand the erasure of any personal data pertaining to them from the register (“the right to be forgotten”). Therefore registered members also have other rights according to the EU’s General Data Protection Regulation, such as limiting the processing of personal data under all circumstances. All requests must be sent to the data controller via email. Where necessary, the data controller may ask the data subject to verify their identify. The data controller shall respond to the data subject within the time specified in the EU General Data Protection Regulation (within one month in general).