Musiikki & Media Oy (Business ID 0792896-0)
Kelloportinkatu 1 C, FI-33100 Tampere
Tel. +358 (0)400 256 658
Kelloportinkatu 1 C, FI-33100 Tampere
PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA.
Personal data is processed for the purpose of executing the agreement between the controller and the data subject, and, where applicable, with the consent of the registrant for the purposes of registering, contacting, negotiating, marketing, and other customer-specific measures.
The purchase and transaction information processed in the register can also be used for profiling and for targeting marketing activities and customer communications to be of interest to the data subject. Personal information is also processed when sending newsletters and when taking part in events and other marketing activities.
If the data subject does not provide the requested information to the extent that the information relates to the registration, the controller cannot accept the data subject’s registration and/or request the data subject to be bound by the participation agreement between the controller and the data subject.
RETENTION OF PERSONAL DATA.
Personal data collected during the registration will be retained 36 months after the end of the event.
Unique data will be deleted or anonymized once the retention period specified above has expired.
REGISTRY PERSONNEL, DATA CONTENT, AND PERSONAL DATA GROUPS.
The groups of persons whose data can be processed are participants of the event organized by the data controller or those who have accepted being marketed to.
The register may include, inter alia, the registered name and surname of the data subject, as well as any contact information and necessary information provided in connection with the event. The registration information entered by the data subject themselves is the default. We use this information for personalized service, communications, marketing purposes, and for exchanging contact information:
– Full name = Identifying a person / event participant
– Name of the company’s organization = Identification of the party represented by the participant
– Email = Identification of a person and personalization of communications
– Phone -number = Identification of a person and personalization of communications
– Other data given by the data subject
In addition to these, we collect the following information:
– Website = Website of a company/organization that can be added to the person’s information on the site of the event.
REGULAR SOURCES OF INFORMATION.
Information provided by the participant, customer information system ProTiketti, the invoicing database Arkhimedes, and the Nordea billing system.
REGULAR DISCLOSURE OF INFORMATION.
The register information can be shared within the organization, as well as between the stakeholders in the process. In addition, the register information is transferred to a defined personal data handler. The controller is responsible for ensuring that subcontractor systems and operators themselves are compatible with GDPR. Personal data may be transferred outside of the EU or EEA for the production and provision of services. When transferring personal data outside of the EU or the EEA, we take care of protecting all data, by agreeing on the confidentiality and processing of personal data as required by the data protection legislation and using standard contractual clauses approved by the European Commission.
PERSONAL DATA HANDLER, WHO THE PERSONAL DATA IS TRANSFERRED TO:
Tiketti Oy (0116189-3)
Urho Kekkosenkatu 4-6
PRINCIPLES OF REGISTRY PROTECTION.
The information is kept technologically protected. Physical access to data is blocked by access control as well as other security measures. Access to information requires sufficient privileges as well as password authentication. Unauthorized access is also prevented by, for example, firewalls and technological protection. Only the data controller and specially appointed technical persons can access the register information. Only designated persons have the right to process and maintain the registry information. Users are bound by the confidentiality obligation. The registration information is backed up safely and will be returned as needed. The level of security is audited at recurring intervals either by external or internal auditing.
DATA SUBJECT’S RIGHTS.
A person in the register has the right to, inter alia:
– ask the data controller for all information about themselves and the right to request the rectification or removal of such information or limitation of the processing, or to oppose the processing and the right to transfer the information from one system to another;
– check and, if necessary, correct what information about them is in the register. The request must be made in writing to the data controller. The data subject is entitled to make changes to the information that has been incorrectly entered in the register
– insofar as the processing of personal data is based on the consent of the data subject, the right to withdraw consent at any time, without prejudice to consent, prior to its revocation of the lawfulness of the processing
– make a complaint about the processing of personal data to the supervising authority
THE OFFICE OF THE DATA PROTECTION OMBUDSPERSON
+358 (0)29 566 6700