Gösta Serlachius Fine Arts Foundation
Business ID 0151144-3
Purpose of personal data processing
The customer register personal data file system is used in accordance with data protection legislation and other legislation applicable at the time in question. In addition to data processing legislation, the processing of personal data is based on applicable legislation, in which case the legal basis for the processing is a statutory obligation of the controller.
Data content of the personal data file system
Only personal data essential for the Foundation’s activities are saved in the personal data file system, such as customers’ names, telephone numbers, home addresses, email addresses, purchase and payment transactions, possible invoicing addresses and marketing consents, and possibly data concerning matters and events in which the customer has participated or expressed an interest.
Normal sources of information
The data saved in the personal data file system are obtained from customers themselves or via groups representing them, orally, by telephone and by email as well as by means of forms used in competitions and surveys, in connection with which the individuals concerned have given their marketing communication consent.
Disclosure of the data
The data are not disclosed or transferred outside the EU countries. The personal data file system may be disclosed to external parties for the marketing purposes of the museums maintained by the Foundation, for example via the Posti postal service or corresponding service provider.
Protection of the personal data file system
Requirements and practices for the appropriate protection of the data as well as confidentiality obligations have been specified with service providers and the technical partners that maintain the personal data file system.
Further information can be found in the document IT practices of the Gösta Serlachius Fine Arts Foundation.
Rights of data subjects
Customers have the right to inspect what data concerning to them have been saved in the register.
Inspection requests should be made personally to the address:
Customers have the right to request the rectification of incorrect, inaccurate or incomplete data. In addition, individuals have the right to request that data concerning them are erased (the right to be forgotten).Individuals have the right to request that processing of their data be restricted until their data has been appropriately rectified or supplemented.
Customers have the right to withdraw their consent at any time, insofar as the processing of personal data is based on the customer’s own consent. The withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal.
Right to appeal
The data subjects have the right to appeal, in particular, to the supervisory authority according to their habitual residence or place of work, if they consider that the General Data Protection Regulation (EU) 2016/679 has been infringed. In addition, the data subjects have the right to use administrative or other judicial remedies.