Jääkiekon SM-liiga Oy [hereafter "Controller"]
Address: Konepajankuja 1, FI-00510 HELSINKI
Phone:+358 9 7206 000
Contact person for data protection issues: Antti-Jussi Aro
Personal data shall mean any information relating to an identified or identifiable natural person (hereafter “data subject"). An identifiable person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or to one of more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
A customer shall mean, in terms of data subjects, the consumers and the contact persons of the companies and other entities (hereafter “company") with whom the Controller is in a customer relationship.
Potential customers shall mean, in terms of data subjects, consumers and contact persons of companies with whom the Controller strives to establish a customer relationship.
Members shall mean consumers who are members of the Controller's business activities, such as members in a fan club managed by the Controller or players in non-professional teams.
Stakeholders shall mean consumers and contact persons of companies with whom the Controller has a cooperative relationship (such as the representatives of companies producing services for the Controller) or other connection (such as media representatives as parties in communication activities and social decision-makers in social relationship activities).
The Controller shall process the personal data of data subjects for the following purposes (one or more simultaneously):
• Management, analysis and development of the customer, member and stakeholder relationship
The Controller may use your personal data to manage, analyse and develop a customer, member or stakeholder relationship established directly with you or with a company that you represent.
• Providing products and services
The Controller may use your personal data to provide products and services if you or the company that you represent has e.g. purchased a product or service from us, used our digital services, subscribed to our newsletter or taken part in our training or other events. Personal data is used to exercise the rights and fulfil the responsibilities based on an agreement or other commitment between the Controller and the customer.
• Customer and member communication
The Controller may use your personal data in its customer and member communication, e.g. to send you notices related to products and services, to notify you of changes made to services and to request for feedback on products and services.
The Controller may contact you to inform you of new products, services or benefits. The Controller may use personal data to customise its supply and to offer relevant content. This means e.g. that we may provide recommendations or show customised content and customised advertisements in our own or third-party services.
• Product and service development
The Controller may use your personal data to develop its products and services.
The legal basis for processing personal data is provided by the following subparagraphs of Article 6 of the EU Data Protection Regulation:
a. you have given consent to the processing of your personal data for one or more specific purposes;
b. processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;
c. processing is necessary for compliance with a legal obligation to which the Controller is subject; and
f. processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except for where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
The Controller processes your data for the performance of a contract with you or with a company that you represent (e.g. organising a game related to a purchased ticket, executing a player contract related to non-professional playing, realising an e-commerce purchase, providing a digital service or engaging in sponsorship cooperation).
The Controller has legitimate interests related to the practising of business, such as the right to promote the sales of its products and services through marketing and sales, and the Controller may, on the basis of the legitimate interest, practice direct marketing and sales using your contact information, including the processing of personal data for profiling. Other legitimate interests of the Controller on the basis of which your personal data may be processed include advice and other customer service for non-customers, further business development and the investigation of possible misconduct.
If the processing of data is not based on a contractual need or a legitimate interest, the Controller may request your consent for other type of processing of personal data.
The Controller may also process your personal data when required to do so by law, such as on the basis of the requirement to retain data under the Accounting Act.
The personal data collected by the Controller may contain e.g. the following types of data and the changes made therein:
3.1. Basic information on all data subjects
3.2. Additional information in terms of under-age data subjects
3.3. Additional information on company representatives
3.4. Information of data subjects who have purchased the Controller's products or services, provided feedback and/or submitted complaints on them
3.5 Information of data subjects who have taken part in the Controller's events
3.6. Information of customers using the Controller's online services
The majority of the information is received from you or, in terms of a minor, from a guardian at the start and during a customer, member and stakeholder relationship, as well as from the software with which you use our products and services.
The Controller also receives personal data and their updates from the authorities, organisations and companies that provide credit and personal data acquisition and updating services, as well as public directories and other public sources of data, such as company websites and social media channels. The Controller receives personal data relating to company representatives also from their colleagues, i.e. the main contact person of a company or other entity may provide personal data to the Controller also in terms of other individuals related to the use of the Controller's products and services.
Profiling, as referred to in the EU Data Protection Regulation, means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
We do not carry out profiling as described above for the time being. Instead, we may otherwise analyse and utilise the personal data in our data files as well as combine them with data received from third parties.
The Controller shall not give, sell or otherwise disclose your personal data with external third parties, unless otherwise indicated below.
The Controller may share your personal data with third parties who carry out services for the Controller. Such services may include e.g. customer service, software services, research activities, marketing and event production. The Controller may share your personal data in order to collect payments for products and services and it may e.g. transfer or sell unpaid invoices to third parties who provide debt collection services.
The Controller shall share your personal data with partners with whom the Controller coordinates and carries out projects together.
The Controller may share the personal data of the participants in the Controller's events at its discretion with other participants at the event in question, if it is appropriate due to the nature of the event (such as a game event organised for company representatives).
The Controller may share your personal data in connection with a corporate acquisition or other corporate transaction or when a service is transferred to another service provider. The Controller may share your personal data by order of a court or similar.
When providing services, the Controller may use resources and servers located in different parts of the world. Therefore, the Controller may transfer your personal data outside the country where the services are used and possibly also to countries outside the EU territory which have different data protection laws.
In such cases, the Controller shall make sure that there is a legal basis for the data transfer and that the user's personal data are protected using e.g. (when necessary) standard agreements approved by the appropriate authorities and by requiring compliance with the appropriate technical and other measures of data protection.
The processing time of the personal data of different groups of people is determined on the following basis:
The Controller may process your personal data during your customer relationship and until the end of the third year following the year of termination.
After this, the Controller may transfer your necessary personal data into a marketing register and process you as a potential customer once more.
The Controller may process your personal data for as long as you represent the Controller's corporate customer and until the end of the third year following the year of termination.
After this, the Controller may transfer your necessary personal data into a marketing register and process you as a representative of a potential corporate customer once more.
The Controller may process your personal data during your member relationship and until the end of the third year following the year of termination.
The Controller may process your personal data for the time being until you become a customer or until you demand that your data is removed from the Controller's marketing register.
The Controller may process your personal data for as long as you are a member of a stakeholder group, e.g. you represent the Controller's partner or the media.
In order for the Controller to fulfil its contractual obligations relating to your mutual relationship, the Controller must obtain and process personal data relating to you. Without the necessary personal data, we cannot offer you the products and services for which it is necessary to process personal data.
a) Right of access to personal data that has been collected concerning you. In practice, this is done by sending you a report of the personal data that has been collected concerning you in the personal data file, based on your appropriate and identified request.
b) Right to rectification or erasure of personal data collected concerning you. If you notice any errors or omissions in your data, you may submit a request for rectification to us.
c) Right to erasure of personal data collected concerning you.We have the obligation to erase personal data from our personal data file upon your request if one of the following grounds applies, and an obligation to retain data does not result from other legislation or an official regulation:
d) Right to restriction of processing personal data collected concerning you. You may request the Controller to restrict the processing of your personal data if:
f) Right to data portability. If the automatic processing of your personal data is based on consent or an agreement, you shall have the right to receive the personal data, which you have provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
g) Right to withdraw consent. If all or part of your personal data is processed in this data file on the basis of consent given by you, you shall have the right to withdraw your consent.
h) Right to lodge a complaint with a supervisory authority. If any dispute relating to the processing of your personal data cannot be settled in an amicable way between you and the Controller, you shall have the right to bring the case before a data protection authority.
We are a Finnish entity operating in Finland. This personal data file and the processing of personal data included therein shall be governed by the Finnish law and the EU legislation directly applicable in Finland, such as the EU Data Protection Regulation.