Data Protection Statement for the Event Management at the University of the Arts Helsinki

Articles 13 and 14 of the EU General Data Protection Regulation. Informing a data subject. Drawn up on May 21, 2018

1. Controller

University of the Arts Helsinki

Telephone: +358 294 47 2000 (exchange)

Postal address: P.O. Box 1, FI-00097 UNIARTS

2. Entity and person in charge of processing personal data

Production Secretary Miisa Järvi
E-mail address: firstname.lastname@uniarts.fi, telephone: +358 40 710 4334

3. Contact persons for handling personal data

Head of AV Department Marko Myöhänen
E-mail address: firstname.lastname@uniarts.fi, telephone: +358 40 710 4349

4. Data protection officer

Specialist Antti Orava works as Data Protection Officer at the University of the Arts Helsinki.

E-mail address: privacy@uniarts.fi

Telephone: +358 294 47 3568

Postal address: P.O. Box 1, FI-00097 UNIARTS

5. Name of register

Production management

According to the Universities Act, the mission of the University of the Arts Helsinki is i.e. social interaction and artistic activities. As part of this social interaction and these artistic activities, various events are organized at the University. Managing event production requires processing the personal data of personnel taking part in the productions so that the producers and other personnel needed can be booked for each event to be produced. Additionally, data on the performers in each event are processed that are required i.e. for planning the event’s programme, for marketing the productions, for agreements to be concluded with the performers, and for paying their fees.

The processing of personal data is based on the execution of agreements made and, additionally, on the legitimate interest of the University as regards people performing and working in the events.

When processing personal data, we do not make use of automated decision-making and profiling as referred to in the Data Protection Regulation.

7. What data do we process?

In conjunction with events, we process the following personal data of event performers, equipment bookers, and other data subjects (freelancers and own personnel):

  • basic data: name* and instrument*
  • contact information: e-mail address* and telephone number*
  • a photograph of the performer*
  • information about the enterprise’s contact persons: name and contact information
  • a sound and/or video recording of the event (does not apply on all events)

Providing the personal data marked with an asterisk is a prerequisite for producing events.

The performance and commission agreement also provides for payment of eventual fees. The processing of personal data in fee payment has been described separately in the data protection statement for persons not involved in a study or employment relationship with the University.

8. Where do we get information?

We obtain the personal data to process from the data subject in person.

9. To whom do we disclose and transfer data, and do we transfer data outside the EU or the EEA?

In processing, we use a third-party IT service provider with which we have concluded the agreements for processing personal data as required by the Data Protection Regulation. We do not disclose personal data outside the EU/EEA area.

Only event producers, the orchestra office, and the communications department of the University (season brochure) are entitled to use the production management system containing personal data.

10. How do we protect data and how long will we keep them?

Each user of the production management system logs into the system with University IDs. The data are collected into databases protected with firewalls, passwords, and other technical means. The databases and their backup copies are situated in locked spaces and can only be accessed by pre-named persons.

We keep event production data for a period of three years and older data are erased. We regularly evaluate the need to preserve data in keeping with the applicable legislation. In addition, we will take such reasonable steps as are necessary to ensure that no personal information about data subjects that is incompatible with the purposes of data processing, outdated, or erroneous is kept in the register. We will rectify or erase such information without delay.

11. What are your rights as a data subject?

Data subjects are entitled to check the data concerning them and stored in the personal data register and require erroneous, outdated, unnecessary, or unlawful data to be rectified or erased. In case a data subject has personal access to their data, they can modify their data himself or herself. In case processing is based on a consent, a data subject also has the right to withdraw his or her consent or to alter it.

As of May 25, 2018, data subjects have, according to the Data Protection Regulation, the right to object to processing or to request restriction of processing of data as well as to lodge a complaint with a supervisory authority on processing personal data.

For specific reasons of personal nature, data subjects also have the right to object to processing activities concerning them when processing data is based on our legitimate interest. In conjunction with the request, the data subject shall specify the particular situation on the basis of which he or she objects to processing. We may refuse to execute an objection-related request only on the basis of grounds stated in law. 

Should the data subject not be satisfied with the way the University has processed his or her personal data, he or she may demand the national data protection authority (in Finland, the Data Protection Ombudsman whose contact information is available in the web address http://www.tietosuoja.fi/en/) to look into the matter.

12. With whom can you get in touch?

All questions on the processing of personal data as described in this data protection statement are to be asked by getting in touch with the contact person named in Point three who will, in case of need, forward the matter to the data protection officer. In case you feel that your rights as mentioned in Point 11 are not respected, you may get directly in touch with the University Data Protection Officer named in Point four.