1. DESCRIPTION OF FILE
Description
of file as referred to EU GDPR and local data protection law (EU 2016/679)
2. CONTROLLER
Semel
Oy
Business ID 0113821-2
Valimotie 21, 00380 Helsinki
Tel. +358 20 7429 400
3. NAME OF PERSONAL DATA FILE
Customer
database of Semel Reissu mobile application
4. PURPOSE OF PROCESSING
PERSONAL DATA
Processing
of personal data related to Semel Internet services by the consent of the data
subject or based on customer relationship.
5. PURPOSE OF USE OF THE
PERSONAL DATA FILE
The personal data of the Reissu service are processed to maintain, manage,
develop, analyse, and compile statistics of the customer relationships related
to the service, and to provide, offer, and develop the service, and to carry
out marketing campaigns, market surveys and marketing competitions for Semel
and its partners.
6. DATA CONTAINED IN THE
PERSONAL DATA FILE
The personal data file contains information within the scope of the following
categories:
-
Basic information on the data subject, such as name,
address, e-mail address and language
-
Information concerning the customer relationship,
registration and contractual relationship
-
Purchase history on mobile tickets
-
User IDs and other identification information
-
Authorization information and prohibitions, such as
direct marketing consents and prohibitions
-
Customer feedback information and possible recordings
7. REGULAR SOURCES OF PERSONAL DATA
Personal
data is collected in connection with registration, when a service is used by
permission, or otherwise directly from the data subject. Personal details can
additionally be gathered and updated from the Population Register, the
prohibition registers maintained by the Finnish Direct Marketing Association,
and similar registers.
8. DISCLOSURE OF INFORMATION
Semel
may disclose customer details within the limits allowed and required by the
legislation in force.
Due to the technical way the processing of the data is implemented, some of the
information may be located in cloud service systems of
subcontractors to Semel. The data is only accessible by Semel, in aid of a
technical interface. Semel may also use subcontractors for the processing of
data.
The data will not be transferred outside the European Union or the
European Economic Area, unless the implementation of the service so requires. Even
in such a case, Semel will guarantee an adequate level of information security,
as required by legislation.
Semel
has the right to publish the e-mail address details of the data subjects by their consent either in a written
or electronic catalogue. The information can also be used in a national or
international directory service.
9. PROTECTION OF DATA FILE
As
a rule, right of access to the data file requires a user ID granted by the
administrator of the customer database. The administrator in such a case also
defines the level of access rights granted to the users. A personal password is
required for logging on to the application. The use of the data files as well
as the logins are controlled.
The data is collected to the shared databases of the service. These databases
are protected by firewalls, passwords, and other technical means. The databases
are located on locked and guarded premises. Only predefined persons have access
to the information.
Everyone on Semel premises is required to have an ID card visible and entry is
forbidden without an appropriate access control card.
10. RIGHT OF INSPECTION
In
accordance with EU GDPR, the users have the right to check what information has
been stored on them in the personal data file. You also have the right to
request that inaccurate or incomplete personal data be corrected. The customer
can check this free of charge once a year. The request for checking the data
must be submitted in a personally signed document or a similarly certified
document. You may also request that your personal data be erased.
The request must be sent in writing and signed to the address:
Semel Oy
GDPR
P.O. Box 1000
FIN-00380 Helsinki
The inspection request can also be presented at the address Valimotie
21, Helsinki.
11. OTHER RIGHTS CONSERNING
HANDLING OF PERSONAL INFORMATION
Subject has right to deny action of direct marketing or other contacts when his
data profile has been requested to be removed.