Privacy statement – the Finnish Fair Corporation’s access pass register
Prepared 23 May 2018. Latest change: no changes made.
Messukeskus, Finnish Fair Corporation
Messuaukio 1, 00520 Helsinki, Finland
Tel. +358 40 450 3250
Business ID: 01163223
2. Contact person responsible for the file
Messukeskus customer service
Messuaukio 1, 00520 Helsinki, Finland
Tel. +358 40 450 3250
3. Name of the file
The Finnish Fair Corporation’s access pass register
4. Legal basis and purpose of processing personal data
The legal basis for processing personal data in accordance with the EU General Data Protection Regulation is the justified benefit of the controller and the exhibitor as provided by law, and the agreement between these two parties: the access pass register stores information about the access passes that are granted. The Finnish Fair Corporation and Messukeskus must be aware of who has been issued access passes to enable them to monitor circulation on their property. In addition, parties registered as exhibitors have a contractual entitlement to be able to build their stands and, as such, to obtain access passes for their personnel. The register is also maintained in order to guarantee security and to identify the people on the premises during construction hours, when the Finnish Fair Corporation’s premises are only open to personnel and people building an event.
The purpose of processing personal data is to authorise the people on the register to circulate on the Finnish Fair Corporation’s premises in Messukeskus on work business. A further purpose of the register is communication in relation to Messukeskus events, including conventional means of communication and electronic and text message communication.
5. Contents of the data file
The information stored in the file is: the person’s name, company/organisation, the role for which the access pass is used (e.g., builder, exhibitor, etc.) and contact details (phone number, email address, address).
6. Regular sources of data
The data saved in the file is obtained from the customer by means such as messages sent via online forms, email, phone, contracts and other situations in which the customer discloses data about its personnel during construction hours. In addition, we receive data from other people who require access passes, including exhibition clients, exhibitors, other third parties, the Finnish Fair Corporation’s programme producers and other Finnish Fair Corporation units.
7. Regular disclosure of data and transfer of data outside the EU or the EEA
We may transfer or disclose personal data to our partners if this is necessary for purposes corresponding to this privacy statement. Such partners include exhibition clients, partners, “lead collection systems” (devices that read contact details), and the electronic meeting and networking service that operates at events. In addition, data may be disclosed to marketing partners, such as the partner that provides the newsletter tool, or media agencies, IT providers or other partners of the Finnish Fair Corporation. Data may also be disclosed to exhibitors if the visitor has granted consent for this. In such circumstances, personal data is processed in accordance with applicable legislation.
We may also use third-party service providers, such as providers of payment services, debt collection services and analytic services, to conduct certain tasks involving processing personal data on our behalf.
We may also transfer or disclose personal data to other companies within our Group and to the successor business as a consequence of matters such as merger and acquisition transactions, the sale of the business, mergers, demergers, bankruptcy or receivership.
We will not otherwise sell or disclose your data to external parties. We will also not transfer data outside the EEA other than in circumstances permitted by data protection legislation. Personal data may also be transferred or disclosed to the authorities if the applicable law so demands.
8. Principles for securing the file
Due care is exercised when the file is processed, and data processed using IT systems is protected appropriately. When data from the file is stored on internet servers, the physical and digital information security of the hardware is arranged appropriately. The controller takes care to ensure that the saved data, server access rights and other information critical to the security of personal data is processed confidentially and only by the employees whose duties require it or their partners with whom a separate agreement has been made on the processing of the register.
9. Your rights as a data subject
Right of inspection
The Finnish Fair Corporation offers you the right to inspect the personal data that we process about you. You can contact us in writing and ask us to tell you which personal data we process about you and the grounds for processing the data. The Finnish Fair Corporation is entitled to verify the identity of the enquirer. If less than 12 months has elapsed since your previous information request, we may require a fee to be paid for the work involved in realising the request.
Right to demand correction of data
You are also entitled to correct or supplement data that is incorrect, inaccurate, incomplete, out of date or unnecessary.
Right to demand erasure of data
You may also ask us to erase your personal data from our system. We will take the action you request unless we have a justified reason to refrain from erasing the data, such as fulfilling our obligations under legislation. The data may not be immediately erased from all of our backup systems or corresponding systems.
Right of objection
You may also request restrictions on the processing of your personal data if the data is processed for purposes other than providing our services or fulfilling obligations arising under law. You may also object to your personal data being processed in the future, even if the processing is based on consent that you have previously granted. Objecting to the processing of personal data may result in more restricted opportunities to use our website and services.
Right to restrict data processing
You may ask us to restrict the processing of certain pieces of your personal data. Requests to restrict data processing may result in more restricted opportunities to use our website and services.
You may exercise your right by sending an email to firstname.lastname@example.org or by contacting us at the addresses specified above. Users who have registered for our services should primarily send their requests from the email address that is registered under the user data for the Service in question, and the response to the request will be sent to the same email address.
In addition to the foregoing rights and your other rights, legislation also guarantees you the right to submit a complaint to the supervisory authority, particularly in the Member State where you are permanently resident or working, or where the alleged contravention of the GDPR has taken place. The supervisory authority in Finland is the Data Protection Ombudsman.