The Finnish Institute (hereinafter the Institute) handles personal data with care and responsibility. We do not use personal data for commercial purposes or disclose it to third parties. This document describes the principles related to personal data protection in more detail.
Data Controller
Finnish Institute Marati 5-2, 11712 Tallinn, Estonia
Contact person for registry-related matters
Administrative Manager Viia Väli viia.väli@finst.ee
Registries and their terms of use
- Contact data registry
- Registry of participants in projects and events organised by the Institute
- Registry of applicants for the TelepART programme
Purposes and description of personal data use
Personal data is used to enable the Institute’s activities. The registries are used to promote cultural exchange between Finland and Estonia and to contact people and organisations relevant to our work.
1) Contact data registry
Used for sharing information about the Institute’s activities and related events (e.g. newsletters, specific professional information), and for staying in contact with stakeholders. A person is included in the registry if they have subscribed to news, announcements or other notifications about the Institute’s activities, participated in events organised by the Institute, and/or otherwise indicated their interest in receiving information about the Institute.
2) Registry of participants in projects and events organised by the Institute
Personal data is used for more efficient organisation of projects and events and for collecting feedback. Data is processed with the consent of the individuals entered in the registry. The Institute has the right to use photographs taken during projects and at Institute-organised events in its communications.
3) Registry of applicants for the TelepART programme
Personal data is used for responding to TelepART programme applications and for further programme-related communication. Data is processed with the consent of the applicant.
In addition to the registries mentioned above, personal data of library clients is collected at the Institute’s library in Tartu into an electronic database called Sierra. The registry controller is the Library Network Consortium (ELNET), which is responsible for the personal data held in the library database. Data is added to the database with the client’s consent so that they can borrow library materials. The Sierra database is password-protected and accessible only to library staff. Data is retained for three years from the last time the client borrowed a library item. Clients can modify and/or update their personal data themselves in the e-catalogue ESTER.
In addition, a short-term registry of other uncatalogued materials, such as board games and some newspapers, is maintained on the personal computers of Tartu library staff. The registry records the person’s name and the borrowed item. The data is deleted from the registry immediately upon return of the borrowed item.
Information contained in the registries and its sources
1) Contact data registry
Basic personal data such as name, job title, organisation, email address, and sometimes postal address and phone number. Data is obtained directly from the person being registered.
2) Registry of participants in projects and events organised by the Institute
Basic personal data such as name, job title, organisation, email address, and sometimes additional information related to the event topic, dietary preferences or other restrictions. Data is obtained from participants when they join a project or register for an event.
3) Registry of applicants for the TelepART programme
Applicant’s name, date of birth, address, email address, phone number and bank account number. Performer’s name, date of birth and country of residence. Data is obtained from the person being registered or their representative.
Transfer of data and movement to other countries and international organisations
Data is not transferred outside the European Union or the European Economic Area, nor to international organisations. Data may be processed in third countries only in accordance with GDPR principles.
Principles for protecting the registries
1) Contact data registry
The registry is accessible to those Institute employees who have user rights (username and password) for the Institute’s registry. The Institute uses an electronic registry service called Insightly. Access to registry data can be restricted if necessary. The service provider is located in the United States and has committed on its website to comply with the EU GDPR: https://www.insightly.com/gdpr/. A Data Processing Agreement (DPA) has been concluded between the Institute and Insightly.
2) Registry of participants in projects and events organised by the Institute
The lists are accessible to those Institute employees who have user rights (username and password) for the programmes used in Institute operations. With participants’ consent, their personal data is shared with other project participants.
3) Registry of applicants for the TelepART programme
The registry is accessible to those employees who have user rights for the TelepART support programme. Access is protected by individual usernames and passwords. The application programme service provider Gruppo processes personal data solely at the request of the registry controller for the purpose of providing the service. Data is stored on the service partner’s server, access to which is restricted and secured.
Institute employees and other data processors are bound by a confidentiality obligation in accordance with the law, to protect the data of partners and private individuals.
Rights of individuals in the registry
Individuals included in the registry have the right to check what data has been entered about them, correct inaccurate data, request removal of their data from the registry, restrict data processing, and request transfer of their data to another registry controller. A corresponding email should be sent to the registry controller at finst@finst.ee.
The registry controller will respond within one month of receiving the request or will notify the individual of the reason for any delay.
Cookies
The Institute’s website uses cookies for the purpose of monitoring website traffic and compiling statistics. You can opt out of cookies at any time by changing the browser settings of your device and deleting stored cookies.