Skanssi logo

Skanssi's Privacy Policy

Privacy Policy

Privacy statement

Registrar

Kauppakeskus Skanssi Oy

Skanssinkatu 10 20730 Turku

VAT number 2104763-3

Contact person

Heli Järvelä

heli.jarvela@cbre.com

tel. +358 50 5028806

Registry name

Newsletter subscribers

Purpose of personal data processing

Personal data is processed in connection with the Kauppakeskus Skanssi newsletter. Personal data can also be used to manage or develop customer relationships, to enable orders, registrations, contacts, transactions and marketing, reporting and other measures related to customer management. The purpose of the processing is to maintain contact information and other communication, communication and marketing.

Personal data retention period

Personal data is stored as long as the basis for processing stated in the data protection statement is valid and for a reasonable period after that, taking into account the mandatory legislation.

The register's personal groups and data content and personal data groups

The groups of people whose data can be processed are the controller's consumer customers. The newsletter subscriber register contains the consumer's information: first name, last name, e-mail and city. In addition, the register can process the information of the person registered for the events, such as: first and last name, possible contact information and necessary information given in connection with the event, such as allergy information, which the person has entered himself.

Regular sources of information

Information is collected from the registrant himself from messages sent from www forms, by e-mail, by telephone, through social media services, contracts, registrations and other situations where the customer gives his information.

Data transfer outside the EU or EEA

Currently, data is not transferred outside the EU or EEA. Basically, the data controller does not transfer data outside the EU or the EEA, but tries to use service providers within the EU, but if data is transferred outside the EU or the EEA, the data controller ensures that there is a legal basis for the data transfer and that personal data is protected using the authorities' approved standard contracts and appropriate technical safeguards.

Principles of registry protection

Care is taken when processing the register and the information processed with the help of information systems is properly protected. The information contained in the electronically processed register is protected by firewalls, passwords and other generally accepted technical means in the information security industry. Manually maintained materials are located in premises to which only designated persons have access. Only identified employees of the controller and companies acting on behalf of the controller have access to the information contained in the register. The registry data is securely backed up and can be restored if necessary.

Rights of the registrant

The person in the register has the right to:

  • The right to access personal data collected from the data subject. The registered person must request their information in writing and the controller will provide information about the collected information within one month at the latest.

  • The court requests that the information in question be corrected in writing.

  • The right to request data deletion. The controller is obliged to delete the data if one of the following criteria is met:

  1. personal data are no longer needed for the purposes for which they were collected

  2. the data subject withdraws consent

  3. the data subject objects to the processing and there is no basis for the processing or the data subject objects to the direct marketing purpose

  4. personal data has been processed illegally

  5. personal data must be deleted to comply with a legal obligation

  6. your personal data has been collected in connection with the provision of information society services

  7. the right to request restriction of processing

  8. the right to transfer data from one system to another

  9. to the extent that the processing of personal data is based on the data subject's consent, the data subject has the right to withdraw consent at any time without this affecting the legality of the processing carried out on the basis of consent prior to its withdrawal, or

  10. file a complaint about the processing of personal data to the supervisory authority.