Data protection and cookies

When using our website or doing personal business with us, we may ask for your personal information and store it in our register. We process this information as required, for example, for targeted marketing, customer identification or to provide you with services, goods and communications. You may be asked to provide information including your name, phone number, mailing address, email address, date of birth, personal identity code, bank account number and credit card number.

Unless required to do so by law, we will not disclose your personal data to any third parties without your consent for any purpose other than those mentioned above. Separate terms and conditions of use and privacy practices may apply to specific services.

When booking tickets or faciltiies, you provide us with personal data that we save for the purpose of, among others, offering you the best service possible. Additionally, we retain data concerning your purchase history and the services you have utilised. Your information can be retained and used for the following purposes: accounting; invoicing; auditing; authentication of credit or other payment cards and screening to prevent fraud; security, administrative and legal purposes; statistics and marketing analyses; customer surveys and customer relations; consumer and marketing research.

We can also use the information to support your future dealings with us, for example, by recognising your preferences in advance. For this purpose, we may also turn to Ticketmaster Finland, Lippupiste, Salesforce CRM software or an external data processing or screening service company.

These businesses can store your personal data in accordance with the relevant legislation. The dissemination of information may mean that information is shared between different countries within the European Economic Area.

We do not use your personal information for direct marketing purposes without your consent.

Upon your consent, we will send you information about our services, prices, offers and other Verkatehdas news. In order to ensure that the information we share will be of interest to you, we may review your purchase history. In order to gain a better picture of the topics that interest you, we can also combine the information you provide with the data we have gathered through the use of cookies regarding your use of our website or mobile services.

You can consent to direct marketing on our website by subscribing to our newsletter or requesting an offer. We will also ask for your direct marketing consent when you participate in competitions or campaigns run by Verkatehdas or when you order tickets from the Ticketmaster Finland or Lippupiste systems.

We do not disclose your information for any direct marketing purposes outside of Verkatehdas. If, however, for some exceptional reason, we would like to allow a third party to send you direct marketing messages, we will ask for your consent prior to disclosing your information.

Generally, we send our direct marketing communications to you by email if you have provided us with an email address. In some cases, we may approach you also by phone, text message or mail.

If you no longer wish to receive our direct marketing messages, you can easily cancel your subscription at any time. Cancellation instructions can be found at the end of every direct marketing message we send you. Even if you have cancelled your subscription to our direct marketing communications, you will still receive confirmation and service messages concerning any bookings you make.

We can collect, process and analyse data concerning website-related use, traffic and events as well as other statistical data related to our website. We can also acquire such data from trusted third parties. Such data cannot be restored so as to identify any individual person.

Our area is monitored by CCTV. The purpose of the camera surveillance is to prevent any vandalism to persons or property. The recordings are viewed afterwards only to investigate the aforementioned matters and, primarily, upon the request of the authorities. Only our permanent security personnel have the right to view recordings.

The recordings are stored in a computer that is on a closed network and kept in a secured room that can only be accessed by identification, and this access can be traced afterwards. The recordings are stored in the computer’s memory for 2–4 weeks, after which they are automatically deleted.

We respect your privacy and are committed to ensuring the appropriate processing of your personal data. We have done our best to safeguard the confidentiality, security and accuracy of your data. Your personal data is processed in accordance with personal data legislation and the regulations of the authorities.

You do, however, have the right to demand the removal of your personal data from our registers and we will honour this demand unless otherwise prevented from doing so by other legislation. Furthermore, you have the right to know what data concerning you we have stored in our registers.
Any requests for such information must be submitted in writing and sent by email to arto.helkio@verkatehdas.fi or by mail to Verkatehdas Oy, Paasikiventie 2, FI-13200 Hämeenlinna.

Verkatehdas Oy
Arto Helkio, CFO/Data Protection Officer
Paasikiventie 2, FI-13200 Hämeenlinna
arto.helkio@verkatehdas.fi
+358 40 868 2156

Our Data Protection Officer will respond to written inquiries concerning our personal data registers as quickly as possible but no later than one month from the date of inquiry.

Customer and marketing register of Verkatehdas Oy.

The data is collected for the purposes of managing the customer relationship, handling the rights and obligations based on agreements, communications and direct marketing about Verkatehdas matters, and customer research, such as consumer and marketing studies. Verkatehdas processes personal data for its own purposes and does not disclose it to third parties, with the exception of its own subcontracted parties.

Subcontracted parties only use personal data for purposes related to their co-operation with Verkatehdas. Subcontracted parties are bound by the provisions of the General Data Protection Regulation.

The legal justifications for the processing of personal data are as follows:

• The data subject has given consent regarding the processing of their personal data.
• The processing is necessary for the performance of an agreement.
• The processing is necessary to realise the legitimate interests of the data controller.

The Register can contain the following information about customers:

• Name
• Address
• Telephone number
• Email address
• Personal identity code
• Bank account
• Employer

The register is compiled from the customer data system of Verkatehdas (Salesforce CRM software, Netvisor financial management software, the ticket sales systems of Ticketmaster and Lippupiste, and newsletter subscribers) and publicly accessible Internet sources. Any customer data that has not been used for a long period of time may be removed.

