Privacy Statement

Jyväskylä Fair Ltd Marketing register

Personal Data Act (523/1999) 10 and 24§
General Data Protection Regulation (679/2016)
Updated 21.12.2023

1. Controller

Jyväskylä Fair Ltd
PL 127, 40101 Jyväskylä
p. 014 334 0000
Business ID: 0626505-0

2. Name of the register

Jyväskylä Fair Ltd Marketing register

3. Purpose of personal data processing

The purpose of processing the data in the register is managing customer relations, electronic direct marketing and sharing information related to events.

The information in the register can also be used for surveys.

4. Legal basis of personal data processing

The legal basis for the processing of personal data are contract, consent and legitimate interest of the controller. When the data subject is a party to the contract, his personal data may be processed to implement the contract.

The data subject can also give his consent for his personal data to be processed. The controller’s electronic direct marketing is sent to those registered who have subscribed to the newsletter. The subscription to marketing messages can be canceled by notifying the data controller or by clicking on the prohibition option associated with each marketing message (“Unsubscribe” function), in which case the data subject’s data will be deleted from the data controller’s electronic direct marketing subscriber list.

The legitimate interest of the data controller is the basis for processing when there is a valid connection between the data subject and the data controller. Such a factual connection is formed e.g. when the data subject is in contact with the data controller on his own initiative, or when the data controller processes the personal data of the data subject in connection with activities between the employer of the data subject and the data controller. In addition, the data controller may, based on a legitimate interest, record in the customer register the information of contact persons and representatives of potential customers whom the data controller can reasonably expect to be interested in acquiring services or products offered by the data controller. Direct marketing can be sent to such potential customers of the data controller, for which the data controller can reasonably consider that the marketed products or services have an essential connection to the potential customer’s area of ​​responsibility or work role.

5. Data content of the register

The controller processes only data that is necessary for the purposes mentioned above, i.e. name and e-mail address.

6. Regular information sources

Personal information has been obtained from the following data sources:

  • Directly from the data subject himself (newsletter subscription form, electronic registration for events, when making an offer/agreement, from messages sent via www forms, contacts, customer meetings and other situations where the customer discloses his information)
  • From public/generally available sources (internet, trade registers)
  • From a representative of the employer of the data subject (contact persons for business customers)

7. Regular hand-over of personal data

Personal data from the register is not handed over to any third parties.

8. Transfer of personal data outside the EU or the European Economic Area

Personal data is not handed over outside the EU or the European Economic Area.

9. Retention period of personal data

The controller processes and stores data only as long as is necessary for the predefined purpose of use of the personal data. Personal data that has become unnecessary and that the controller no longer has grounds to keep or process is deleted at regular intervals in accordance with the controller’s own data protection policies. The registered person has the right to request the deletion of their data at any time.

10. Principles of register protection

Care is taken when processing the register and the information processed with the help of information systems is properly protected.

The data of the register is stored in the system of the controller, which is protected by the security software of the operating system. Only designated employees and the system supplier have access to the register’s data, and the use of the data is protected with a username and password. Employees handling visitor register data are bound by the duty of confidentiality. Information is shared or disclosed to outsiders only due to a statutory reporting obligation, such as the customer’s own request or an authority’s statutory request.

The data is located on the supplier’s servers. The data center facilities are of the latest design and meet very high-level availability and security requirements. The facilities are basically built for the customers’ business-critical servers and applications, and they meet the highest standards set for IT environments.

11. The right of data subjects to check data

The data subject has the right to check the personal information stored in the register and to receive copies of it. The inspection request must be made in writing and addressed to the controller.

12. The right to have the data rectified

The controller corrects, deletes or completes personal data in the register that is incorrect, unnecessary, incomplete or outdated in terms of the purpose of the processing, on its own initiative or at the request of the data subject. The data subject must contact the controller in writing to correct the information.

13. The right of data subjects to restrict processing

The data subject has the right to prohibit the controller from processing personal data concerning him. The prohibition must be made in writing and addressed to the controller.