Privacy policy

PRIVACY POLICY FOR CUSTOMERS, POTENTIAL CUSTOMERS, MEMBERS AND STAKEHOLDERS
24 May 2018

Controller
Definitions
What are our purposes for processing your personal data?
Competitions on social media
What types of data may we process?
What are our sources for collecting your personal data?
Do we carry out profiling with your personal data?
Who may we share your personal data with?
Do we transfer your personal data outside the EU territory?
For how long do we process your personal data?
Are you required to give your personal data to us?
How can you exercise your rights relating to your personal data?
Which country’s legislation shall be applied to the processing of your data?
How may we update this privacy policy?

Controller

Ilves-Hockey Oy
Business ID: 1604871–1
Address: Kissanmaankatu 5, FI-33520 Tampere, Finland
Telephone: +358 3 225 9400
E-mail: ilves@ilves.com
Contact person for privacy matters: sanna-sofia.rinne@ilves.com

Definitions

“Personal data” shall mean any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or to one of more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Customers” shall mean, in terms of data subjects, the consumers and the contact persons of the companies and other entities (hereinafter “company”) with whom the Controller is in a customer relationship.

“Potential customers” shall mean, in terms of data subjects, consumers and contact persons of companies with whom the Controller strives to establish a customer relationship.

“Members” shall mean consumers who are members of the Controller’s business activities, such as members in a fan club managed by the Controller or players in non-professional teams.

“Stakeholders” shall mean consumers and contact persons of companies with whom the Controller has a cooperative relationship (such as the representatives of companies producing services for the Controller) or other connection (such as media representatives as parties in communication activities and social decision-makers in social relationship activities).

What are our purposes for processing your personal data?

The Controller shall process the personal data of data subjects for the following purposes (one or more simultaneously):

• Management, analysis and development of the customer, member and stakeholder relationship
The Controller may use your personal data to manage, analyse and develop a customer, member or stakeholder relationship established directly with you or with a company that you represent.
• Providing products and services
The Controller may use your personal data to provide products and services if you or the company that you represent has, for example, purchased a product or service from us, used our digital services, subscribed to our newsletter or taken part in our training or other events. Personal data is used to exercise the rights and fulfil the responsibilities based on an agreement or other commitment between the Controller and the customer.
• Customer and member communication
The Controller may use your personal data in its customer and member communication, for example, to send you notices related to products and services, to notify you of changes made to services and to request for feedback on products and services.
• Marketing
The Controller may contact you to inform you of new products, services or benefits. The Controller may use personal data to customise its supply and to offer relevant content. This means, for example, that we may provide recommendations or show customised content and customised advertisements in our own or third-party services.
• Product and service development

The Controller may use your personal data to develop its products and services.

The legal basis for processing personal data is provided by the following subparagraphs of Article 6 of the EU General Data Protection Regulation:

you have given consent to the processing of your personal data for one or more specific purposes;

processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;

processing is necessary for compliance with a legal obligation to which the controller is subject; and

processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except for where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.

The Controller processes your data for the performance of a contract with you or with a company that you represent (e.g. organising a game related to a purchased ticket, executing a player contract related to non-professional playing, realising an e-commerce purchase, providing a digital service or engaging in sponsorship cooperation).

The Controller has legitimate interests related to the practising of business, such as the right to promote the sales of its products and services through marketing and sales, and

the Controller may, on the basis of the legitimate interest, practice direct marketing and sales using your contact information, including the processing of personal data for profiling. Other

legitimate interests of the Controller on the basis of which your personal data may be processed include advice and other customer service for non-customers, further business development and the investigation of possible misconduct.

If the processing of data is not based on a contractual need or a legitimate interest, the Controller may request your consent for other type of processing of personal data.
The Controller may also process your personal data when required to do so by law, such as on the basis of the requirement to retain data under the Accounting Act.

Competitions on social media

With regard to competitions on social media, we shall inform you, as necessary, of the rules and the processing of personal data separately on a competition-specific basis on the campaign page in question. In general, the rules for competitions and the processing of personal data are as follows, if there are no separate competition-specific instructions:

Ilves-Hockey shall store the personal data of participants. The personal data of participants shall be processed in accordance with this privacy policy in order to select the finalists and hand over the prizes. Ilves-Hockey shall not disclose the participants’ data to third parties or use it for direct marketing. Ilves-Hockey shall pay any lottery tax relating to the prizes. The persons taking part in the draw shall release Ilves-Hockey and any other partners involved in the competition from liability for any damage caused or allegedly caused by taking part in this competition. The competition organiser’s liability to the participants may under no circumstances exceed the value or number of the prizes mentioned in the competition rules. Ilves-Hockey shall not be liable for any information technology-related problems or obstacles regarding participation in the competition or reception of a prize. The participants are liable for the correctness of the contact information they give to Ilves-Hockey upon participation.

