Personal Data Act (523/99) sections 10 and 24
Helsinki Events Foundation, Kaasutehtaankatu 1 / 19, 00540 Helsinki, Business ID 0224232-9, tel. (09) 6126 5100
Person in charge of the register
Communications Manager Anna Mäkelä
+358 50 581 4153
Name of the register
Helsinki Festival Personal Data Register
Legal bases for processing personal data
The three most important legal bases for processing personal data are (1) the consent we obtain, (2) the contract we make and (3) our legitimate interests.
The personal data we collect is based on one or more of the following legal bases:
- We have obtained in advance (in writing, verbally or online) explicit consent for the processing of personal data.
- Processing is necessary in conjunction with a contract signed with Helsinki Events Foundation (”need based on contract”).
- Processing is in our legitimate interests for reasons related to carrying out our business.
You have the right to withdraw the consent to data processing you have given us at any time by contacting laura.gottleben(a)eventshelsinki.fi.
Purpose of processing personal data / purpose of use of the register
The main purpose of this personal data register is to serve as the customer register of Helsinki Events Foundation. The register contains personal data on Helsinki Events Foundation’s private and corporate customers and on the potential customer base. In addition to basic customer data, information is collected about contracts, use of services, areas of use of services as well as the information required to provide and manage the services.
The customer information contained in the register may be processed for the following purposes:
– Customer relationship management
– Provision, development and maintenance of services intended for customers
– Customer support
– Notification, communication, marketing sales promotion and market research of Helsinki Events Foundation’s services and products
– For the needs of Helsinki Events Foundation’s operational business such as service process provision, invoicing and reporting
– Planning and development of Helsinki Events Foundation’s business activities
– Helsinki Events Foundation’s service communications of e-business contractual partners and marketing communications based on service contracts
Data content of the register
Helsinki Events Foundation’s register may contain the following information: the name, postal address, country of residence, date of birth, email address, phone number, title of the organisation or operator, the name, business ID, website and any other online addresses of the organisation. In addition, entries related to direct marketing consents and prohibitions and the information, such as technical identification data, required for the use of services are also collected. With regard to newsletter subscribers, the register may contain information about points of interest notified by the customer.
With regard to Night of the Arts events, programme information, timetable information, photograph and the name of the photographer are collected. Only the name and email address are collected from messages submitted on feedback forms. The name and email address of persons completing the visitor survey and of persons who have left their contact information are collected only if they wish to enter the prize draw in conjunction with the survey.
Regular sources of information
Data in the register is obtained from:
– the data subject
– a third party subject to the consent of the data subject
– the address information system when updating name and address data
Subscribers to event newsletters, representatives of partner organisations and subcontractors, for example, may be added to the register as may persons who have bought admission tickets to Helsinki Festival events and who have given their personal data and marketing consent when buying the ticket.
Data added to the register at Night of the Arts has been received from users via an online form.
Regular disclosures of data and transfers of data to outside of the EU or European Economic Area
Personal data is not disclosed to third parties other than within the limits permitted or required by legislation in force.
Under sections 22 – 23 of the Personal Data Act, personal data may be transferred to outside of the European Union or European Economic Area where, for example, this is required for the technical implementation of services or communication.
Personal data may, however, be transferred with the customer’s own consent.
Register protection principles
The register is maintained as a machine-readable record. The data system has been protected by passwords and only persons whose job requires its use can access the register.
Right of access and right to rectification
Data subjects have the right to check the data about them and to demand the rectification of inaccurate information about them. Customers also have the right to prohibit the sending of electronic offer messages and benefits as well as to prohibit the use of personal data for direct marketing purposes. The controller may ask the data subject submitting the request to prove their identity. The controller will reply to the data subject’s request within the time laid down in the EU’s General Data Protection Regulation.
Other rights related to the processing of personal data
Data subjects have the right to request the controller to erase their personal data from the register. Likewise, under the EU’s General Data Protection Regulation, data subjects have other rights such as the restriction of their personal data in certain cases. Requests must be sent in writing to the controller, who may ask the data subject submitting the request to prove their identity. The controller will reply to the data subject’s request within the time laid down in the EU’s General Data Protection Regulation.