Privacy statement
Controller
The person responsible for register-related matters and/or contact person
Register name
Purposes for which your personal data is used
What kind of personal data do we collect about you?
Regular data sources
How we use cookies
To whom do we disclose your personal data?
Do we transfer your personal data outside the EU area?
For how long is your personal data stored?
How is your personal data protected?
Your rights as our customer
Can this privacy statement be changed
1. Controller
EFPSP Corporation Oy
Korotie 3, 90800 OULU
Business ID: 2994076-8
2. The person responsible for register-related matters and/or contact person
Fanni Rutanen
fanni.rutanen@liikuntakeskusfun.fi
3. Register name
Liikuntakeskus FUN’s customer data register based on the customer relationship and other relevant contact.
4. Purposes for which your personal data is used
- maintenance, analyses and development of customer, member and stakeholder relations
- provision and development of products and services
- delivery, processing and archiving of orders
- analysis and statistical purposes
- realisation and monitoring of customer, member and marketing communications
- processing, analysis and statistical work relating to customer feedback and customer surveys and research
- prevention and investigation of misuse and problem situations.
The following are used as the legal bases for the processing of personal data, in accordance with the EU GDPR:
- consent
- contract
- legal obligation
- legitimate interests
5. What kind of personal data do we collect about you?
The register may contain the following data and any related change data:
The customer’s basic information
- name details
- contact details (postal address, email addresses, telephone numbers)
- gender
- date of birth
- information concerning the profession or company position of the contact person for corporate customers
- the customer’s unique identifiers
- personal identity number
- customer number
- registration data concerning the controller’s services (e.g. user IDs and passwords for the online shop and background system service)
- identifiers used in the targeting of marketing
Data relating to the customer relationship and other relevant contact, as well as to the use of services and content, such as:
- data relating to purchases, such as data about services and products purchased, including the warranty periods of products, as well as necessary data relating to payments, invoicing and debt collection, such as credit card details
- data relating to the use of products
- workout visit information
- feedback and complaints
- details of event and training participants
- location data (if the customer has given their express permission for this)
- browser data and other data relating to the use of the controller’s electronic services and content, including technical data sent by the data subject’s browser to the controller’s server (IP address, browser), and cookies placed on the data subject’s browser and related data, if there is personal data associated with the cookies
- data relating to marketing and promotions, such as marketing measures aimed at the data subject, their utilisation, and information provided in relation to them, and direct marketing permission and bans
- recordings of customer services calls and email or webchat conversations relating to customer services, for example through social medial channels.
6. Regular data sources
- Data relating to the customer is collected from the customer themselves when the contract is signed, in the online service’s own information sections, when using products and services, in connection with provision of customer services, and when the customer partakes in product and service development, research or surveys.
- Personal data may also be collected and updated from the registers maintained by the controller and any companies forming part of the same group at the given time, as well as from authorities and companies providing personal data related services, such as the Finnish Population Information System and other similar registers.
7. How we use cookies
- We use cookies and other similar technology, such as local storage in your browser, to provide and develop our services. We also use cookies to tailor content and target advertising. By using cookies we can, for example, provide more up-to-date and personalised services by displaying content based on the user’s interest. They also help with functions such as logging in and authentication, saving personal settings and specifications, and analysing activity on our websites. When using our online services, cookies are used to gather data such as the following: your IP address, the links you have clicked on, the adverts or other content you have seen, what page you came from and how you visited our website, the time and date of your visit, the browser or app you used, and other similar information.
- You can adjust the use of cookies using your browser’s cookie management controls, for example. Further information on cookies is available in the data protection or instruction documentation for each browser. Certain service features are determined based on cookies, so preventing and deleting cookies (browser and other choices) may have a negative impact on the functionality and usability of the online or mobile app service in question.