By taking part in the competition, the participants undertake to follow these rules and the decisions made by Ilves-Hockey on their basis. In addition to following the rules of the competition, the participants undertake to follow the terms of use of any related services that are independent of Ilves-Hockey, such as Facebook, Twitter, YouTube or Instagram. If there is reason to suspect the participant of cheating or other violation of the rules, Ilves-Hockey is entitled to reject the participation and disqualify the participant. Ilves-Hockey reserves the right to share photos tagged by participants on its Facebook page, indicating the name of the person who originally shared the photo. Ilves-Hockey reserves the right to change the competition, its rules, prizes, dates or other related matters without separate notice. Any changes will be announced on Ilves-Hockey’s social media pages (for example, Facebook).

Any competitions are not endorsed or managed by the social media platform in question (for example, Facebook).

What types of data may we process?

The personal data collected by the Controller may contain e.g. the following types of data and the changes made therein:

Basic information on all data subjects
First name and last name
Contact information (postal address, e-mail address, phone numbers)
Gender

Data concerning the use of the Controller’s digital services
Technical data sent by the Controller to the user’s digital devices (such as computers and mobile devices) as well as data concerning cookies and other similar technologies
Communication targeted to the data subject and related activities
Direct marketing preferences
Recordings of customer service phone calls and e-mail and online correspondence related to customer service, for example, in social media channels
Personal identity codes of persons who we will invoice for some of the services. For example, season ticket holders.
Additional information in terms of under-age data subjects
Guardians’ names and contact information and invoicing information provided to the Controller

Additional information on company representatives

Sanna-Sofia Rinne. The person responsible for Ilves-Hockey Oy’s financial administration. After the managing director and sales director, she has the highest responsibility for the company’s office services, such as invoicing and HR administration.

Information of data subjects who have purchased the Controller’s products or services, provided feedback and/or submitted complaints on them

Start and end time and manner of the customer relationship or a similar relationship
Campaigns and offers targeted to the customer and their use
Areas of interest and other information provided by the customer
Contents of feedback and complaints, the related correspondence and follow-up measures

Information of data subjects who have taken part in the Controller’s events

Dietary information (specific information that the user has provided voluntarily)
Date of birth related to events for which e.g. a shipping company requires it
Names and dates of birth of travelling companions when e.g. a shipping company requires them

Information of customers using the Controller’s online services

Login details of the data subject
Behaviour in the online service after login

What are our sources for collecting your personal data?

The majority of the information is received from you or, in terms of a minor, from a guardian at the start of and during a customer, member and stakeholder relationship, as well as from the software with which you use our products and services.

The Controller also receives personal data and its updates from the authorities, organisations and companies that provide credit and personal data acquisition and updating services, as well as public directories and other public sources of data, such as company websites and social media channels. The Controller receives personal data relating to company representatives also from their colleagues, i.e. the main contact person of a company or other entity may provide personal data to the Controller also in terms of other individuals related to the use of the Controller’s products and services.

Do we carry out profiling with your personal data?

Profiling, as referred to in the EU General Data Protection Regulation, means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
We do not carry out profiling as described above for the time being. Instead, we may otherwise analyse and utilise the personal data in our data files as well as combine it with data received from third parties.

Who may we share your personal data with?

The Controller shall not give, sell or otherwise disclose your personal data with external third parties, unless otherwise indicated below.

The Controller may share your personal data with third parties who carry out services for the Controller. Such services may include, for example, customer service, software services, research activities, marketing and event production. The Controller may share your personal data in order to collect payments for products and services and it may, for example, transfer or sell unpaid invoices to third parties who provide debt collection services.

The protection of your personal data is important to the Controller, which is why it does not allow these parties to use the data for any purpose other than the provision of the services in question, and it requires the parties to protect the user’s personal data in compliance with this privacy policy and the applicable legislation.
The Controller shall share your personal data with partners with whom the Controller coordinates and carries out projects together.

The Controller may share your personal data with carefully selected third parties for the purposes of joint or independent direct marketing. Data may be shared for these purposes only when the purpose intended by the third party is not inconsistent with the purposes set out herein in the Controller’s privacy policy.

The Controller may share the personal data of the participants in the Controller’s events at its discretion with other participants at the event in question, if it is appropriate due to the nature of the event (such as a game event organised for company representatives).

The Controller may share your personal data in connection with a corporate acquisition or other corporate transaction or when a service is transferred to another service provider. The Controller may share your personal data by order of a court or similar.

Do we transfer your personal data outside the EU territory?

When providing services, the Controller may use resources and servers located in different parts of the world. Therefore, the Controller may transfer your personal data outside the country where the services are used and possibly also to countries outside the EU territory which have different data protection laws.

In such cases, the Controller shall make sure that there is a legal basis for the data transfer and that the user’s personal data is protected using, for example (when necessary), standard agreements approved by the appropriate authorities and by requiring compliance with the appropriate technical and other measures of data protection.

