You are here

Privacy policy

This is Zodiak Presents ry’s privacy notice as specified in the EU’s General Data Protection Regulation (GDPR). Zodiak Presents maintains a customer register for purposes such as ticket sales and course participant registration, and a separate interest group register. The registers have separate privacy notices.

Created: 22 May 2018

Customer register

1. Controller

Zodiak Presents ry, business ID 0887147-6
zodiak@zodiak.fi, +358 41 319 8722
Tallberginkatu 1 B/154
00180 Helsinki

2. Register contact person

Piia Ahonen, piia.ahonen@zodiak.fi, +358 44 971 6344

3. Name of register

Zodiak’s customer register

4. Purpose of processing of personal information

The legal basis for the processing of personal information as specified in the EU’s General Data Protection Regulation is the controller’s legitimate interest (customer relationship). Processing of personal information may also be based on customer’s consent or customer’s assignment given to Zodiak. The information is not used for automatic profiling.

Personal information is processed for the following purposes:

  • Production, development and monitoring of Zodiak’s services and the provision of customer services.
  • Maintenance and development of customer relationship; service personalisation.
  • Customer relationship communications and marketing; management of contact history.
  • Handling of and responding to customer feedback.
  • Processing of and responding to requests for refund or reimbursement; making of payments.
  • Analysis and classification of customer base in order to implement targeted communications.
  • Monitoring of electronic service channels (such as online and mobile services) for the development of statistics services, for marketing purposes and for customer convenience.

The customer register is accessible by Zodiak’s personnel, and is maintained using a contact management application provided by Gruppo Software Oy (business ID 2190176-4). Zodiak is the controller and Gruppo Software Oy is the party in charge of processing of personal information. The controller also uses contractual means to ensure that the partner that processes personal information on the controller’s behalf is committed to protect the personal information when accessed by the partner’s employees.

Register data stored by Zodiak is stored in systems and servers maintained by Zodiak. Each user of the register has a personal user account and a password, which can be used to track and identify every login.

The processing of customer information related to Zodiak’s ticket sales is outsourced to Tiketti Oy (business ID 0116189-3). For personal information related to ticket sales, Tiketti Oy is the controller and the party in charge of processing of personal information. Tiketti Oy’s privacy policy is available online at: https://www.tiketti.fi/en/info/privacypolicy  

5. Register data content and term of retention

The following basic information of each customer is stored in the register:

  • Name
  • Date of birth
  • Customer ID(s)
  • Language
  • Address
  • Telephone number(s)
  • E-mail address
  • In case the data subject represents an organisation: Information concerning the data subject’s employer and the data subject’s position or role in the organisation.
  • Service, purchase, payment and transaction information.
  • Access information from various customer channels, such as Internet and mobile services, including log data, transaction details and cookies used to link website page impressions.
  • Information provided by the customer to facilitate service personalisation and transactions.
  • Information used to analyse and classify customer records.
  • Direct marketing permissions and prohibitions (see item 11).
  • Information related to direct marketing and customer communications.
  • Customer information received from external data sources (such as customer’s address in the population register centre).
  • Data related to information processing, such as log entries.
  • Information related to handling of and responding to customer feedback.

Term of retention of personal data is not defined separately.

6. Regular sources of data

Customer information is primarily collected directly from the customers in connection with ordering and registration, the purchase and the use of services, in customer service transactions and otherwise. Customer information is also produced in the theatre’s information systems in connection with the use of the services. Information is also retrieved from the population register centre and similar external data sources.

7. Regular disclosure of data

Data contained by the register may be disclosed to third parties as permitted and required by the current law on personal information.

For ticket sales data, register controller is Tiketti Oy, while Zodiak is a user of the register. As Zodiak tenders the ticket services from time to time, the register controller in charge of ticket sales data may change. In this case the register will be transferred to the new controller.

As a regular part of ticket transactions, the controller provides personal information of customers regularly to those event organisers the events of which the data subject has purchased tickets, gift certificates or other products that constitute grounds for customer relationship between the data subject and the event organiser. Event organisers may process personal information for purposes that are not incompatible with the purposes specified above, such as marketing. The controller may also disclose personal information to carefully selected partners for marketing purposes that support the purpose of the register. Customer information may also be disclosed to authorities when required by law. The controller may transfer personal information to the controller’s own direct marketing registers after the customer relationship or other factual relationship has ended unless prohibited by the data subject.

8. Transferring of data outside the EU or the EEA

Personal information may be transferred outside the EU or the EEA for the purpose of provision of services. In the event of information being transferred outside the EU or the EEA, Zodiak will ensure a level of data protection required by data protection legislation (requirements concerning the confidentiality and the processing of personal information) by contractual means, such as using template contract clauses provided by the European Commission, and through other means.

Zodiak uses Campaign Monitor, a service based in Australia, for sending of newsletters and for automatic marketing purposes. Campaign Monitor’s offices are located in Sydney, London and San Francisco. Campaign Monitor accesses the data in the personal data register maintained by Zodiak as a processor.

9. Principles of protecting the register

The register contains no manual records.

