Privacy statement for Fintraffic events

1 Introduction

Protecting your privacy and the transparency of the processing of your personal data are important to the Fintraffic Group. The purpose of this privacy statement is to inform you of the processing of your personal data in connection with events organised by Fintraffic. We process your personal data will in accordance with the EU General Data Protection Regulation (EU) 2016/679 and national data protection legislation.

2 Controller

Name: Traffic Management Company Fintraffic Ltd

Business ID: 2942108-7

Address: P.O. Box 71,  00241 Helsinki, Finland

Telephone switchboard: +358 29 450 7000

Controller's representative: viestinta(at)fintraffic.fi,  +358 29 450 7000  

Group Data Protection Officer: privacy(at)fintraffic.fi, +358 29 450 7000

3 Categories of data subjects and personal data we process

Categories of data subjects

Persons registered and participating in the event.

Personal data we process

The following personal data is processed for those who have registered for the events:

  • Name 
  • Contact information (email address, telephone number, street address, postcode and city)
  • Organisation
  • Job title
  • Image and video recordings 
  • Diet / allergies 
  • Feedback on the event 
  • Travel services
  • Role in the event

The information collected and processed may vary depending on the nature of the event, and not all of the above information will be processed in connection with each event.

4 Data sources

Fintraffic primarily collects the data from the individual in connection with the registration.

Image and/or video recordings can be taken at the event. If a person is filmed in particular, consent is requested for the publication of the photo.

Data collected from the data subject

Depending on the theme or nature of the event, the following information is collected:

  • Name 
  • Contact information (email address, telephone number, street address, postcode and city)
  • Organisation
  • Job title
  • Diet / allergies 
  • Feedback on the training 
  • Travel services 
  • Role in the event 

Data collected from other sources

  • Image and video recordings 

5 Purpose and legal basis of processing

Purpose of processing

Personal data is processed to ensure the registration, participation, contact, billing and functioning of the event and the security of the participants. 

The event can also be a virtual event, such as a webinar.

Legal basis for the processing of personal data

The personal data referred to in this privacy statement are processed in accordance with the EU General Data Protection Regulation’s Article 6(1)

  • (a) with the consent of the data subject
  • (c) the controller’s legal obligation; or
  • (f) in the legitimate interest of the controller 

In addition, data belonging to special categories of personal data are processed in accordance with the EU General Data Protection Regulation’s Article 9(2)

  • (a) with the specific consent of the data subject
LEGAL BASISPROCESSING PURSUANT TO THE BASIS
Data subject’s consent
  • Publication of a photo

 

Specific personal data:

  • Information on the participant’s allergies

 

Implementation of the agreement
  • Paid events
The controller’s legal obligation

Accounting Act 1336/1997: 

  • The information required for accounting and taxation is kept in accordance with applicable laws. 

 

Legitimate interest of the controller
  • Feedback survey
  • Organising an event
  • Ensuring the safety of the event
  • Registrations (collection, reception, processing, communication)

 

6 Disclosure of data and data recipients

The controller uses instructions and written data processing agreements to ensure that each recipient complies with the regulations related to the processing of personal data.

Other companies belonging to the controller's group may process your personal data on the basis of the legitimate interest of the controller. However, your data is disclosed and processed within the group only to the extent necessary to implement the purposes described in this privacy statement.

Your data can be disclosed to the following parties:

Disclosure of personal data to processors

Service providers, such as venue services, event recording (Teams), trainers / coaches, event photography or filming, can be used in organising the event. The service providers used depend on the nature of the event and, if necessary, can be further clarified at the request of the data subject.

Collection and processing of registrations:

  • Lyyti Oy
  • Microsoft Forms

The processor of your personal data may only process data in accordance with instructions issued by the controller.

Transfers of personal data outside the EU or EEA countries

Your personal data will not be transferred outside the EU or EEA.

7 Data storage

Your personal data will only be processed for the period and to the extent necessary for the purposes listed in this privacy statement. When the legal basis for processing no longer exists or your personal data is no longer needed, the data will be properly destroyed.

The information required for accounting and taxation is kept in accordance with applicable laws. 

8 Protection of personal data 

The controller has access to appropriate technical and organisational personal data protection measures. With these measures, the controller ensures that the data subject’s personal data are not accidentally or unlawfully destroyed, lost or altered. The controller also ensures that the data are not disclosed without authorisation and cannot be accessed by anyone who does not have the right to process the data. 

9 Rights of the data subject

Right to obtain information on the processing of their own data, right of access to their data and right to request rectification of their data

You have the right to be informed by the controller of whether your personal data is being processed. If your personal data is being processed, you have the right to receive a copy of your personal data and information on the purposes of the processing and other matters related to the nature of the processing.

If your personal data is incomplete or otherwise incorrect, you can demand that the controller rectify your data.

Right to request the erasure or restricting the processing of data and the right to object to processing

You may require that the controller delete your personal data, for example, when the controller no longer needs your personal data for the original purpose, your personal data is being unlawfully processed in your opinion, or you withdraw your consent as the legal basis for the processing of your data. However, if the retention of your personal data is necessary to establish, present or defend a legal claim, the controller is not under any obligation to delete your data.

You may require that the controller restrict the processing of your personal data to only include its storage, for example when it is unclear whether your personal data is accurate or being lawfully processed.

When the legal basis for the processing of your data is the legitimate interest of the controller, the public interest or the exercise of public authority, you have the right to object to the processing of your data on the basis of your personal, special situation. However, if there is a significant and justified reason for processing that overrides your rights, the processing of your data can continue.

Right to withdraw consent

If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. After your consent has been withdrawn, the controller may no longer process your personal data for which your consent was the only grounds for processing. Withdrawal of consent shall not affect the lawfulness of processing carried out before the withdrawal of consent.

Right to require the technical transfer of their data from one controller to another (data portability)

If the processing is based on your consent or the implementation of an agreement and it is carried out automatically, you have the right to require the transfer of your data technically directly from one controller to another.

Exercise of the data subject's rights

As a rule, the actions the controller takes due to your request are free of charge for you. However, you must be able to identify yourself reliably for your request to be approved. Therefore, if necessary, the controller may require you to prove your identity at the time of your request.

The controller will respond to your request without undue delay and, as a rule, within one month of receiving the request.

10 Referral to the Data Protection Ombudsman

If you feel that your personal data has been processed in a manner that does not comply with data protection legislation, you may lodge a complaint with the supervisory authority. The Office of the Data Protection Ombudsman acts as the competent supervisory authority in Finland:

Street address: Lintulahdenkuja 4, 00530 Helsinki

Postal address: PO Box 800, 00531 Helsinki, Finland

Switchboard: +358 29 566 6700

Registry: +358 29 566 6768

Email (registry): tietosuoja(at)om.fi

However, the controller would appreciate if you could first notify the controller of the matter. For further information on the data subject's rights please see https://tietosuoja.fi/yksityishenkilot.