For how long do we process your personal data?

The Controller shall process your personal data in this data file for as long as the Controller has a valid basis for processing the data, as described in Clause 2 of this privacy policy, and for a reasonable time after this.

The processing time of the personal data of different groups of people is determined on the following basis:

Consumer customers
The Controller may process your personal data during your customer relationship and until the end of the third year following the year of termination.
After this, the Controller may transfer your necessary personal data into a marketing register and process you as a potential customer once more.

Representatives of corporate customers
The Controller may process your personal data for as long as you represent the Controller’s corporate customer and until the end of the third year following the year of termination.
After this, the Controller may transfer your necessary personal data into a marketing register and process you as a representative of a potential corporate customer once more.

Consumer members
The Controller may process your personal data during your member relationship and until the end of the third year following the year of termination.
Potential consumer customers and representatives of potential corporate customers
The Controller may process your personal data for the time being until you become a customer or until you demand that your data is removed from the Controller’s marketing register.

Members of stakeholder groups
The Controller may process your personal data for as long as you are a member of a stakeholder group, e.g. you represent the Controller’s partner or the media.
Are you required to give your personal data to us?

In order for the Controller to fulfil its contractual obligations relating to your mutual relationship, the Controller must obtain and process personal data relating to you. Without the necessary personal data, we cannot offer you the products and services for which it is necessary to process personal data.

How can you exercise your rights relating to your personal data?

As a data subject, you have various ways to influence how your personal data is processed. As a rule, we will fulfil your request within one month. We ask you to please contact the contact person stated in Clause 1 of this privacy policy in matters relating to the exercising of your rights. You have the following rights:

Right of access to personal data that has been collected concerning you. In practice, this is done by sending you a report of the personal data that has been collected concerning you in the personal data file, based on your appropriate and identified request.

Right to rectification or erasure of personal data collected concerning you. If you notice any errors or omissions in your data, you may submit a request for rectification to us.

Right to erasure of personal data collected concerning you. We have the obligation to erase personal data from our personal data file upon your request if one of the following grounds applies, and an obligation to retain data does not result from other legislation or an official regulation:

the personal data is no longer necessary in relation to the purposes for which it was processed;

you withdraw consent and there is no other legal ground for the processing;

you object to the processing relating to your particular situation and there are no overriding legitimate grounds for the processing, or you object to the processing of your personal data for direct marketing;

your personal data has been unlawfully processed;

your personal data has to be erased for compliance with a legal obligation in European Union or Finnish law to which the Controller is subject; or

your personal data has been collected in relation to the offer of information society services, such as in connection with an order for the Controller’s digital information services.

Right to restriction of processing personal data collected concerning you. You may request the Controller to restrict the processing of your personal data if:

you contest the accuracy of your personal data that the Controller has;

the processing is unlawful and you request the restriction of its use instead of erasure;

the Controller no longer needs the personal data for the purposes of processing, but you require it for the establishment, exercise or defence of legal claims;

you have objected to processing pending the verification whether the legitimate grounds of the Controller override your grounds.

Right to object to the processing of personal data concerning you. If the Controller processes your data on the basis of a legitimate interest, you shall have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you. All those included in the data files covered by this privacy policy shall have the right to object to the processing of their personal data for direct marketing.

Right to data portability. If the automatic processing of your personal data is based on consent or an agreement, you shall have the right to receive the personal data, which you have provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller.

Right to withdraw consent. If all or part of your personal data is processed in this data file on the basis of consent given by you, you shall have the right to withdraw your consent.

Right to lodge a complaint with a supervisory authority. If any dispute relating to the processing of your personal data cannot be settled in an amicable way between you and the Controller, you shall have the right to bring the case before a data protection authority.

Which country’s legislation shall be applied to the processing of your data?

We are a Finnish entity operating in Finland. This personal data file and the processing of personal data included therein shall be governed by the Finnish law and the EU legislation directly applicable in Finland, such as the EU General Data Protection Regulation.

How may we update this privacy policy?

We are constantly developing our business activities and this may also result in changes related to the processing of personal data. If necessary, we shall update the privacy policy to correspond to changed practices. The changes may also be based on changes to the legislation. We recommend that you regularly browse the contents of the privacy policy.

If we start to process your personal data for a purpose other than the one for which your personal data was collected, we will inform you of this and the updated privacy policy before such further processing. In terms of other changes, we will announce updates to the privacy policy on our website.

Standings

#TEAMGPGFGAP
1 Lukko6241015
2 Ilves7231415
3 Tappara7221914
4 Ässät8242513
5 KalPa518912
6 Kärpät5201312
7 HIFK8222510
8 TPS618179
9 Sport5868
10 JYP614168
11 KooKoo511136
12 Pelicans610196
13 Jukurit613185
14 SaiPa79205
15 HPK713253