eduKarjala (Business ID: FI25982098)Virsutie 2, 80710 LEHMO+358407788286, firstname.lastname@example.orgContact person:CEO, Mr Esa Räty, Virsutie 2, 80710 Lehmo, Finland, mob. +358407788286
Name of the register: Event participant and customer register
Processor to whom personal data is transferred: eduKarjala (Business ID: FI25982098), Virsutie 2, 80710 Lehmo, +358 40 7788 286, email@example.com
Purpose of processing personal data and legal basis:
Personal data is being processed in order to implement the contract signed between the File Controller and the Registered Person and, where applicable and subject to the prior consent of the Registered Person, also in connection to and to facilitate measures relating to customership management such as orders, registration, contacts, service use, marketing, and reporting.
Purchase and service use data and location data processed as part of the register can also be used for profiling and for targeting marketing and customer communications based on the interests of the Registered Person. Personal data will also be processed in connection to the sending of newsletters and to participation in events and other marketing measures.
If the Registered Person fails to provide information that is required to register for an event, the File Controller cannot accept the said registration or commit to the contract between the File Controller and the Registered Person on participation in the event.
Storage period of personal data
Personal data will be stored for as long as it is necessary to facilitate the registration of the Registered Person and the related event. In addition, the data will be stored three years. After Data will be deleted when the above storage period has expired.
Groups of persons, data content, and personal data groups of the register:
Groups of persons whose personal data can be processed include participants of events organized by the File Controller or persons who have consented to marketing measures.
The personal data that can be processed within the register include the first and last names and any contact details of the person registered for the event organized by the File Controller, and any necessary information provided relating to the event. Information provided by the Registered Person in connection to registration to the event can contain an email address, telephone number, street address, date of birth, or information of allergies.
Regular sources of information:
Information provided by the participant, customer information and invoicing database.
Regular disclosure of information:
Information contained in the register can be distributed within the organization and between the interest groups of the event. In addition, information contained in the register will be forwarded to the named personal data processor. Information will not be transferred outside the EU or EEA.
Data security principles:
Data will be stored in a technically secure location. Physical access to the data is prevented by means of access control and other security measures. Access to the data requires sufficient rights and multi-phase identification. Unauthorized access is also prevented by means of e.g. firewalls and other technical protection measures.
Data contained in the register can only be accessed by the File Controller and separately named technical persons. Only the named persons have the right to process and maintain information contained in the register. The users are bound by confidentiality obligation.
Back-ups are made of the data contained in the register in a secure manner and the data can be restored where needed. The level of information security is audited regularly through either external or internal audits.
The rights of the Registered Persons The right of the Registered Persons include:- The right to request from the File Controller access to his or her personal data and the right to request that any error in the said data be corrected or removed or its processing be restricted, and to oppose to the processing or transferring of the said data from one system to another; - The right to view and, where required, to correct the personal data stored in the register; all requests must be submitted to the File Controller in writing.
The Registered Persons have the right to require that any incorrect personal data saved in the register be corrected. - To the extent that the processing of the personal data is based on the consent of the Registered Person, the Registered Person has the right to cancel this consent at any time without this cancellation having any effect on the legality of processing completed before the said cancellation.- The right to submit claims to the supervisory authority on the processing of personal data.