8. To whom do we disclose your personal data?
Personal data may only be disclosed within the limits permitted and required by legislation valid at the time in question, as well as in the manner required by the competent authorities. The controller may share your personal data with carefully selected third parties for joint or independent direct marketing purposes. Data may only be shared for the purposes in question provided the third party’s intended purpose of use is not contradictory to the purpose of use defined in this controller privacy statement.
The controller may share personal data of participants in its events at its discretion with participants in the event, if appropriate given the nature of the event.
The controller may transfer data to its own direct marketing register after the termination of the relevant connection, within the limits imposed by legislation.
The controller may share your personal data with third parties providing the controller with services. These services may be customer services, software services, research activities, marketing, and events production. The controller may share your personal data to charge fees for products and services, and it may, for example, transfer or sell unpaid invoices to third parties offering debt recovery services.
Protection of your personal data is important to us, which is why we do not permit the parties in question to use your data for any purposes other than provision of the services in question, furthermore, the party is also required to protect the user’s personal data in accordance with this privacy statement and applicable legislation.
Personal data is not generally disclosed for any other purposes than those mentioned above. However, the controller is entitled to transfer personal data in situations related to business sales, for example, in the manners permitted by legislation. Furthermore, the controller may transfer data for statistical and analysis purposes, for example, in such a way that the data disclosed cannot be linked to an individual person.
9. Do we transfer your personal data outside the EU area?
The controller may, when providing services, use resources and servers based elsewhere in the world. The controller may, therefore, transfer your personal data to be used for the services abroad, and potentially also outside the EU area, where data protection legislation is different.
In such instances, the controller will ensure that there is a legal basis for the transfer of the data and that the user’s personal data is protected, for example by using (where necessary) standard contracts approved by the relevant authorities and by requiring that appropriate technical and other data protection measures are adhered to.
10. For how long is your personal data stored?
We will store your data for at least the duration of the customer relationship. The storage period after the end of the customer relationship depends on the data and its purpose of use. For example, your identification data will be stored for five years after the end of the customer relationship, and the data of potential customers will generally be stored for six months from collection of the data. We adhere to statutory obligations in the storage of data.
We aim to keep the personal data we hold correct and up to date by removing unnecessary data and updating outdated data. However, we encourage you to check from time to time that your data is up to date.
11. How is your personal data protected?
We take particular care in protecting your personal data by using appropriate data protection and data security measures. These measures include pre-emptive and reactive risk management; use of firewalls, encryption technology, safe equipment rooms, access monitoring and security systems; security planning; granting and monitoring of managed access rights; ensuring the requisite knowledge amongst staff engaging in processing of personal data through training and evaluations; and careful selection of subcontractors. We continually update our internal practices and instructions appropriately.
12. Your rights as our customer
We are committed to data processing in accordance with the EU’s GDPR, and we provide our users with the following choices and management opportunities in terms of data protection:
Direct marketing prohibition
Users have the right to prohibit the disclosure and processing of their data for direct advertising, distance sales and other direct marketing purposes, and can do so by contacting our customer services.
Examination of data
The user has the right to examine the personal data stored concerning them. At the user’s request, we will rectify, delete or supplement personal data that is incorrect, unnecessary, incomplete or outdated for the purpose of processing. The user may update and/or examine their personal data by contacting our customer services.
Prevention of cookies
The user may prevent cookies being used by adjusting the settings in their browser accordingly. Preventing the use of cookies may impact upon the functionality of our services.
Clearing of cookies
The user may clear cookies via their browser settings. By clearing cookies at regular intervals, the user changes the identification tag with which the profile of the user is built. However, clearing of cookies will not completely stop the collection of data, and will instead create a new profile separate from previous behavioural data.
Consent for the use of location data
The user may give their consent for the use of location data in the device and application settings. The user may also use the settings to cancel any permission given at any time.
13. Can this privacy statement be changed
We are constantly developing our services, and we retain the right to change this privacy statement by providing notice in the services of the changes. The changes may also be based on changes to legislation. We recommend that you check the content of the privacy statement on a regular basis.