Due to the postal strike we do not deliver tickets nor gift cards by letter at the moment!

Data secrecy

The NetTicket.fi´s legal statement and secrecy policy

Use of the internet pages found under the address www.NetTicket.fi as well as the internet service and internet shop (henceforth “Services”) is restricted by the terms of use conditions given below. Use of the services requires the user to agree to abide by these terms of use. Any use of the service not complying with these conditions is prohibited. Read the conditions carefully.

The service follows official directives regarding personal information. All information is treated according to implemented directives. More information below.

The gathered personal information is used for delivering tickets, maintaining customer relations and to enable us to maintain the contact needed for the service. The customer must also provide contact details when booking a ticket; otherwise the purchase/booking of tickets will not be valid.

This information will not be given to a third party, except to the promoter whose event the customer has purchased a ticket for.
 

Database information according to Personal Data Act (523/1999) 10 § and 24 § and General Data Protection Regulation (GDPR) within EU.
Created 30.4.2018. Last modification 13.5.2018.

1. DATA CONTROLLER

Oy NetTicket Finland Ab
Harstadinkatu 4
65350 Vaasa

2. PERSON RESPONSIBLE FOR DATA MATTERS

Jonny Mandell
tel +358 40 5066011
jonny.mandell @ netticket.fi
 

3. DATABASE NAME

Customer, organizer and user databases required to maintain NetTicket Finland Oy:s ticket selling services 
 

4. PURPOSE OF USING PERSONAL INFORMATION

Personal information is used due to customer relationship, with the permission of the registered person, .

Personal information regarding a registered user is utilised to maintain customer relationships, develop, plan and analyse them, and to compile statistics. Personal information is also used to be able to offer services and products and develop them, as well as to follow-up and monitor misuse.
 

5. DATABASE CONTENT

The personal database contains personal data of buying customers, handlers and suppliers

The database contains the following data:
- Name and company or society name if person represents a community
- Contact information (street address, postal code, city, mobil phone number, e-mail address)
- Information on permissions and refusals concerning direct marketing
- Information on customer relations, i.e. customer specific order history that has been stored in a database
- Logs and information needed between systems
- Usercode and password needed to use the service
- Personal identification number och Business ID in the case of a credit transaction

Personal data is stored as long as is needed to fullfill the purpose of the register or to comply with the storage time of laws and regulations.

6. DATABASE INFORMATION SOURCES

 The database contains
- information provided by the user in connection with the use of the service
- information provided by the customer during customer contact by phone, e-mail, onlineservices or other means of communication
- information about the use of the service stored by the user during the use of the web service
 

7. REGULAR TRANSFER OF DATA

The service functions as a ticket agent for different events and the information is given to the promoter of the event in question.

The organizer may transfer personal data to subcontractors (eg transportation, accommodation, catering) that are necessary to produce the event. These act as a handler of the organizer's personal data.

Information will not be handed over to third parties.


8. TRANSFER OF INFORMATION OUTSIDE EU OR EEA

Information will not be transferred or handed over outside the EU or EEA.


9. PRINCIPLES FOR PROTECTION OF THE REGISTRY


Information will not be transferred or handed over outside the EU or EEA.

The data in the registry is used strictly and confidentially only by the employees and persons to whose work it belongs.

The users of the registry have a username and password that allows each login to be verified and identified.

Due to the technical nature of handling data, certain parts of the data collected can physically be located on a server maintained by a third party, where it is handled using a encrypted user contact. The data collected is stored in common databases, which are protected by firewalls, passwords and other technical solutions. The databases and backups are located in locked and guarded premises, and access to the information is restricted.

Manual material is stored in locked spaces accessible only to those entitled to information.


10. RIGHT OF ACCESS

The data subject have once a year the right to free of charge control the information stored concerning themselves.

An informal signed request for verification must be made in writing or by submitting it personally to the data controller.

Identifying a person from the system also requires notification of a mobile phone number and / or email address.

The identity of the customer is verified before handing over the information and the material is delivered in Excel format as a rule within 30 days.


11. THE RIGHT TO SEEK INFORMATION CORRECTED

The data subject has the right to request that his or her information contained in the register must be corrected or to supplement the incomplete information.

An informal signed correction request must be made in writing or by submitting it personally to the data controller.

Identifying a person from the system also requires notification of a mobile phone number and / or email address.

The identity of the customer is verified before the data is corrected and the information is corrected within 30 days.


12. OTHER RIGHTS CONCERNING HANDLING OF PERSONAL DATA

The data subject has the right to refuse access to direct mail, distance selling and other direct marketing as well as market and opinion surveys.

An informal direct marketing prohibition must be made in writing, by email or by submitting it personally to the data controller.

Identifying a person from the system also requires notification of a mobile phone number and / or email address.

Direct marketing authorization data will be updated to personal data without delay or within 30 days at the latest.

The data subject has the right to request the removal of personal data relating to him or to transfer it to another.

An informal signed removal or transfer request must be made in writing or by submitting it personally to the data controller.

The identity of the customer is ensured prior to handing over the transfer data and the transfer data is transmitted in Excel format as a rule within 30 days.

Personal data will be deleted (anonymization) and data deletion will be made within the storage time of laws and regulations.

If the data controller does not delete all personal data, he or she must issue a written certificate stating the reasons why the information was not immediately removed.