Privacy statement - Customer Data

The privacy statement is in accordance with EU General Data Protection Regulation (EU 2016/679).

1 Data Controller

UniSport, University of Helsinki ( Business ID 0313471-7)
P.O. Box 53 (Fabianinkatu 28)
FI- 00014 University of Helsinki
tel. 02941 22151

2 Contact persons in matters concerning customer data

UniSport customer service
P.O. Box 53 (Fabianinkatu 28)
FI- 00014 University of Helsinki
tel. 02941 22151, unisport.asiakaspalvelu@helsinki.fi

You can contact the Data Protection Officer of the University of Helsinki by email: tietosuoja@helsinki.fi

3 Purpose and legal basis for processing personal data

Personal data is used to manage and develop the customer relationship (customer communications, such as customer surveys) and, with the permission of the customer, for marketing purposes (such as electronic customer letters). The personal data outlined in section 4 will be collected from customers so that they can be granted the right to book and use the services of UniSport, and so that they can be notified about changes to or cancellations of the service they have booked, if required. In addition, UniSport uses the data for developing business operations and for statistics and analysis. The processing of personal data is based on an agreement between UniSport and the customer and, in certain cases, your consent.

4 What personal data are we processing?

Data collected on private customers:

Customer's first name, surname, date of birth, customer group (e.g. student, Faculty of Social Sciences, University of Helsinki), gender, telephone number, email address, postal address, user ID, customer card rfid identifier for automatic access control, reservations made by the customer, payments, cancellations and attendance information, possible other information provided to us for customer relationship management, additional information field for customer relationship management information, e-mail, phone and chat discussions, terms and conditions (opt-in), marketing authorisation (opt-in) and Mywellness account authorisation (opt-in).

Information collected on corporate customers:

Organisation name, department, address, postal code, city, country, country code, company ID (business ID), register number (for associations), invoicing method, e-invoicing address, e-invoicing operator, terms of payment, contact's first and last name, telephone number, email, language selection (Finnish, English and Swedish options), customer group (organisation, its attribute, customer type), user ID, customer card rfid for automated access control, reservations made by the customer, payments, cancellations and attendance information, additional information field for customer relationship management information, terms and conditions (opt-in), marketing authorisation (opt- in).

5 Regulated data sources

The information is collected from the customer through UniSport's customer service, contact person or website.

6 Regulated disclosures of data

Information for invoicing and possible debt collection services is transferred to the invoicing partner (Visma).
To provide our services we also use subcontractors with limited access to your personal data. Such subcontractors include Enkora Oy (Customer Information System), Active Campaign (Marketing) and Surveypal (customer surveys), LeadDesk (customer service). Data is disclosed to Finnish authorities in accordance with current laws and regulations.

7 How long do we hold your personal data?

We process your personal information for the duration of your customer relationship and retain it for approximately two years from the date of your last activity. However, if you have given us a marketing authorisation, we will keep your information until you revoke your marketing authorisation.

8 Transmission of data outside the EU or EEA

The personal data in the UniSport customer register is processed in Active Campaign’s servers which are located outside the EU. In special cases, also Surveypal’s subcontractor may be granted access to the personal data from outside the EU for the purpose of resolving support requests. Standard contractual clauses adopted by the European Commission and the safeguards defined therein are applied to non-EU actors.

9 Cookies

Site usage is monitored to improve service. Cookies are used for tracking purposes. The use of cookies does not store any information that could be used to identify users. Cookies do not affect security and cannot spread viruses or malware. By visiting the website, you agree to the use of cookies.

10 What rights do you have?

To exercise your rights, you can contact the person listed in section 2.

Withdrawal of consent

You have the right to withdraw your consent if the processing of your personal data is based on your consent. The withdrawal of consent does not affect the legality of the processing carried out on the basis of consent prior to its withdrawal. You can cancel your consent to marketing by logging into your profile via the website.

Right to access information

You have the right to be informed about what personal data we process and how it is processed. You can also request a copy of the personal data that is processed. The system uses an online interface where customers can log in with their personal login details and examine the data relating to them.

Right to correction of data

In the event of inaccuracies or errors in the processing of your personal data, you have the right to request a correction or supply supplementary data. Notifications regarding incorrect data may be made to any UniSport customer service point, at which point the data will be corrected.

Right to delete data

You have the right to demand the deletion of your unnecessary personal data. The data will be deleted in the following cases:
Personal data are no longer needed for the purposes for which they were collected.
You withdraw the consent on which the processing was based and there is no other legal basis for the processing.
You object the processing (a description of the right to object is provided below), there is no legitimate reason for processing, and personal data has been processed unlawfully.

Right to restrict processing

You have the right to request restriction on the processing of your personal data. This means we keep your data, but we don't process it in any other way.
You have this right in the following cases:

  • You contest the accuracy of your personal data, limiting the processing to a time within which we can verify its accuracy.
  • The processing is illegal, and you object to the deletion of personal data and instead require restrictions on its use.
  • We no longer need such personal data for processing purposes, but you need it to create, present or defend a legal claim.

Right to transfer data from one system to another

You have the right to obtain the personal data you submitted to us in a structured, commonly used and machine-readable form, and the right to transfer that data to another controller.

Right to object

You have the right to object to the processing of your personal data if the processing is based on a legitimate interest (such as marketing).

Right of appeal

If you have any questions about the processing of your personal data, you can always contact the persons mentioned in section 2. However, you also have the right to file a complaint with the Office of the Data Protection Ombudsman (tietosuoja.fi) if you consider that the processing of your personal data has violated existing data protection legislation.