Privacy Policy
Privacy Policy for Customers, Potential Customers, Members, and Stakeholders
Controller:
RoKi Hockey Oy [hereinafter “Controller”]
Business ID: 1767240-1
Address: Rovakatu 16, 96100 ROVANIEMI
Phone: 040 579 6273
Email: toimisto@rokihockey.fi
Data Protection Contact Person: Joonas Virtanen, toimisto@rokihockey.fi
Protecting personal data is important to RoKi Hockey Oy. We process personal data in accordance with applicable EU data protection regulations and national data protection regulations. The purpose of this Privacy Policy is to inform our customers and users of our online services about what personal data we collect, how we use and process such data, and the rights you have regarding them.
Definitions
“Personal data” refers to all information related to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. “Customer” refers to those consumers and their company or other community (“company”) contacts with whom the Controller has a customer relationship. “Potential customers” refer to data subjects who are consumers and company contacts with whom the Controller seeks to establish a customer relationship. “Members” refer to consumers who are members in the Controller’s business operations, such as in a fan club maintained by the Controller. “Stakeholders” refer to consumers and company contacts with whom the Controller has a cooperation relationship (e.g., representatives of companies providing services to the Controller) or other connection (e.g., representatives of the media as part of public relations activities and societal decision-makers related to public affairs).
For What Purposes Do We Process Your Personal Data?
The Controller processes the personal data of data subjects for the following purposes (simultaneously or separately): • Management, analysis, and development of customer, member, and stakeholder relationships The Controller may use your personal data for the management, analysis, and development of customer, member, or stakeholder relationships established directly with you or with the company you represent. • Provision of products and services The Controller may use your personal data to provide products and services if you or the company you represent have, for example, purchased a product or service from us, used our digital services, or participated in events. Personal data is used to fulfill the Controller’s and the customer’s rights and obligations based on agreements or other commitments.
- Customer and member communications
The Controller may use your personal data in customer and member communications, such as sending notifications related to products and services, informing about changes to services, and requesting feedback on products and services.
- Marketing
The Controller may contact you to inform you about new products, services, or benefits. The Controller may use personal data to customize its offerings and provide relevant content. This means, for example, that we may provide recommendations or display tailored content and personalized ads in our own and third-party services.
- Development of products and services
The Controller may use your personal data to develop its products and services. The legal basis for processing personal data is as follows, in accordance with Article 6 of the EU General Data Protection Regulation:
a) You have given consent to the processing of your personal data for one or more specific purposes.
b) Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
c) Processing is necessary for compliance with a legal obligation to which the Controller is subject.
f) Processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data.
The Controller processes your data to fulfill a contract with you or the company you represent (e.g., organizing a match related to a purchased ticket or VIP service, providing a digital service, or implementing sponsorship cooperation). The Controller has legitimate interests related to its business operations, such as the right to promote the sale of its products and services through marketing and sales methods.
The Controller may, based on legitimate interests, engage in direct marketing and sales using your contact information, including processing personal data for profiling purposes. Other legitimate interests of the Controller for which your personal data may be processed include counseling and other customer service for non-customers, further development of business, and investigation of possible abuses. If data processing is not based on a contractual necessity or legitimate interest, the Controller may request your consent for other types of personal data processing. The Controller may also process your personal data as required by law, such as retention obligations under the Accounting Act.
Contests on Social Media
For contests held on social media, rules and instructions for data processing are provided separately in connection with the contest.
What Personal Data Do We Process?
The Controller processes the following personal data, as applicable:
- Basic information, such as name, username, and other identification information
- Contact information, such as email address, phone number, and address
- Information related to the customer relationship, such as customer number, username, and other user identifiers, customer feedback and contacts, as well as the language of communication and direct marketing consents and bans
- Information related to the contract, such as purchased products and services, payment details, and customer history
- Customer service information, such as contact records
- Direct marketing information, such as the content and target of marketing messages and related permissions and bans
- Information collected through cookies and other similar technologies used for online services, such as IP address, device identifier, or other identification and technical data
- Customer feedback and research responses
- Other information collected with your consent
- Information on loyalty and customer benefits
- Information on participation in events
How Do We Collect Personal Data?
The Controller collects personal data primarily from you when you contact us or use our services. In addition, personal data may be collected and updated from publicly available sources, from the authority responsible for maintaining the national personal data reference system or other similar sources, and by using cookies and other similar technologies on our website.
How Long Do We Store Your Personal Data?
