This is the Personal Data Act (Articles 10 and 24) of the Global Forest Information Service
(GFIS) Information Provider Partners Register and the EU General the Register and Privacy
Statement in accordance with the Data Protection Regulation (GDPR). Created on 13.09.2018.
Last change 14.09.2018.
GFIS Coordination Unit
International Union of Forest Research Organizations
A-1030 Vienna, Austria
Tel.: +43-1-877 01 51-0
Eero Mikkola, GFIS Coordinator, email@example.com, +358 50 3912140
Global Forest Information Service (GFIS), www.gfis.net
The legal basis for the processing of personal data is the EU's general data protection regulation the legitimate interest of the controller (customer relationship). The purpose of processing personal data is to provide the service to promote the information of the partner organization. Information is not used for automated decision making or profiling.
The information to be stored in the register is: person's name, company /organization, contact information (phone number and e-mail address) and web site addresses. The information will be retained as long as the information provision to the GFIS gateway is valid. Unnecessary data will be deleted every five years.
The information stored in the register is obtained from the customer, among others. posted on www-forms messages, email, telephone, social media services, contracts, customer meetings and other situations in which the customer disclose their information.
Information will not be disclosed to other parties on a regular basis.
Careful handling and handling of the information systems is required when processing the registry the data is properly protected. When register information is stored on Internet servers, they are stored the physical and digital security of the hardware is properly handled. The controller shall ensure that the stored data, server access rights, and other information that is critical to the security of personal data is treated confidentially and only by the employees whose work they belong to.
A person in the register has the right to request the removal of personal data relating to him ("right to be forgotten"). Also, there are other EU-registered persons registered rights under the Data Protection Regulation such as limiting the processing of personal data in certain situations. Requests should be sent in writing to the registrar. The registrar can as appropriate, request the applicant to prove his / her identity. The controller is responsible within the time limit set by the EU Data Protection Regulation (as a rule, the month within).