top of page

privacy policy

 

 

Data Controller

Name: Meri Kylänpää
Contact info: info@turkutuomiopaiva.com
Organization: Tuomiopäivä Events Oy
Address: Pläkkisepänkatu 3, 20320 Turku

​

Data Protection (information related to turku turbulence event)

Name: Aino Lepistö
Email: info@turkutuomiopaiva.com

​

1. Introduction

This Privacy Policy explains how Tuomiopäivä Events Oy collects, uses, and protects personal data in accordance with the GDPR.

 

2. Data Collected

We collect the following information through online forms on our website:

  • Name

  • Email address

When purchasing spectator tickets, the external ticketing service lippu.fi collects the necessary personal data – please refer to lippu.fi’s privacy policy here.

 

3. Purpose of Processing Personal Data

Personal data is processed for the following purposes:

  • Volunteer applications and other registration forms: communication with participants, providing information

  • Contact form: customer service and customer relationship management

 

4. Legal Basis for Processing

The processing of personal data is based on:

  • Contract (customer relationship: communication and customer service)

  • Legitimate interest (internal administration and security)

 

5. Data Retention Period

Volunteer applications and registration forms: Data is stored for three years or until the data subject requests deletion.

 

6. Recipients of Data

  • External ticketing service lippu.fi

  • Administrative personnel of Tuomiopäivä Events Oy

 

7. Data Security Measures

  • Encryption during data transfer and storage

  • Access control restricting processing to authorized personnel

  • Regular data security audits

  • Employee training in data protection matters

 

8. Rights of the Data Subject

Under the EU General Data Protection Regulation, the data subject has the following rights:

  • The right to obtain confirmation as to whether personal data concerning them is being processed and, if so, access to the personal data and the following information:
    (i) purposes of processing;
    (ii) categories of personal data concerned;
    (iii) recipients or categories of recipients to whom the data has been or will be disclosed;
    (iv) where possible, the planned retention period or the criteria used to determine it;
    (v) the right to request rectification or erasure of personal data or restriction of processing or to object to such processing;
    (vi) the right to lodge a complaint with a supervisory authority;
    (vii) where personal data has not been collected from the data subject, any available information as to its source; and
    (viii) the existence of automated decision-making, including profiling, and meaningful information about the logic involved and the significance and consequences of such processing (GDPR Art. 15).

  • The right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal (GDPR Art. 7).

  • The right to have inaccurate or incorrect personal data rectified without undue delay and to have incomplete data completed (GDPR Art. 16).

  • The right to have personal data erased without undue delay if:
    (i) the data is no longer necessary for the purposes for which it was collected;
    (ii) the data subject withdraws consent and there is no other legal basis;
    (iii) the data subject objects to processing and there are no overriding legitimate grounds;
    (iv) the data has been processed unlawfully; or
    (v) the data must be erased to comply with a legal obligation (GDPR Art. 17).

  • The right to restriction of processing if:
    (i) the accuracy of the data is contested;
    (ii) the processing is unlawful and the data subject opposes erasure;
    (iii) the controller no longer needs the data but the data subject requires it for legal claims; or
    (iv) the data subject has objected to processing pending verification of legitimate grounds (GDPR Art. 18).

  • The right to receive personal data provided to the controller in a structured, commonly used, machine-readable format and to transmit that data to another controller where processing is based on consent and carried out by automated means (GDPR Art. 20).

  • The right to lodge a complaint with a supervisory authority if the data subject considers that their personal data has been processed in violation of the GDPR (GDPR Art. 77).

Requests concerning the exercise of these rights must be submitted in writing to the controller’s contact person in a personally signed or otherwise verified document, or presented in person to the controller.

The data subject is responsible for the accuracy of the information they provide and must notify the controller of any changes.

 

9. Data Breaches

We will notify users and authorities without undue delay of any data breaches that may affect privacy.

 

10. Data Protection Officer

The appointed Data Protection Officer is Aino Lepistö, info@turkutuomiopaiva.com.

 

11. Transfers Outside the EU/EEA

Personal data is not transferred outside the EU or EEA.

 

12. Changes to This Privacy Policy

Tuomiopäivä Events Oy may update this Privacy Policy from time to time. Changes may be based on amendments to data protection legislation. Significant changes will be communicated, where necessary, to the email address provided by the data subject.

 

Contact Information

Tuomiopäivä Events Oy
Pläkkisepänkatu 3, 20320 Turku
info@turkutuomiopaiva.com

bottom of page