Registration and privacy statement
Lahti Symphony Orchestra / Newsletter
Personal Data Act (523/1999), Section 10
EU Data Protection Regulation 2016/679 (General Data Protection Regulation GDPR)
1. Controller
City of Lahti / Lahti Symphony Orchestra
Sibeliustalo, Ankkurikatu 7
15140 Lahti
2. Matters concerning the register
Lahti Symphony Orchestra / Marketing
Sibeliustalo, Ankkurikatu 7
15140 Lahti
sinfonialahti@lahti.fi
3. Register name
The Lahti Symphony Orchestra’s Newsletter Register (marketing and newsletter)
4. Purpose and significance of processing personal data
The legal basis for the processing of personal data under the EU General Data Protection Regulation is the individual’s own consent and/or the legitimate interest of the controller (customer relationship). The purpose of processing the data is to manage customer relationships, to ensure the rights and obligations of the customer and the controller, and to process personal data in accordance with the Personal Data Act for purposes related to online services, research, directing the controller’s advertising and/or direct marketing based on customer data via the controller’s media and services without disclosing personal data to a third party.
The customer has the right to prohibit the use of this data for direct marketing.
5. Data content of the register
The register may contain the following personal data:
- basic information about the customer: fore- and surname, e-mail address, telephone number
- other information necessary for the purpose of the register
- data is collected with the customer’s consent
- the retention period for the data is not specified.
6. Regular data sources
The register is compiled from the controller’s customer information system, publicly available internet sources and any other public sources. Normally address sources are specified if they are other than the first of these.
7. Regular disclosures and transfers of data outside the EU and the EEA
The Lahti Symphony Orchestra does not regularly disclose register information to third parties. In order to implement its services, information necessary for the provision of services is provided to the service provider (including the newsletter) in accordance with Finnish law.
8. Register security principles
The controller will not disclose customers’ personal data to third parties. Personal information will be kept confidential. Only those employees who are entitled to process customer data for the purposes of their work are entitled to use the system containing customer data. Each user has their own username and password for the system. The information is collected in databases that are protected by firewalls, passwords and other technical means. The databases and their backups are located in locked premises and can only be accessed by certain pre-designated individuals. Staff are bound by professional secrecy and confidentiality.
9. Right of inspection and right to demand correction of information
A person on the register has the right to check the data stored therein concerning himself or herself and the right to demand the correction or deletion of the data. Requests must be made in person or in writing to the contact person mentioned in paragraph 2.
10. Other rights concerning the processing of personal data
The customer has the right to have errors in the data concerning him corrected. A request for rectification must be made in writing to the controller mentioned in paragraph 2, either by e-mail or by post. The data subject has the opportunity and the right to leave the newsletter register at any time.
This information was last updated on 18 May 2018. The right is reserved to change the data protection policy described here and to update these terms accordingly.
City of Lahti Data Protection Clause
City of Lahti
tietosuoja@lahti.fi
Customer register data protection statement
Personal Data Act (523/1999), Section 10
EU Data Protection Regulation 2016/679 (General Data Protection Regulation GDPR)
1. Controller
City of Lahti / Lahti Symphony Orchestra
Sibeliustalo, Ankkurikatu 7
15140 Lahti
2. Matters concerning the register
Lahti Symphony Orchestra / Marketing
Sibeliustalo, Ankkurikatu 7
15140 Lahti
sinfonialahti@lahti.fi
3. Register name
The Lahti Symphony Orchestra’s customer register
4. Purpose and significance of processing personal data
The processing of personal data is based on the legitimate interests of the Lahti Symphony Orchestra, by agreement or other material connection. The purpose of the personal data is to manage, maintain, develop, analyze and compile statistics on the relationship between the Lahti Symphony Orchestra and its customers. In addition, the information can be used for direct marketing by the Lahti Symphony Orchestra and its partner organizations (including subscribing to newsletters), organizing marketing competitions, profiling, distance selling, opinion-gathering and market research. The information can also be used to plan and develop the business and services of the Lahti Symphony Orchestra.
5. Data content of the register
The register may contain the following personal data:
- basic information about the customer: customer number, fore- and surname, postal address, telephone number, e-mail address
- customer and order history (e.g. delivery tracking information, billing and collection information)
- Interests and profiling information (e.g. the Lahti Symphony Orchestra’s products and services that are of interest to the customer), segment information and other similar information
- Cookie and usage information
- Customer feedback and contact
- Consent or denial of permission for direct marketing; plus in addition:
The register may contain the following personal information about decision-makers and contact persons within companies and organizations:
- name, title, organization, postal address,e-mail address, telephone number
- customer history (e.g. contacts, orders, feedback, billing and collection information)
- Interests and profiling information
- usage data, such as information about the use of services such as browsing and search data, cookies
- customer feedback and contact
- denial of permission for direct marketing; plus in addition:
- other information necessary for the purpose of the register
6. Regular data sources
The data in the register is usually collected from information received from the customer in connection with the use of the services, online activity or other transactions, as well as from information received in connection with and while drawing up contracts.
Personal data may also be collected and updated from the population register, credit register and other similar public and private registers.
7. Cookies
In order for this site to work as well as possible, it periodically stores information called cookies on your device.
What are cookies?
Cookies are small text files that a website stores on your computer or mobile device when you visit a website. Session cookies are temporary cookies and remain in your browser until you close it. Persistent cookies remain for a longer time, or until you delete them manually.
What cookies are used on the website?
Internal cookies. These cookies ensure that the website works properly, for example when navigating menus and switching languages.
Google Analytics is Google’s analytics tool that helps website and application owners find out how visitors use their sites and apps. It may use cookies to collect information and report website usage information without identifying individual Google visitors. The most commonly used cookie in Google Analytics is the __ga cookie.
In addition to reporting site user data, Google Analytics can be used to select more relevant adverts on Google products (such as Google Search) and elsewhere on the web, and to measure interaction with adverts.
Blocking of cookies. The user can refuse the use of cookies by turning on blocking in the browser settings. It is worth noting, however, that in this case some functions of the website will be unavailable.
8. Regular disclosures and transfers of data outside the EU and the EEA
The Lahti Symphony Orchestra does not regularly disclose register information to third parties. Information may, however, occasionally be disclosed in accordance with Finnish law or for the implementation of a service with a partner (such as a postal service).
9. Register security principles and data retention period
Only those employees who are entitled to process customer data for the purposes of their work are entitled to use the system containing customer data. Each user has their own username and password for the system. The information is collected in databases that are protected by firewalls, passwords and other technical means. The databases and their backups are located in locked premises and can only be accessed by certain pre-designated individuals. Staff are bound by professional secrecy and confidentiality.
Personal data will be kept for as long as is necessary for the purpose for which it is used, taking into account the retention periods to be complied with by law, such as the Consumer Protection, Accounting and Advance Collection Act.
10. Right of inspection and right to demand correction of information
A person on the register has the right to check the data stored therein concerning himself or herself and the right to demand the correction or deletion of the data. Requests must be made in person or in writing to the contact person mentioned in paragraph 2.
11. Other rights concerning the processing of personal data
A person on the register has the right to prohibit the controller from processing personal data about him or her for the purposes of direct mail, opinion-gathering and market research. Such a prohibition may be conveyed at any time to the contact person mentioned in paragraph 2.
In accordance with the Data Protection Regulation (as of 25 May 2018), a person on the register has the right to object to or request a restriction on the processing of his or her data and to lodge a complaint about the processing of personal data with the supervisory authority.
This information was last updated on 18 May 2018. The right is reserved to change the data protection policy described here and to update these terms accordingly.