Privacy Statement
(Personal Data Act, 523/1999, Section 10)
DATA CONTROLLER
Eerikkilän Urheiluopisto – Eerikkilä Sport & Outdoor Resort / Palloilu Säätiö sr and Eerikkilän Palvelut Oy
Eerikkilän Urheiluopisto – Eerikkilä Sport & Outdoor Resort
Urheiluopistontie 138
FI-31370 Eerikkilä, Finland
Tel. +358 201 108 200
CONTACT PERSON FOR MATTERS CONCERNING THE REGISTER
Mikko Järvinen
Eerikkilän Urheiluopisto – Eerikkilä Sport & Outdoor Resort
Urheiluopistontie 138
FI-31370 Eerikkilä, Finland
tietosuoja@eerikkila.fi
NAME OF THE REGISTER
Eerikkilä website Privacy Statement
PURPOSE OF PROCESSING PERSONAL DATA
Personal data of users may be used for the following purposes:
– performing services
– managing and developing customer relationships
– developing customer service and the operations of the service provider
– analysis and statistics
– customer communications
DATA CONTENT OF THE REGISTER
The register may include the following data:
– name and contact information
– company or association contact details
– date of birth and gender
– allergies
– education, hobbies and work history information.
REGULAR SOURCES OF DATA
As a rule, data concerning users is obtained:
– from the users themselves or from a guardian or legal representative.
USER TRACKING
We use Leadoo’s tracking service to follow what users are doing on the site and combine this behavioral data with other data we can gather from e.g. chat interactions. Leadoo uses etag tracking in order to hook together the same users behavior over several sessions – in practice this works similarly to cookie based tracking. Please check out Leadoo Marketing Technologies Ltd’s Privacy Policy (https://leadoo.com/privacy-policy/) for more information on what is tracked and what your rights are. Leadoo works as the Processor and we work as the Controller for the data in terms of GDPR. You can stop the tracking by emptying your browser’s cache after the visit. For more on how Leadoo works as a GDPR compliant processor, see https://leadoo.com/privacy-policy-processor/
REGULAR DATA DISCLOSURES
As a general rule, no data will be disclosed to third parties.
However, the data controller may disclose data to third parties if the user has given their written consent to such disclosure. In addition, the data controller may disclose data as required by claims from competent authorities or other parties, in accordance with the applicable law and for the purposes of historical or scientific research, provided that the data is anonymised in such a way that the data subject cannot be identified.
DATA TRANSFERS OUTSIDE THE EU/EEA
No data is transferred outside the EU or the EEA.
DATA RETENTION PERIOD
The data controller retains data no longer than necessary for the purpose of the register.
PRINCIPLES OF REGISTER PROTECTION
Manual paper-based register: No manual register.
Data stored in information systems: Only those employees who need access to user data in order to perform their duties are entitled to use the system containing user data. Each user has their own username and password combination to enter the system. Access control is used to control activity at the facility. Data is collected to databases that are protected by firewalls, passwords and other technical means. The databases together with their backups are stored in locked and guarded facilities. Only certain predetermined persons are entitled to access the data.
The databases in which data is stored are protected against unauthorised access from the outside with technical and physical measures. Access to data and databases is restricted to those persons who need to access the data in order to perform their duties.
RIGHT OF ACCESS, RIGHT TO RECTIFICATION AND RIGHT TO ERASURE
Data subjects are entitled to unsubscribe from the newsletter at any time. Data subjects have the right of access to personal data that has been collected concerning them, the right to request the rectification of inaccurate data and the right to request the erasure of their data. If you wish to exercise any of these above-mentioned rights, please send a written and signed request to the person responsible for the register.
CHANGING THE PRIVACY STATEMENT
The data controller reserves the right to amend and update the Privacy Statement. The data subject is informed of these changes whenever required by legislation.