Privacy statement – the Finnish Fair Corporation’s register of corporate customers

Prepared May 21st, 2018. Latest change: May 13th, 2020.

1. Controller

Messukeskus, Finnish Fair Corporation
Messuaukio 1, 00520 Helsinki, Finland
Tel. +358 40 450 3250
Business ID: 01163223

2. Contact person responsible for the file

Messukeskus customer service
Messuaukio 1, 00520 Helsinki, Finland
Tel. +358 40 450 3250
customer.service@messukeskus.com

3. Name of the register

The Finnish Fair Corporation’s register of corporate customers

4. Legal basis and purpose of processing personal data

The legal basis for processing personal data in accordance with the EU General Data Protection Regulation is the controller’s legitimate interest (e.g., customer relationship, employment relationship, membership).

The purpose of processing personal data is to maintain contact with customers, maintain customer relationships, conduct marketing and profile customer data for sales and statistical purposes, as well as combining data to collect and generate data that is essential for the business.

5. Contents of the register

The data saved in the file includes: the person’s name, position, company/organisation, contact details (phone number, email address, address), customer number, website addresses, IP address of the internet connection, IDs/profiles on social media services, location data, behaviour data, profiling data, information about services ordered and changes therein, invoicing information, information about visits to Messukeskus, registration codes, discount codes, other profiling information provided by the customer or information on the customer’s behaviour and other information related to the customer relationship and services ordered. In addition, the following may be saved in the data file: emails, chat discussions, phone conversations and other interaction with the representatives of Messukeskus.

6. Regular sources of data

The data saved in the file is obtained when a potential customer relationship arises, an actual customer relationship is created and during the customer relationship based on notifications submitted by the customer to the controller. Contact details and customer data may also be collected through marketing communications measures. The data saved in the file is obtained from the customer, for example, from messages sent through online forms, by email, by phone, through social media services, contracts, customer meetings, complaints and other situations in which the customer discloses its data. In addition, the following information may accumulate in the data file: information on the visitor services of Messukeskus used by the contact person, such as online ticket sales, electronic registration system and entry gates. Furthermore, information on communication with the data subject, whether by phone, chat service, email or face-to-face, accumulates in the data file.

Marketing communications means the content of websites and their use (for example, webpage visits, clicks and other actions taken by the data subject on the websites), information provided by the data subject through online forms, the data subject’s reactions to newsletters (such as opening of newsletters, clicks, entering websites, reading time). In addition, marketing communications means social media channels, such as Facebook, Instagram, LinkedIn, Twitter and other social media channels. Through these channels, we can obtain, for example, information on the data subject’s profile, the various segments to which the social media platform has categorised the data subject and information on the data subject’s reactions to the controller’s activities in social media channels.
Direct marketing restrictions are saved on the basis of a separate notification submitted by the customer.

Customer data may also be obtained from parties that disclose it for the controller’s use as part of an agreement. Such parties include event clients. In such cases, the party disclosing the data is responsible for ensuring that the disclosed file is accurate, up-to-date and compliant with the GDPR requirements.

7. Regular disclosure of data and transfer of data outside the EU or the EEA

We may transfer or disclose personal data to our partners if this is necessary for purposes corresponding to this privacy statement. Such partners may include marketing partners, IT partners and others. In such circumstances, personal data is processed in accordance with applicable legislation. In addition, information may be disclosed other companies if the controller and company or entity work together as the organisers of an event, exhibition or other business activities.

We may also use third-party service providers, such as providers of payment services, debt collection services and analytics services, to conduct certain tasks involving processing of personal data on our behalf.

We may also transfer or disclose personal data to other companies within our Group and to the successor business as a consequence of matters such as merger and acquisition transactions, the sale of the business, mergers, demergers, bankruptcy or receivership.

We will not otherwise sell or disclose your data to external parties. We will also not transfer data outside the EEA other than in circumstances permitted by data protection legislation. Personal data may also be transferred or disclosed to the authorities if the applicable law so demands.
Data may be published insofar as this has been agreed with the data subject.

8. Principles for securing the file

Due care is exercised when the file is processed, and data processed using IT systems is protected appropriately. When data from the file is stored on internet servers, the physical and digital information security of the hardware is arranged appropriately. The controller takes care to ensure that the saved data, server access rights and other information critical to the security of personal data is processed confidentially and only by the employees whose duties require it.

9. Your rights as a data subject

Right of inspection

The Finnish Fair Corporation offers you the right to inspect the personal data that we process about you. You can contact us in writing and ask us to tell you which personal data we process about you and the grounds for processing the data. The Finnish Fair Corporation is entitled to verify the identity of the enquirer. If less than 12 months has elapsed since your previous information request, we may require a fee to be paid for the work involved in realising the request.

Right to demand correction of data

You are also entitled to correct or supplement data that is incorrect, inaccurate, incomplete, out of date or unnecessary.

Right to demand erasure of data

You may also ask us to erase your personal data from our system. We will take the action you request unless we have a justified reason to refrain from erasing the data, such as fulfilling our obligations under legislation. The data may not be immediately erased from all of our backup systems or corresponding systems.

Right of objection

You may also request restrictions on the processing of your personal data if the data is processed for purposes other than providing our services or fulfilling obligations arising under law. You may also object to your personal data being processed in the future, even if the processing is based on consent that you have previously granted. Objecting to the processing of personal data may result in more restricted opportunities to use our website and services.

Right to restrict data processing

You may ask us to restrict the processing of certain pieces of your personal data. Requests to restrict data processing may result in more restricted opportunities to use our website and services.

Right to transfer data from one system to another

You are entitled to obtain your personal data from us in a structured and widely used format so you can transfer the data to a different controller.

You may exercise your right by sending an email to customer.service@messukeskus.com or by contacting us at the addresses specified above. Users who have registered for our services should primarily send their requests from the email address that is registered under the user data for the Service in question, and the response to the request will be sent to the same email address.

In addition to the foregoing rights and your other rights, legislation also guarantees you the right to submit a complaint to the supervisory authority, particularly in the Member State where you are permanently resident or working, or where the alleged contravention of the GDPR has taken place. The supervisory authority in Finland is the Data Protection Ombudsman.