Verkatehdas does not disclose any personal data concerning its customers to third parties, unless required to do so by Finnish authorities. No data is transferred outside the EU/EEA (exceptions below). If personal data is intended to be transferred to outside parties, a separate consent will be requested for this purpose.

Verkatehdas uses the Mailchimp email service for customer communication and direct marketing. The servers used by Mailchimp are located outside the EU, so personal data (name and email) is transferred outside the EU and the EEA. Mailchimp is a Privacy Shield certified service that is committed to complying with the data protection requirements of the EU Data Protection Regulation and the European Commission for third countries. Read more about Mailchimp’s privacy policy.

Data can be removed as required by the customer or at the end of the customer relationship.

Personal data is stored in a confidential manner. Verkatehdas’ data network and hardware, which is used for storing the register, is protected by a firewall and other technical security tools. Access to the register is restricted by password to those persons who need the register data for their work. The personnel are bound by confidentiality as defined in their employment contracts.

Personal data collected in the register is only retained for as long and to the extent as is necessary in relation to their original and relevant intentions, for which the personal data was collected. Additionally, personal data is stored in accordance with possible regulations of other laws.

In accordance with their own practices, the data controller regularly assesses the need to retain data. Furthermore, the data controller shall take all reasonable measures to ensure that any personal data that is inaccurate, with respect for the processing purposes, will be removed or rectified without delay.

Data subjects have the rights prescribed in legislation concerning the personal data privacy of Finnish citizens and the following grounds in accordance with the General Data Protection Regulation of the EU:

1. the right to obtain confirmation from the data controller as to whether or not personal data concerning them is being processed, and if the personal data is being processed, the right of access to the personal data in question as well as the following information:
   • purposes of the processing;
   • the categories of personal data in question concerned;
   • recipients and recipient groups, to which personal data has been disclosed or is intended to be disclosed;
   • as is possible, the planned storage period for the personal data of, if not possible, the criteria that determine the duration of the storage period;
   • the right to request from the data controller rectification or removal of personal data concerning the data subject, or the restricted use of the personal data or to object to the processing of this data;
   • the right to file a complaint with a supervisory authority;
   • where the personal data are not collected from the data subject, any available information as to their source (Art 15 GDPR);
2. the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal (Art. 7 GDPR);
3. the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning the data subject and, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement (Art. 16 GDPR);
4. the right to obtain from the controller the erasure of personal data concerning them without undue delay and where one of the following grounds applies:
   • The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
   • the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing;
   • the data subject objects, on grounds relating to his or her particular situation, to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing for direct marketing purposes;
   • the personal data has been unlawfully processed; or
   • the personal data has to be erased for compliance with a legal obligation in the Union or Member State law to which the controller is subject (Art. 17 GDPR);
5. the right to obtain from the controller restriction of processing if
   • the accuracy of the personal data is contested by the data subject, in which case the processing will be restricted for a period enabling the controller to verify the accuracy of the personal data;
   • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead;
   • the controller no longer needs the personal data for processing purposes, but it is required by the data subject for the establishment, exercise or defence of legal claims; or
   • the data subject has objected, on grounds relating to his or her particular situation, to processing pending the verification whether the legitimate grounds of the controller override those of the data subject (Art. 18 GDPR);
6. the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, if the processing is based on consent and the processing is carried out by automated means (Art. 20 GDPR);
7. the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to them infringes the General Data Protection Regulation of the EU (Art.77 GDPR).

Any requests concerning the exercising of these rights shall be directed to the contact person stated in item 1.

Verkatehdas Oy
Paasikiventie 2, FI-13200 Hämeenlinna
+358 40 868 6011
info@verkatehdas.fi

Ari Tornberg, Facility Manager
Paasikiventie 2, FI-13200 Hämeenlinna
ari.tornberg@verkatehdas.fi
+358 50 572 4850

The purpose of the recording video surveillance system is to prevent vandalism or crimes targeting the property, personnel or customers and to document events for the purpose of clarifying issues of liability. Using the recording camera surveillance system, we endeavour to protect customers and personnel, to increase their safety, to monitor the property and to help maintain order. For this purpose, personal data concerning those who have been on or in close proximity to the property is stored in the register.

The Verkatehdas quarter is considered to include: The main building, Vanaja Hall, the cinema centre, the institute, the ARX building, the keltainen (yellow) building, the theatre building and the radio building, as well as the areas, yards and parking lots immediately surrounding the aforementioned buildings.

The cameras help in monitoring the entrances, facades, public areas and parking areas of the Verkatehdas quarter. Notification of surveillance is posted in the form of proper signs at entryways to the outdoor areas and main building entrances. The surveillance cameras are in operation 24 h/day. The recording is saved on a server, where the data is retained from one to two weeks. The recording is a continuous feed. The system collects only the data necessary for the purpose stated in item 4.

Data recorded from the 25 surveillance cameras located within the Verkatehdas quarter.

Camera recordings are not transferred or disclosed without the permission of a representative named by Verkatehdas. The building attendant can monitor the surveillance cameras in real-time from the control desk. Upon separate request, the recordings can be transferred to the police.

Data is not transferred.

All recordings are stored in the telecommunications office of the main Verkatehdas building and in the office of the building attendants. Entry into both spaces is restricted to specifically designated individuals.