Privacy policy

Jyväskylä Fair Ltd customer and marketing register

Personal Data Act (523/1999) 10 and 24§
General Data Protection Regulation (679/2016)
Updated 24.5.2019

1. Controller
Jyväskylä Fair Ltd
PL 127, 40101 Jyväskylä
p. 014 334 0000
Business ID: 0626505-0

2. Contact information
Sales secretary Tuula Rahikainen
Jyväskylä Fair Ltd
PL 127, 40101 Jyväskylä
+358 50 462 1232

3. Name of the register
Jyväskylä Fair Ltd customer and marketing register

4. Purpose of personal data processing
Controller process the personal data for following purposes:
• Customer relationship management and customer service
• Implementation of the rights and obligations of the customer and the controller
• Event arrangement, visitor count and event development
• Invoicing and payment control
• Informing, marketing communications and advertising

5. Legal basis of personal data processing
The legal basis of personal data processing are contract, consent of the data subject and legitimate interest of the controller.

The processing of personal data in the customer register is based on contract when the data subject is party to a contract with Jyväskylä Fair Ltd. Thus his or her personal data may be processed for the performance of the contract.

The data subject can also give his/her consent for processing personal data. The controller sends marketing messages to data subjects who have given their voluntary consent to electronic direct marketing (subscribed to the newsletter). You can unsubscribe from marketing messages by notifying the controller or by clicking the opt-out option associated with each marketing message (“Unsubscribe”), in which case the data subject’s information will be removed from the registrant’s electronic direct marketing subscriber list.

The processing of personal data is based on the legitimate interests of the controller when there is a relevant relationship between the data subject and controller. The data subject is the customer or subordinate of the controller. The controller may also process data from potential customers or representatives, which the controller may reasonably expect to be interested in acquiring the services or products provided by the controller. Direct marketing may be sent to potential customers of the controller for whom the controller can reasonably believe that the products or services being marketed have a essential connection with the area of ​​responsibility or work of the potential customer.

6. Data content of the customer register
The personal data collected by the controller may contain e.g. the following types of data, essential to the purposes mentioned above:
– Name
– E-mail
– Phone number
– Company and title
– Basic data of the company: name, address, e-mail, phone number and invoicing details

7. Regular information sources
Data is collected from the following sources:
– from the data subject via registration to events or subscribing to a newsletter (online-form) or in the process of making an offer or contract
– from public sources (internet, trade registers)
– from representative of the data subject’s employer (contact persons of corporate customers)

8. Regular hand-over of personal data
The information of customers (trade fairs) who have registered electronically for the events will be handed over to the company that the visitor has indicated as the inviter. The information of electronically registered customers is also provided to the event organizer if the organizer is a party other than Jyväskylä Fair Ltd. Customer register information may also be disclosed to subcontractors who are used to provide a service to a customer. A written data processing agreement has been concluded with the partners processing personal data on behalf of the controller, which ensures that the service providers process personal data for which the controller is responsible in accordance with the controller’s instructions. Customer register information is not disclosed to third parties.

9. Transfer of personal data outside the EU or the European Economic Area
Personal data will not be handed over outside the EU or the European Economic Area.

10. Retention period of personal data
The controller shall process and store the data only for as long as is necessary for the pre-defined purpose of the personal data. Personal data which has become redundant and which the controller no longer has grounds to retain or process shall be deleted at regular intervals in accordance with the controller’s own data protection policies. The data subject has the right to request the deletion of his data at any time.

11. Principles of register protection
• Manual material
o is kept in a locked space for the period required by the attendance calculation, after which they are destroyed
• Electronic material
o Customer register is stored in Jyväskylä Fair Ltd’s server. The server is protected by means of technical solutions.
o Separately appointed employees of the controller and employees of companies operating under the assignment and in the name of the controller are only entitled to use the system that contains customer data and modify customer data. Access to the data is protected by a username and password.
o Employees who process the registered customer data are bound by a confidentiality obligation. Data will only be disclosed or transferred to third parties as a result of a statutory disclosure obligation, such as a request presented by the data subject or by the authorities.

12. The right of data subjects to check data
Data subjects have the right to check their personal data saved in the register and to obtain copies of their data. Requests to check data must be made in writing and addressed to the party responsible for registration matters. (See contact information point 2).

13. The right to have the data rectified
The controller will rectify, remove or supplement any registered personal data that is incorrect considering the purpose of processing, unnecessary, defective or outdated, independently or at the request of the data subject. Data subjects must contact the party responsible for registration matters in writing in order to rectify data. (See contact information point 2).

14. The right of data subjects to restrict processing
The data subject has the right to prohibit the controller from processing personal data concerning him or her for the purpose of direct mail, distance selling and other direct marketing, as well as market and opinion research. The prohibition must be made in writing and addressed to the party responsible for registration matters. (See contact information point 2).