Privacy notice of the Wild Taiga marketing register.
Idän Taiga ry
c/o Kuhmon Kamarimusiikki
Contact person in matters concerning the register
+358 40 578 8437
2. Grounds and purpose of handling personal data
The register is used for joint marketing purposes of the association “Idän Taiga ry.” (hereinafter – Idän Taiga) and its member companies (the so-called Wild Taiga companies) in marketing their tourist services, products and events, and spreading promotional information on topical matters in the Wild Taiga region.
Processing of personal data is based on:
- consent of the data subject, or
- legitimate interest of the registrar.
Based on a legitimate interest, Idän Taiga may handle, for example, personal data of tourism industry professionals who are in charge of tour operations for different organisations, with this data having been acquired either from public sources or from the registers of Idän Taiga’s member companies, or other partners. Such personal data (mainly e-mail addresses) may be used, for example, to send event invitations or brochures.
In evaluating the legitimate interest we have taken into consideration:
- Collection and processing of information is appropriate from the standpoint of both Idän Taiga and the data subjects.
- The data subjects may reasonably expect to be contacted by a tourist marketing operator.
- Processing this type of personal data can be considered an integral part of Idän Taiga’s operations.
3. Personal data stored in the register
The register may contain the following details about the data subjects:
- E-mail address
- Telephone number
- Company or organisation, represented by the person
- Other information (interests) the person has disclosed about himself/herself
- Information related to newsletter subscription (country, consent, cancellation of the subscription)
4. Regular sources of information
Personal data can be collected in connection with various marketing campaigns (e.g. fairs, sales events), through the wildtaiga.fi website (contact form, newsletter subscription form), or by other means directly from the data subject. Personal data can also be collected from registers of Wild Taiga companies or other cooperating partners of the Idän Taiga association. Additionally, data can be collected from publicly available data sources, such as the Finnish Trade Register, or from the web pages of companies and organisations.
5. Regular disclosures of information
Information can be disclosed to Wild Taiga companies for marketing purposes.
You will find the list of Wild Taiga companies here.
Wild Taiga electronic newsletters and bulletins are distributed by using the services of Koodiviidakko Oy. Hence, the e-mail addresses of the registered persons are stored on the server and administered by Koodiviidakko Oy. Information related to subscriptions of the newsletter is stored on the same server. Koodiviidakko Oy has pledged to comply with the requirements of the General Data Protection Regulation (GDPR).
Data can be transferred for storage in Google’s and Microsoft’s services that comply with the GDPR requirements (cf. Section 8).
6. Data storage time
As a rule, personal data will be stored until a data subject unsubscribes from a mailing list. Each of our newsletters includes a link allowing the recipient to unsubscribe. If someone indicates their desire to no longer receive marketing materials, we store their contact details as well as information about the refusal in order to ensure compliance with their request. Information collected in connection with specific event invitations or the like will not be processed after the event has passed.
7. Handlers of personal data
Personal data is processed by employees of Idän Taiga whose working tasks require handling of this data. At the end of their term of employment, measures are in place to prevent them accessing the registry, such as changing of passwords.
Koodiviidakko Oy, Google and Microsoft are also considered handlers of personal data, as the register data is stored on servers or cloud services administered by them.
8. Transfer of data outside the EU
Personal data can be stored outside the EU on cloud services of Google and Microsoft. Information collected from Google Analytics cookies is also stored outside the EU. Transfer of data can be carried out lawfully in cases where the European Commission has decided that the recipient country ensures an adequate level of data protection (GDPR Article 45).
Google and Microsoft are participants of the Privacy Shield framework set up between the European Union and the USA, and thus they have committed themselves to compliance with requirements of the European General Data Protection Regulation.
You will find further information on the Privacy Shield framework here.
9. Automated decision-making and profiling
Registered data will not be used for automated decision-making and profiling.
10. Protection principles of the register
Computers and mobile devices have been technically protected with measures such as firewalls, passwords and appropriate anti-virus software. Access to the register has been protected with usernames and passwords.
Manually processed materials are stored in locked and supervised premises and destroyed, when there is no further need for them.
Cookies are small text files, sent to the server by the website and saved on the user’s device. Cookies are used in order to improve the user-friendliness and efficiency of the website. Users can edit their browser settings and block cookies according to their preferences, but this may have an impact on the functionality of the site.
Our website uses Google Analytics cookies. With these cookies, we track, among other things, the number of visitors to the site, how visitors are directed to the site, and how long they stay there. Google Analytics gathers and stores information, for example, about the age and location of the visitors and about the devices and browsers they use, and it creates summaries and reports using this data.
With the help of these cookies, we can observe and follow the interests of the site users and further develop our site accordingly. All collected data is anonymous, and thus the operations performed through the Internet cannot be associated with any specific person.
12. Rights of the data subject
You have the following rights, and requests to exercise them should be addressed to info(at)wildtaiga.com.
Right to have access to one’s own personal data: The data subject is entitled to check what information about him/her has been stored in the register, and how it is processed.
Right to make corrections to the registered data: A data subject can make a request to correct faulty or incomplete data about him/her.
Cancellation of consent and direct marketing refusal: When consent is the only grounds for processing the data, the registered person can cancel their given consent at any time. The data subject may, at any time, forbid the use of his/her data for direct marketing purposes.
Right to delete: The data subject may request that personal data be deleted if processing of that data is not necessary. The request will be assessed, after which either the data will be removed or we will give a justified reason why the request cannot be executed.
Right to oppose and the right to restrict processing: A data subject may object to processing based on a legitimate interest on the basis of his/her personal situation. Processing can also be restricted, for example, if the person denies the correctness of the personal data. Processing of controversial data can be restricted until the matter is resolved.
Right to appeal to a supervisory authority: The data subject may file a complaint with the supervisory authority if he or she feels that the information is processed in violation of the EU’s general data protection regulation.
Contact information of the supervisory authority is found here.
13. Changes to this Privacy Notice
This Privacy Notice may be updated due to changes in legislation. Hence, we recommend reviewing its content regularly. The Privacy Notice was last updated on 16 May 2018.