The Controller stores your personal data only for as long as it is necessary for the purposes of processing personal data as specified in this Privacy Policy. However, the Controller may store personal data for longer periods if required by law or regulations that are applicable to its business operations. To determine the appropriate retention period for personal data, the Controller takes into account the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which the Controller processes your personal data, whether the Controller can achieve those purposes through other means, and the applicable legal requirements. The Controller will also securely delete or anonymize personal data when there is no longer a legal basis for processing it. Disclosure of Personal Data Personal data may be disclosed to the following recipient groups, to the extent necessary for the purposes of processing personal data as set out in this Privacy Policy:
- Companies belonging to the same corporate group as the Controller
- Service providers (e.g., IT service providers)
- Payment service providers
- Social media networks, advertising networks, and analytics providers
- Authorities, such as tax authorities, in accordance with applicable laws and regulations
- Stakeholders within the scope specified in the Customer and Marketing Register of the Controller
- In connection with events or other activities organized by the Controller, data may be disclosed to the media, such as newspapers, television, and radio, as well as on the internet
The Controller ensures, through contractual arrangements and other measures, that the personal data disclosed to third parties is processed in accordance with applicable law and appropriately. The Controller uses service providers located both within and outside the European Union. The Controller has ensured the appropriate level of data protection in the transfer of data to such providers, either by using European Commission standard contract clauses or by ensuring that the provider complies with the EU-U.S. Privacy Shield Framework.
Cookies and Other Similar Technologies
The Controller uses cookies and other similar technologies on its online services, such as websites and applications. Cookies are small text files that are stored on your device and that collect and store information about your device and online behavior. The Controller uses cookies to provide and develop its services, personalize content and ads, and analyze the use of its online services. Cookies can also be used to target advertising and marketing. The Controller uses both session cookies, which are deleted when you close your browser, and persistent cookies, which remain on your device for a specified period or until you delete them. Session cookies are used to maintain the session after logging in and to ensure the security and functionality of the service. Persistent cookies are used, among other things, to save login information to the service so that the user does not need to log in each time. You can block cookies by activating a setting in your browser that allows you to refuse all or some cookies. If you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our website. For more information about cookies and how to manage or delete them, visit www.aboutcookies.org or your browser’s help page. You can also disable the use of cookies by third-party providers by visiting the Network Advertising Initiative’s opt-out page (www.networkadvertising.org/choices) or by disabling the use of cookies for targeted advertising through the YourOnlineChoices opt-out page (www.youronlinechoices.com/uk/your-ad-choices).
Your Rights as a Data Subject
As a data subject, you have the following rights:
- Right of access: You have the right to obtain confirmation from the Controller as to whether your personal data is being processed and, if so, access to the personal data and additional information about the processing.
- Right to rectification: You have the right to have inaccurate or incomplete personal data concerning you rectified.
- Right to erasure (right to be forgotten): You have the right to have your personal data erased under certain circumstances.
- Right to restrict processing: You have the right to request the restriction of the processing of your personal data under certain circumstances.
- Right to data portability: You have the right to receive the personal data concerning you that you have provided to the Controller, in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another Controller without hindrance from the Controller to which the personal data was provided, under certain circumstances.
- Right to object: You have the right to object, on grounds relating to your particular situation, at any time, to the processing of your personal data for certain purposes, such as direct marketing.
- Right to withdraw consent: If you have given your consent to the processing of your personal data, you have the right to withdraw your consent at any time.
- Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes data protection laws. You may do so in the Member State of your habitual residence, your place of work, or the place of the alleged infringement.
You can exercise your rights by contacting the Controller using the contact information provided above. The Controller may request additional information necessary to confirm your identity. The Controller will respond to your request within one month of receiving the request. If necessary, the Controller may extend the response time by two months, taking into account the complexity and number of requests. The Controller will inform you of any such extension and the reasons for the delay within one month of receiving your request. In some cases, the Controller may not be able to fulfill your request, in whole or in part. In such cases, the Controller will provide you with the reasons for the refusal.
We encourage you to contact us if you have any questions or concerns about the processing of your personal data. If you believe that your rights have been violated, you have the right to file a complaint with the supervisory authority. Security of Personal Data The Controller protects your personal data with appropriate technical and organizational measures to prevent unauthorized access, transfer, deletion, or other processing that may compromise the security of your personal data. Such measures include the use of firewalls, encryption technologies, and safe server rooms, access control systems, and access rights management.
Updates to the Privacy Policy
The Controller may update this Privacy Policy from time to time to reflect changes in its practices, services, or legal requirements. The revised Privacy Policy will be made available on the Controller’s website, and the date of the latest update will be indicated at the beginning of the Privacy Policy.
Contact Information
If you have any questions about this Privacy Policy or the processing of your personal data, you can contact the Controller using the following contact information, email: toimisto@rokihockey.fi, phone number: +358 40 579 6273.