Privacy Statement

FILE DESCRIPTION OF AV-ARKKI’S STAKEHOLDERS’ CONTACT REGISTER
PUBLISHED 23 MAY 2018

DATA CONTROLLER

AV-arkki
Tallberginkatu 1 c 76
00180 Helsinki, Finland

PERSON IN CHARGE OF THE PERSON REGISTER

Director Hanna Maria Anttila
director(at)av-arkki.fi, +358-40-5570320

NAME OF THE REGISTER

AV-arkki’s customer and stakeholder group Gruppo data system and the related art work database Avokaado, both of which are operated by Gruppo Software.

APPROVED SUBCONTRACTORS

Maintenance of primary servers and backup system: Lasipalatsi Mediacentre Ltd, Helsinki.
Mass emails and related services: Campaign Monitor Pty LTD, Australia.

DESCRIPTION OF THE DATA SUBJECT GROUP

The register includes the contact information of AV-arkki’s stakeholders. The data is grouped to meet the needs of AV-arkki’s operations and communications. Stakeholders are private individuals or corporations.

USE OF THE DATA

The personal information is used for AV-arkki’s operations, distribution, contacts and communications. Processing personal data, entering data into the register and changes to existing data are all performed at AV-arkki. The technical maintenance of the register has been outsourced to Gruppo Software.

The data may be used for the following purposes:

– Maintaining and developing customer relations
– Delivering products and services
– Profiling and segmenting customers for AV-arkki’s operations
– Customer surveys
– Communications (including newsletters and various invitations)
– Other similar uses

DESCRIPTION OF RECORDED DATA

THE PERSON REGISTER MAY CONTAIN THE FOLLOWING DATA

BASIC DATA
First name
Last name
Title
Organisation
Department
Preferred name
Personal identification number
Business code
External customer identification number
Mailing language
Picture
Name of partner
Date of birth
Date of death

CUSTOMER-SPECIFIC SPECIAL FIELDS
Biography in Finnish and English
Filmography in Finnish and English

CONTACT INFORMATION
E-mail address
Address
Postcode
City or town
Country
Phone number
Website address

GROUPING DATA
Name of the group
Technical type of the group
GDPR type of the group

EMAIL DELIVERY DATA
Name of the message
Status of the email address
Status of the message
Cancellation data
Spam complaint data
Accessed links in the message

INVOICING DATA
Invoices, invoice rows
Payment data

SURVEY DATA
Name of the survey
Survey questions and replies

NOTES
Note text
Note type
Note appendix

LOG DATA
Data generation, correction and deletion
Data export, type of export (Excel, PDF list, tags, contact cards)
Sent email message (gruppo.createsend.com)
Browsing the contact card view

REGULAR DATA SOURCES

Data in the contact register has been gathered from unrestricted Internet sources or from AV-arkki’s stakeholders via phone, mail, email, the customer’s membership data, customer relations or in a comparable manner. The register is updated based on the changes in contact information reported by the customers themselves.

If they so wish, the data contained in the register can be inspected via AV-arkki’s Gruppo main user (see above: person in charge of the person register).

RELEASING AND TRANSFERING DATA

No data is released from the register to outsiders. Data is not transferred outside the European Union or the European Economic Area unless it is required by the technical demands of the service. In this case, AV-arkki and the service provider Gruppo Software ensure the level of privacy protection required by law.

For archiving and distribution, personal data essential to the distribution of works by artists or collectives (including the artist’s/producer’s/author’s name, year and place of birth, place of residence, biography, filmography, website address) may be

– Published in AV-arkki’s web services or other communications
– Released to serve the communications concerning events displaying the artist’s/producer’s/author’s works
– Saved on web platforms used in AV-arkki’s distribution
– Transferred and saved into the National Audiovisual Institutes’s systems for long-term archiving

You do not have to provide us with your personal data, but if you decide not to, we may not be able to offer our service to you.

THE GEOGRAPHICAL LOCATION OF THE PERSONAL DATA

The personal data is processed in the following countries or regions:
– Primary servers and primary backup system: Finland
– Mass email services (name and email address) and related services: Systems that use cloud services also process data outside the EU/EEA.
– Backup system independent from the primary backup system: Switzerland

THE REGISTER’S PROTECTION

DIGITALLY STORED DATA

The databases where the register’s data is recorded are protected as part of the service provided by Gruppo Software. AV-arkki ensures that only those employees who require it to perform their tasks have access to the data. Each user has an individual user ID and a password which expire when the person leaves AV-arkki’s employment. The system is used via the Internet using an encrypted connection that connects it to the service provider’s servers. Access requires a user ID and a password.

MANUAL MATERIALS

There is no manual version of Gruppo’s communications and contact register.

DATA SUBJECT RIGHTS

RIGHT TO ACCESS AND RECTIFICATION

The data subject has the right to access the information about them in the register. Inquiries about access should be addressed to the person in charge of the register.

RIGHT TO OBJECT

The data subject has the right to prohibit AV-arkki from processing data concerning themselves for communication purposes. This is accomplished by contacting the person in charge of the register.

You do not have to provide us with your personal data, but if you decide not to, we may not be able to offer our service to you.

ERASING DATA

The data subject has the right to request their data be erased from AV-arkki’s register. This is accomplished by contacting the person in charge of the register.

RIGHT TO CHANGES

We reserve the right to change this privacy statement by publishing it on our website. The changes may be based on the development of AV-arkki’s operations and/or changes in legislation. We recommend you periodically check the content of the privacy statement.