Personal information is protected using appropriate measures. The controller collects the data into databases protected using firewalls, passwords and other technical means. Databases and database backups are stored in locked and guarded facilities and are accessible only by known, pre-appointed personnel.

Access to Zodiak’s and other ticket agents’ registers requires a user account granted by the controller of the customer database. The controller also defines access levels granted for each user account. The controller has also used contractual means to ensure that the partner that processes personal information on controller’s behalf is committed to protect the personal information when accessed by the partner’s employees.

Register data stored by Zodiak is stored in systems and on servers maintained by Zodiak. Each user of the register has a personal user account and password, which can be used to track and identify each login

10. Right to review data and request corrections

Each data subject in the register has the right to review the data on them stored in the register and the right to request correction of any data on them stored in the register.

Free-form access and correction requests can be sent by e-mail to register administrator: piia.ahonen@zodiak.fi, +358 44 971 6344.

11. Other rights related to processing of personal information

The data subject has the right to prohibit the processing of their personal information for direct advertising, remote sales and other direct marketing purposes, and for market studies, opinion polls, public registers or genealogies.

 

Interest group register

1. Controller

Zodiak Presents ry, business ID 0887147-6
zodiak@zodiak.fi, +358 41 319 8722
Tallberginkatu 1 B/154
00180 Helsinki

2. Register contact person

Piia Ahonen, piia.ahonen@zodiak.fi, +358 44 971 6344

3. Name of register

Zodiak’s interest group register

4. Purpose of processing of personal information

The legal basis for the processing of personal information as specified in the EU’s General Data Protection Regulation is the controller’s legitimate interest. Processing of personal information may also be based on customer’s consent or customer’s assignment given to Zodiak.

Personal information is processed for the following purposes:

  • Maintenance of Zodiak’s customer and interest group relations.
  • Multi-channel contacting based on register data.
  • Communications and event management.
  • Online direct marketing and selling of Zodiak’s services.
  • Prospecting of potential donors.

The interest group register is accessible to Zodiak’s personnel, and is maintained using a contact management application provided by Gruppo Software Oy (business ID 2190176-4). Zodiak is the controller and Gruppo Software Oy is the party in charge of processing of personal information. The controller has also used contractual means to ensure that the partner that processes personal information on the controller’s behalf is committed to protect the personal information when accessed by the partner’s employees.

Register data stored by Zodiak is stored in systems and servers maintained by Zodiak. Each user of the register has a personal user account and a password, which can be used to track and identify every login.

5. Register data content and term of retention

The system is used to store data of:

  • Potential private and organisation customers.
  • Of organisations: information on customer and interest group organisations and the contact persons within the organisations.
  • Of private individuals: name and contact information. The information on organisations and their representatives may include additional data concerning potential for collaboration projects with Zodiak.
  • Information on actions that have targeted the data subject (such as marketing, communications, invitations, negotiations and other contacts).

Term of retention of personal data is not defined separately.

6. Regular sources of data

Information is collected in connection with activities where Zodiak is involved, including events in the Zodiak theatre. Information is also collected from business partners and individuals interested in Zodiak’s communications. Information on individual persons is also created in Zodiak’s information systems when online services are accessed. Information on interest groups may also be collected from publicly available registers.

The information is supplemented and maintained based on customer contacts.

7. Regular disclosure of data

Data contained by the register may be disclosed to third parties as permitted and required by the current law on personal information. Customer information may also be disclosed to the authorities when required by law. The controller of the register may transfer personal information to the controller’s own direct marketing registers after the end of customer relationship or other factual relationship unless prohibited by the data subject.

8. Transferring of data outside the EU or the EEA

Personal information may be transferred outside the EU or the EEA for the purpose of provision of services. In the event of information being transferred outside the EU or the EEA, Zodiak will ensure a level of data protection required by data protection legislation (requirements concerning the confidentiality and the processing of personal information) by contractual means, such as using template contract clauses provided by the European Commission, and through other means.

Zodiak uses Campaign Monitor, a service based in Australia, for sending of newsletters and for automatic marketing purposes. Campaign Monitor’s offices are located in Sydney, London and San Francisco. Campaign Monitor accesses the data in the personal data register maintained by Zodiak as a processor.

9. Principles of protecting the register

The register contains no manual records.

Personal information is protected as appropriate. Register data stored by Zodiak is stored in systems maintained by Zodiak on servers protected with firewalls, passwords and other technical means. Each user of the register has a personal user account and a password, which can be used to track and identify every login. Databases and database backups are stored in locked and guarded facilities and are accessible only by known, pre-appointed personnel.

10. Right to review data and request corrections

Each data subject in the register has the right to review the data on them stored in the register and the right to request correction of any data on them stored in the register.

Free-form access and correction requests can be sent by e-mail to register administrator:
piia.ahonen@zodiak.fi, +358 44 971 6344.

11. Other rights related to processing of personal information

The data subject has the right to prohibit the processing of their personal information for direct advertising, remote sales and other direct marketing, and for market studies, opinion polls, public registers or genealogies.