This is Zodiak Presents ry’s privacy notice as specified in the EU’s General Data Protection Regulation (GDPR). Zodiak Presents maintains a customer register for purposes such as ticket sales and course participant registration, and a separate interest group register. The registers have separate privacy notices. Created: 22 May 2018
Zodiak Presents ry, business ID 0887147-6
Tallberginkatu 1 A/154
00180 Helsinki
Piia Ahonen, piia.ahonen@zodiak.fi, +358 44 971 6344
Zodiak’s customer register
The legal basis for the processing of personal information as specified in the EU’s General Data Protection Regulation is the controller’s legitimate interest (customer relationship). Processing of personal information may also be based on customer’s consent or customer’s assignment given to Zodiak. The information is not used for automatic profiling.
Personal information is processed for the following purposes:
Production, development and monitoring of Zodiak’s services and the provision of customer services.
Maintenance and development of customer relationship; service personalisation.
Customer relationship communications and marketing; management of contact history.
Handling of and responding to customer feedback.
Processing of and responding to requests for refund or reimbursement; making of payments.
Analysis and classification of customer base in order to implement targeted communications.
Monitoring of electronic service channels (such as online and mobile services) for the development of statistics services, for marketing purposes and for customer convenience.
The customer register is accessible by Zodiak’s personnel, and is maintained using a contact management application provided by Gruppo Software Oy (business ID 2190176-4). Zodiak is the controller and Gruppo Software Oy is the party in charge of processing of personal information. The controller also uses contractual means to ensure that the partner that processes personal information on the controller’s behalf is committed to protect the personal information when accessed by the partner’s employees.
Register data stored by Zodiak is stored in systems and servers maintained by Zodiak. Each user of the register has a personal user account and a password, which can be used to track and identify every login.
The processing of customer information related to Zodiak’s ticket sales is outsourced to Tif Oy (business ID MISSING). For personal information related to ticket sales, Tix Oy is the controller and the party in charge of processing of personal information. Tix Oy’s privacy policy is available online at:
/LINK MISSING/
The following basic information of each customer is stored in the register:
Name
Date of birth
Customer ID(s)
Language
Address
Telephone number(s)
E-mail address
In case the data subject represents an organisation: Information concerning the data subject’s employer and the data subject’s position or role in the organisation.
Service, purchase, payment and transaction information.
Access information from various customer channels, such as Internet and mobile services, including log data, transaction details and cookies used to link website page impressions.
Information provided by the customer to facilitate service personalisation and transactions.
Information used to analyse and classify customer records.
Direct marketing permissions and prohibitions (see item 11).
Information related to direct marketing and customer communications.
Customer information received from external data sources (such as customer’s address in the population register centre).
Data related to information processing, such as log entries.
Information related to handling of and responding to customer feedback.
Term of retention of personal data is not defined separately.
Customer information is primarily collected directly from the customers in connection with ordering and registration, the purchase and the use of services, in customer service transactions and otherwise. Customer information is also produced in the theatre’s information systems in connection with the use of the services. Information is also retrieved from the population register centre and similar external data sources.
Data contained by the register may be disclosed to third parties as permitted and required by the current law on personal information.
For ticket sales data, register controller is Tix Oy, while Zodiak is a user of the register. As Zodiak tenders the ticket services from time to time, the register controller in charge of ticket sales data may change. In this case the register will be transferred to the new controller.
As a regular part of ticket transactions, the controller provides personal information of customers regularly to those event organisers the events of which the data subject has purchased tickets, gift certificates or other products that constitute grounds for customer relationship between the data subject and the event organiser. Event organisers may process personal information for purposes that are not incompatible with the purposes specified above, such as marketing. The controller may also disclose personal information to carefully selected partners for marketing purposes that support the purpose of the register. Customer information may also be disclosed to authorities when required by law. The controller may transfer personal information to the controller’s own direct marketing registers after the customer relationship or other factual relationship has ended unless prohibited by the data subject.
Personal information may be transferred outside the EU or the EEA for the purpose of provision of services. In the event of information being transferred outside the EU or the EEA, Zodiak will ensure a level of data protection required by data protection legislation (requirements concerning the confidentiality and the processing of personal information) by contractual means, such as using template contract clauses provided by the European Commission, and through other means.
Zodiak uses Campaign Monitor, a service based in Australia, for sending of newsletters and for automatic marketing purposes. Campaign Monitor’s offices are located in Sydney, London and San Francisco. Campaign Monitor accesses the data in the personal data register maintained by Zodiak as a processor.
The register contains no manual records.
Personal information is protected using appropriate measures. The controller collects the data into databases protected using firewalls, passwords and other technical means. Databases and database backups are stored in locked and guarded facilities and are accessible only by known, pre-appointed personnel.
Access to Zodiak’s and other ticket agents’ registers requires a user account granted by the controller of the customer database. The controller also defines access levels granted for each user account. The controller has also used contractual means to ensure that the partner that processes personal information on controller’s behalf is committed to protect the personal information when accessed by the partner’s employees.
Register data stored by Zodiak is stored in systems and on servers maintained by Zodiak. Each user of the register has a personal user account and password, which can be used to track and identify each login
Each data subject in the register has the right to review the data on them stored in the register and the right to request correction of any data on them stored in the register.
Free-form access and correction requests can be sent by e-mail to register administrator: piia.ahonen@zodiak.fi, +358 44 971 6344.
The data subject has the right to prohibit the processing of their personal information for direct advertising, remote sales and other direct marketing purposes, and for market studies, opinion polls, public registers or genealogies.