Skip to main content

Privacy policy – events organised by Yle

We have updated our privacy policy on 24 August 2020.

1. Data controller

Yleisradio Oy
Uutiskatu 5, 00024, Yle, tel. +358 9 14 801

2. Contact details in matters related to the register
tietosuoja@yle.fi

3. Name of the register
Yle’s event register

4. The purpose of processing personal data
Personal data is processed when organising Yle’s events. Personal data is used to provide information about events and to ensure the functionality of events, as well as the safety and security of participants. We might ask feedback related to the events with separate surveys to develop our events further.

5. Legal grounds for processing personal data
The Processing of personal data is essential for organising events. Legal basis for processing of personal data is legitimate interest in ensuring the security of the event and visitors as well as to protecting Yle´s premises and property.

6. Recipients and processors of personal data
Personal data is processed by Yle’s employees who are responsible for planning and implementing events.

7. The data content of the register
Participants in events must provide Yle with at least their name and email address when registering. Depending on the event, we may also request other personal data or contact details. We will also request information on any special diets in connection with some events. Providing this information is voluntary.

We will also process personal data of minors when the events in question target children and young people. Processing personal data of minors is necessary in order to ensure safety. Only the minimum data (the person's name) will be collected on minors.

8. Regular sources of information
Data is obtained from data subjects.

9. Data retention period
Data is removed immediately after each event when grounds for retaining data no longer exist, and no later than one year after the event.

10. Regular disclosure of data
No data is regularly disclosed outside Yle. If the event is organised by an external production company, the data may be disclosed to the production company for the organisation of the event. With regard to certain events, the production company may disclose data concerning event attendees to Yle. In such cases, the person registering for the event will be informed of the disclosure when the data is being collected.

11. Transfer of data to countries outside the EU and the EEA
No registered data is transferred to countries outside the EU and the EEA:

12. Data protection principles
As the data controller, Yle is responsible for ensuring that data saved in the event register is used in compliance with good information security principles and guidelines. Yle is responsible for the technical protection of event-related data, including information security updates and backup copies. Data about data subjects can only be processed by those Yle employees who take part in organising events. The use of the register is restricted by means of user-specific usernames and passwords.

13. The rights of data subjects and exercising them
The data subject may exercise their rights through the data protection site. When sending a request, the sender will undergo a strong identification process by using their online banking codes or a mobile certificate.

A more detailed description of the rights of the data subject is provided below.

Right to access personal data: Data subjects have the right to obtain information from the controller about whether or not their personal data is being processed. If data is processed, data subjects have the right to access their own personal data.
Right to request personal data to be rectified: Data subjects have the right to request that any inaccurate or incomplete personal data concerning them be rectified.
Right to request personal data to be erased: Data subjects have the right to request that their personal data be erased when grounds for retaining the data no longer exist.
Right to request the processing of personal data to be restricted: Data subjects have the right to request that the controller restricts the processing of their personal data, where grounds for such a request exist.
Right to object to the processing of personal data: Data subjects have the right to object to the processing of their personal data, where grounds for such a request exist.
Right to data portability: Data subjects have the right to portability of their personal data in a machine-readable format.
Right to withdraw consent to the processing of personal data: If the processing of personal data is based on consent, data subjects have the right to withdraw their consent at any time.
Right to file a complaint with the supervisory authority: Data subjects have the right to file a complaint about any breaches of data protection with the controller, the processor or the supervisory authority.

14. Automated profiling and decision-making
The processing of data includes no automated decision-making.