1. Data Controller
Pedconsos Oy
Suosillantie 1
12350 Hausjärvi
Y-tunnus 1455585-9
2. Register Name
Pedconsos Oy Customer Register of the Ticket Sales System
3. Purpose of Processing Personal Data
The register is used for managing Pedconsos Oy's services, such as customer identification and recognition in service transactions and payment traffic.
The customer register is also used for fulfilling legal and regulatory obligations, including storage, reporting, and query obligations.
Henkilötietoja käytetään myös henkilötietolain sallimissa ja velvoittamissa rajoissa asiakassuhteen hoitamiseen, hallintaan ja kehittämiseen, analysointiin, tilastointiin sekä tietopalveluiden tuottamiseen, tarjoamiseen ja kehittämiseen.
4. Data Content of the Register
The register contains the following information about customers:
5. Regular Data Sources of the Register
Data is collected in the register from the user at the inception of the customer relationship and during the duration of the customer relationship. Personal data is collected from:
6. Regular Disclosures of Data and Transfer of Data Outside the EU or the European Economic Area
The transfer of personal data outside the EU is based on a data transfer agreement according to the standard contractual clauses approved by the Commission, as specified in Section 23(1)(8) of the Personal Data Act.
7. Data Transfers
Pedconsos Oy may transfer data within the limits regulated by legislation.
Pedconsos Oy's staff and external individuals acting on its behalf are obliged to maintain confidentiality regarding all customer information.
8. Register Protection
The use of the personal data register is instructed within the data controller's organization, and access to both manually and electronically stored information in the personal data register is limited to those employees of the data subject who, by virtue of their duties, have the right to access such information. The data controller has implemented access control in its premises.
The IT system is protected by security software for the operating system. Access to the system requires entering the designated usernames and correct passwords for each user of the register.
By commissioning agreements, entities processing personal data on behalf of the data controller are obliged to protect personal data in a corresponding manner.
9. Right of Objection for the Data Subject
The data subject has the right to object to the data controller processing personal data for direct marketing, distance selling, and other direct marketing purposes, as well as for market and opinion research. The objection must be made in writing to the data controller.
10. Right of Inspection for the Data Subject, Correction of Data, and Storage Period of Data
The data subject has the right to inspect the personal data recorded in the register concerning them.
When the customer relationship ends, the customer's information will be deleted from the register immediately when its processing is no longer necessary, but no later than the expiration of the period required by law.
The data controller corrects, deletes, or supplements the personal data in the register that is erroneous, unnecessary, incomplete, or outdated from the perspective of the purpose of processing, either on their own initiative or at the request of the data subject. To exercise the right of objection and inspection, as well as to correct information, the data subject must contact the person responsible for registry matters.