RIA.fi Logo
Liity jäseneksi

Member data protection

RIA ensures the protection of its members’ data at all stages of processing, from collection to destruction.

Security of processing requires, for example, the ability to guarantee the continued confidentiality, integrity, availability and fault tolerance of systems and services, as well as the ability to restore data availability and access quickly in the event of a physical or technical failure. RIA is committed to the data protection requirements of the GDPR.

RIA Privacy Notice

1. Controller and contact person

Civil Engineers and Architects RIA ry
P.O. BOX 357
Albertinkatu 23 A
00121 Helsinki
Business ID: 0116831-5
Data Protection Officer Antti Aarnio

2. Registered persons

The register processes personal data of members and former members of the association and its employees.

3. Grounds for and purposes of the processing of personal data

The member associations of the Association of Civil Engineers and Architects (RIA) have submitted a list of members to the RIA in accordance with the Associations Act. The presidents and secretaries of the member associations have limited access to the register of members for their own association’s membership data.

The purpose of the personal register of members of member associations (membership information system) maintained by the RIA is also to provide membership benefits and services to personal members of these associations, to collect membership fees from personal members and to support educational, professional and labour market lobbying.

The processing of personal data is based on the association’s legal obligation to maintain a register of members.

The basis for processing data concerning the trade union membership of data subjects is the legitimate interest of the RIA’s activities and the data subject’s consent.

For the personal identifier, the processing ground is that the data subject can be reliably and unambiguously identified in order to ensure the legal certainty and the interests and rights of the data subject.

4. Personal data processed

The register processes personal and contact information of RIA members and other necessary information related to membership. This information includes:

  • first name and surname
  • address details
  • email addresses
  • phone numbers
  • membership number
  • date of birth
  • personal identification number
  • cashier membership
  • membership of member organisations
  • positions of trust
  • training background
  • job details, job title, position, work history
  • membership fee invoices and payment information, including applications for reduction of membership fees
  • awards and titles
  • magazine subscriptions and membership card

Information on members who have resigned or been expelled, etc. is kept, but not maintained or passed on.

Records are kept of shop stewards, trustees, board members, liaison officers and other persons involved in lobbying:

  • name and personal identification number
  • address, e-mail address, telephone numbers
  • employer, establishment, job title, post, employment history, collective agreement applicable
  • positions of trust and association, honours, titles

5. Personal data protection and security

The personal data processed digitally are protected and stored in the RIA Union’s personal register, to which access is restricted to those persons who need the data for the performance of their duties. These persons have access to personal usernames and passwords.

Personal data is protected from unauthorised access and the use of members’ data is monitored. Members log in to their own data with strong authentication, i.e. a mobile certificate or bank ID. Personal data sent outside the association is encrypted. The workstations and storage media used are encrypted.

6. Regular disclosures and transfers of personal data

Personal data may be disclosed to the Association’s partners in order to carry out measures and services related to the Association’s membership, such as insurance services and various surveys.

7. Transfer of personal data outside the European Union or the European Economic Area

The data will not be disclosed outside the European Union or the European Economic Area.

8. Retention period of personal data

Personal data is kept in the register as long as the member is a member of RIA. After the termination of membership, personal data is retained for a maximum period of ten years after the termination of membership on the basis of the legitimate interest of RIA, i.e. for the defence of possible legal claims (KKO 2017:15). Personal data may also be kept for longer than this if applicable law or RIA’s contractual obligations towards third parties require a longer retention period. Such a ground is, for example, membership of an unemployment fund, where personal data are kept until the person reaches the age of 68.

9. Profiling

As part of its personal data processing activities, the RIA Association may carry out profiling of a member. As a result of profiling, the member will receive better targeted communications and services.

10. Rights of the data subject

You have the right to object at any time to the processing of your personal data for direct marketing purposes. The data subject may provide RIA with channel-specific consents and prohibitions on direct marketing (for example, to opt-out of marketing messages sent by e-mail).

In principle, a member has the right, in accordance with the applicable data protection legislation, at any time to:

  • be informed about the processing of their personal data;
  • have access to their own data and inspect the personal data processed by the RIA Union concerning them;
  • request that inaccurate or incorrect personal data be corrected and completed;
  • request the deletion of their personal data;
  • withdraw their consent and object to the processing of their personal data insofar as the processing of personal data is based on the data subject’s consent;
  • object to the processing of their personal data on grounds relating to their particular personal situation, insofar as the processing is based on the legitimate interests of the RIA Union;
  • receive their personal data in a machine-readable format. The RIA Association processes such personal data on the basis of the data subject’s consent and the processing is carried out automatically;
  • request restriction of the processing of their personal data.

The data subject should submit a request to exercise the above right in accordance with the Contact section of this Privacy Policy. The Association may ask the data subject to specify his/her request in writing and to verify the identity of the member before processing the request.

11. Right to appeal to the supervisory authority

Each member has the right to lodge a complaint with the relevant supervisory authority or with the supervisory authority of the Member State of the European Union where the member resides or works if the Data Subject considers that his or her personal data have not been processed in accordance with the applicable data protection legislation.

12. Contacts

Requests to exercise member rights, questions about this Privacy Policy and other communications should be made by email to RIA’s Data Protection Officer Antti Aarnio at antti.aarnio@ria.fi. The data subject may also contact the contact person or write to the address below:

Civil Engineers and Architects RIA ry
Antti Aarnio
PL 257
Albertinkatu 23 A
00121 Helsinki

13. Changes to this Privacy Policy

This Privacy Policy will be updated from time to time, for example, as legislation changes. This Privacy Policy was last updated on 7.3.2023.