This is the data protection statement of the stakeholder register of the EUSBSR Baltic Sea Strategy Point, issued in accordance with the Personal Data Act (Sections 10 and 24), and the EU's General Data Protection Regulation (GDPR). It was drafted on 23 May, 2018.

1. Registrar

EUSBSR Baltic Sea Strategy Point

c/o Lead Partner: Centrum Balticum Foundation
Vanha Suurtori 7
20500 Turku
centrumbalticum(a)centrumbalticum.org

2. The person in charge of the register

Project Manager Juahni Ailio
+358 40 509 7139
firstname.lastname(at)centrumbalticum.org

3. Name of the register

The register is called the Stakeholder Register of EUSBSR communications.

4. The purpose of the register / the purpose of handling personal data

The purpose for which the information in the personal data register is used is to give out information about the EUSBSR activities and stakeholder communications. We use the personal data register for sending out newsletters and invitations to events. We handle personal data in matters related to the management of communications, such as user surveys and responding to feedback.

With the help of the register we also develop the EUSBSR website, services and social media channels. With the help of the register we are able to target the stakeholder groups with relevant content.

5. The information content of the register and sources of information, in accordance with the rules

We collect and handle the following data:

• The person’s work e-mail address / e-mail address
• The name of the person's employer organisation
• The surname and given name of the person
• Information on requests to send communications or marketing communications sent by the person
• Information on prohibitions on communications and marketing
• Information fed into contact forms
• Information fed through blogs
• User feedback information

In the use and development of the services we may handle the following personal data:

• IP address information or other identifiers
• Information collected from cookies
• Data collected from the use of the balticsea-region-strategy.eu web service, offered by Google Analytics

We also receive personal data from the following sources:

• Information connected with the use of social media, such as LinkedIn, Facebook, X and YouTube
• Social media services themselves define the kind of information they offer their users and in what time period

On the basis of the consent of the person involved, we collect and handle other information on a case-by-case basis. We collect personal information primarily from the persons themselves in connection with contacts that are made and order forms. We may collect information about customers from public sources and registers, based on gaining permission from the customer or as set by law (for example, the Personal Data Act, Section 19, paragraph 3).

We collect visitor information from the eusbsr.eu website for the development of the website and for targeting content that is relevant to visitors with the help of the Google Analytics system and cookies. It is possible to cancel Google Analytics monitoring by following the instructions of the service provider.

6. Data systems using the register

Our register can be used by the following data systems:

• Google Analytics (Google and the GDPR)
• balticsea-region-strategy.eu web service / Joomla! content management system (CMS)
• AcyMailing e-mail service (an extension to Joomla! CMS)
• EUSBSR social media channels

7. Normal handing over of data

Data is not given to outside parties.

8. Passing on information outside the EU or European Economic Area

Data is not passed outside the EU or European Economic Area.

9. Storage time for personal data

We do not store personal data longer than is necessary for the purpose for which it is used, or alternatively, we store it for a period that we have defined with our service providers / cooperative partners in our data security and data protection agreements. The storage times of personal data vary according to the purpose of its use and the situation. We update personal information when necessary and we remove unnecessary information.

10. The principles of the protection of the register

We keep personal data in electronic form on the servers of our service providers. These are protected through agreements that follow general practices made between us and our service providers. We do not disclose used or handled personal data to anyone other than those who need it for their work or our cooperative partners, to whom it is disclosed in confidence and to a limited degree (determined on the basis of agreements). We restrict access to personal data through user codes, passwords and access rights.

11. Right of inspection

Each individual has the right to inspect personal data about herself or himself from our customer and stakeholder register, in accordance with Sections 26–28 of the Personal Data Act.

Inspection requests are sent to the Lead Partner of the Baltic Sea Strategy Point project at the following postal address:

Centrum Balticum
Vanha Suurtori 7
20500 Turku

or to the following e-mail address: info(a)eusbsr.eu.

12. The right to demand the correction of data

Those who are registered have the right to request that we correct erroneous, unnecessary, obsolete or incomplete personal information. Under Section 29 of the Personal Data Act, requests to correct a specific error are sent to the Lead Partner of the Baltic Sea Strategy Point project at the following postal address:

Centrum Balticum
Vanha Suurtori 7
20500 Turku

or to the following e-mail address: info(a)eusbsr.eu.

13. Other rights pertaining to the handling of personal data

If we process data on the basis of a person's consent, he or she may withdraw consent at any time by giving notice by e-mail to the address: info(a)eusbsr.eu.

14. Privacy policy & data protection statement update

Updates may be made to this data protection report, for instance, if our operating methods or systems change/develop or if data protection recommendations change. We might also have to make updates if legislation changes.