Data Controller

Musiikki & Media Oy (Business ID 0792896-0)

Kelloportinkatu 1 C, FI-33100 Tampere

Tel. +358 (0)400 256 658


Contact Person

Kreetta Luoma

Kelloportinkatu 1 C, FI-33100 Tampere


Purpose and legal basis for processing personal data.

Personal data is processed for the purpose of executing the agreement between the controller and the data subject, and, where applicable, with the consent of the registrant for the purposes of registering, contacting, negotiating, marketing, and other customer-specific measures.


The purchase and transaction information processed in the register can also be used for profiling and for targeting marketing activities and customer communications to be of interest to the data subject. Personal information is also processed when sending newsletters and when taking part in events and other marketing activities.


If the data subject does not provide the requested information to the extent that the information relates to the registration, the controller cannot accept the data subject’s registration and/or request the data subject to be bound by the participation agreement between the controller and the data subject.


Retention of personal data.

Personal data collected during the registration will be retained 36 months after the end of the event.


Unique data will be deleted or anonymized once the retention period specified above has expired.


Registry personnel, data content, and personal data groups.

The groups of persons whose data can be processed are participants of the event organized by the data controller or those who have accepted being marketed to.


The register may include, inter alia, the registered name and surname of the data subject, as well as any contact information and necessary information provided in connection with the event. The registration information entered by the data subject themselves is the default. We use this information for personalized service, communications, marketing purposes, and for exchanging contact information:


- Full name = Identifying a person / event participant

- Name of the company’s organization = Identification of the party represented by the participant

- Email = Identification of a person and personalization of communications

- Phone -number = Identification of a person and personalization of communications

- Other data given by the data subject


In addition to these, we collect the following information:

- Website = Website of a company/organization that can be added to the person's information on the site of the event.


Regular sources of information.

Information provided by the participant, customer information system ProTiketti, the invoicing database Arkhimedes, and the Nordea billing system.


Regular disclosure of information.

The register information can be shared within the organization, as well as between the stakeholders in the process. In addition, the register information is transferred to a defined personal data handler. The controller is responsible for ensuring that subcontractor systems and operators themselves are compatible with GDPR. Personal data may be transferred outside of the EU or EEA for the production and provision of services. When transferring personal data outside of the EU or the EEA, we take care of protecting all data, by agreeing on the confidentiality and processing of personal data as required by the data protection legislation and using standard contractual clauses approved by the European Commission.


Personal data handler, who the personal data is transferred to:

Tiketti Oy (0116189-3)

Urho Kekkosenkatu 4-6

FI-00100 Helsinki



We use Google Analytics to track social shares made at our website. Google automatically collects and stores certain information in their server logs which includes device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL, cookies that may uniquely identify your browser or your Google Account, in accordance with their data privacy policy:


We embed a Facebook widget to allow you to like/share/recommend our webpage. This widget may collect your IP address, your web browser User Agent, store and retrieve cookies on your browser, embed additional tracking, and monitor your interaction with the widget, including correlating your Facebook account with whatever action you take within the widget (such as liking/sharing/recommending our webpage), if you are logged in to Facebook. For more information about how this data may be used, please see Facebook’s data privacy policy:


We use a Twitter Tweet widget at our website. As a result, our website makes requests to Twitter’s servers for you to be able to tweet our webpage using your Twitter account. These requests make your IP address visible to Twitter, who may use it in accordance with their data privacy policy:


We use a Linkedin Share widget at our website to allow you to share our webpage on Linkedin. These requests may track your IP address in accordance with their data privacy policy:


Principles of registry protection.

The information is kept technologically protected. Physical access to data is blocked by access control as well as other security measures. Access to information requires sufficient privileges as well as password authentication. Unauthorized access is also prevented by, for example, firewalls and technological protection. Only the data controller and specially appointed technical persons can access the register information. Only designated persons have the right to process and maintain the registry information. Users are bound by the confidentiality obligation. The registration information is backed up safely and will be returned as needed. The level of security is audited at recurring intervals either by external or internal auditing.


Data subject’s rights.

A person in the register has the right to, inter alia:

- ask the data controller for all information about themselves and the right to request the rectification or removal of such information or limitation of the processing, or to oppose the processing and the right to transfer the information from one system to another;

- check and, if necessary, correct what information about them is in the register. The request must be made in writing to the data controller. The data subject is entitled to make changes to the information that has been incorrectly entered in the register

- insofar as the processing of personal data is based on the consent of the data subject, the right to withdraw consent at any time, without prejudice to consent, prior to its revocation of the lawfulness of the processing

- make a complaint about the processing of personal data to the supervising authority


Changes to the Privacy Policy.

The controller is entitled to make changes to this privacy policy.


The Office of the Data Protection Ombudsperson

PL 800

FI-00521 Helsinki

+358 (0)29 566 6700