Creative Finland Privacy Statement

Updated August 10, 2018

1. Data Controller
AGMA Association of Agents and Managers in Creative Industries / Creative Finland
Creative Finland 
Mariankatu 8, 3rd floor
00170 Helsinki, Finland
Business ID 2355856-8

2. Contact person in matters relating to the register
Kati Uusi-Rauva
AGMA Association of Agents and Managers in Creative Industries / Creative Finland 
+358 40 865 8738
kati.uusirauva (a)



3. Name of the register
Contact register of the Creative Finland ESF project.

4. Registered subjects
Subject to registration are coordination project partners, parties interested in the Creative Finland project or parties who have signed up for the newsletter.

5. Purpose of the maintenance of the register and the processing of personal data
The legal basis for the processing of personal data is the EU's general data protection regulation (GDPR):
- the consent of a person (documented, voluntary, individualized, informed and unambiguous);
- the contract whereby the registered is a party;
- a public role to coordinate communication between actors involved in the project.

Personal data can be processed in communication with the data subject, in the planning of activities, in sending newsletters, in providing information and in conducting studies and analyses.

6. Personal data to be processed
Registered can save a name and contact information such as address, phone number and email address, business ID, status in the organization, as well as permissions, consents and bans.

Technically collected information about the use of the online service may be the IP address and country or city, the use and timing of network services, the type of device used, the type of operating system and software versions, the browser type and language settings, and the external sites from which the user has entered or enters the registrar's web site. The registrar can collect information using cookies on its website.

7. Regular sources of information
The information stored in the register may be obtained from online forms submitted by the registered, or from emails, telephone calls, contracts, public information, meetings and other situations where the registered submits data.

8. Regular destinations of disclosed data and transferring data outside the EU or EEA
Data from the register is not regularly disclosed to third parties without the prior consent of the data subject. The information can be published as far as it has been agreed with the registered.
Information is normally transmitted outside the EU or the European Economic Area. When data is transferred outside the EU and the EEA, an adequate level of protection of personal data is ensured, inter alia by agreeing on the confidentiality and processing of personal data as required by law.

EU or non-EEA service providers are Google and Google Analytics, The Rocket Science Group LLC (MailChimp) and Dropbox International Unlimited Company. When the information data contained in the register is stored outside EU, this storage shall take place as stipulated in the EU-US Privacy Shield agreement.


9. Data protection and storage
Careful handling of the registry is ensured, and data processed by the information systems is adequately protected. When keeping records on Internet servers, the physical and digital security of the hardware is handled appropriately. The data controller shall ensure that stored data, server access privileges and other critical data related to the security of personal data are processed confidentially and only by employees whose job description they belong to.

10. Duration of processing 
The contact data is kept the for the duration of the Creative Finland project and its follow-up projects. The registrar keeps other registered personal data in accordance with current legislation and only for as long as their retention is necessary for the purposes described in this Privacy Statement. This information may be retained in accordance with the provisions of this Act due to statutory or other compulsory legislation also after termination of the customer relationship or other personal data processing rule.

On a website, the visitor may clear or block cookies and other tracking from their browser or device settings. This may degrade the experience or cause malfunctions. Clearing cookies does not completely stop data collection.

The subscriber of the newsletter may withdraw his / her consent at any time through any link in the newsletter e-mail. The registered subject can easily unsubscribe from the newsletter through a link provided in each message.

11. Data processors
The controller and its employees handle personal data. The controller may also outsource the handling of data to a third party, in which case we ensure that personal data is processed in accordance with data protection legislation and otherwise in an adequate manner.


12. Automated decision-making and profiling
The controller does not use data for automatic decision-making or profiling.


13. Data subject’s rights
The subject has the following rights. Notices concerning the access right must be made in writing, signed and sent to the address set forth under Section 2. 
- Right of access: The data subject has the right to access data concerning themselves that has been stored to the register.
- Right to rectification: In case of errors in the registered data, data subject may submit a request to rectify the incorrect data to the contact person set forth under the Section 2.
- Right to prohibit: The data subject has the right prohibit the data controller from processing personal data relating to the data subject.
- Right to be removed: The data subject has the right to ask for removal of registered data. After having processed the request, we either remove the data or inform the subject on what basis the data cannot be removed. It should be noted that the controller may have statutory or other rights not to remove the requested information. The controller is obliged to keep the accounting records in accordance with the Accounting Act (Chapter 2, Section 10) for a period of 10 years. 
- Withdrawal of consent: When it comes to processing of personal data based on consent, the subject has the right to withdraw consent for processing of such data at any point.
- Right to limit the process: The data subject has the right to request that we limit the processing of controversial data until the matter has been settled.
Right to appeal to supervising authority: If the data subject has grounds for suspecting that we are in not complying with effective legislation regulating data protection, the subject has the right to make an appeal to the Data Protection Ombudsman. The Data Protection Ombudsman’s contact information.


13. Changes to the Privacy Statement
If the Privacy Statement is changed, the Registrar will make the changes visible to the prospectus dated. If the changes are significant, these may also be communicated by other means, such as by email or by posting a notice on the site.