In all processing of personal data Tiketti complies with EU General Data Protection Regulation, the Data Protection Act and other applicable legislation.
The controller is Tiketti Oy (Business ID: 0116189-3) and the user can contact Tiketti at any time using the following contact information:
Address: Urho Kekkosen katu 4-6 E
Phone: +358 10 843 1601
2 What User Personal Data Do We Collect?
Data provided to Tiketti by the user:
• identification data, such as name, age, date of birth
• contact information, such as address, phone number and e-mail address
• registration information of OmaTiketti account, such as user code and encrypted password
• billing and payment information collected during payment
• ticket and ordering information, as well as cancelling information
• customer feedback and other contacts, such as customer calls and e-mails
• interest data provided by the user
• language of contact
• purchase history, areas of interest based on purchase history
• consents, authorisations and prohibitions (also related to third party services)
• data provided for surveys and studies
• customer service calls, e-mails and customer service interaction in different service channels
• other data collected with the user’s consent, such as quiz answers
We collect information about the use of the Services, and about technical characteristics of devices used.
Other data than the data provided by the user:
• IP address (and location country)
• actions and their durations in the Services (such as information on programs watched in the Services, and used sites with their times)
• unique identification numbers used by devices (computer ID)
• information of the device used, type of operating system and software versions
• Information from gate scanning (such as ticket validation time)
• browser type and language settings
• logon information through third party services (Facebook, Google)
We can combine data provided by the user and/or other data than the data provided by the user, and save it in the user segments e.g. according to the areas of interest concluded from the purchase history.
3 Where Do We Get the User Information from?
We collect personal data primarily from the user. Thus, by ordering tickets, merchandise, artwork of services or by registering as a user on OmaTiketti account, the user shares information with us. In addition, data is collected later during customership, when the user contacts us or using our Services.
We can also receive personal data from third parties. Such third parties are:
• social media services that the user uses to log on to the Services (Facebook, Google)
• companies of the same corporate group
• public and private address registers
4 What Purposes Is the Data Used for?
We process personal data for the following purposes:
- to order and deliver tickets, products, artwork and services, and to create OmaTiketti accounts
- to produce, maintain, protect and develop the Services, as well as for personification and recommendations
- personalised customer service concerning the Services and targeted customer communication
- for direct marketing
- for targeting in marketing, based on use of services, areas of interest, viewing history, demography information, and location data
- to create and target market and other studies, analysis, segments and reports
- to ensure the usability and functionality, as well as to prevent and investigate abuses
- for business planning and product development
- to ensure ticket insurance
- ticket scanning
The basis to use personal data is primarily the agreement between Tiketti and the user, which is created when:
• the user orders or buys tickets, merchandise, artwork or services sold by Tiketti
• the user registers to use OmaTiketti account.
Processing personal data in orders and purchases is also based on legal obligations, among others, the Accounting Act.
Personal data is processed in order to take care of customer relations, and for direct marketing purposes, and is based on Tiketti’s legitimate interest.
Processing of personal data for direct marketing purposes can also be based on consent given by the user, meaning that the user can subscribe Tiketti newsletter without buying or ordering anything from Tiketti. In this case, the data is used solely for direct marketing.
5 How Tiketti Stores Personal Data?
We store personal data to provide and ensure the Services, as well as to fulfil the duties of accounting and reporting.
According to the Accounting Act, the storing period is six years after the end of the year. Thus, information about the order placed today will be removed after six years at the end of the year.
For direct marketing purposes, we can store personal data for more than six years, if during the last six months the user has opened at least one newsletter sent by Tiketti.
The user can at any time prohibit the use of personal data for marketing purposes.
6 How is Personal Data Protected?
In Tiketti, the personal data is processed by the employees of Tiketti and the offices. All who process data are bound by professional secrecy.
Personal data is properly protected with technical and organisational measures, including encryption and anonymization of personal data. We also ascertain fault tolerance and data recovery.
Protective measures include, among others, control of user rights, access control, firewalls and password protection.
We will immediately notify directly the authorities and the users concerned about the possible security breaches, in accordance with applicable legislation.
7 Cookies and Tracking Technologies in Tiketti Services
Cookies are text files that the browser saves on the user’s device. We can associate data collected by cookies to identified users and the data we have collected about them related to, among others, user ID, targeting and analysing.
Services may include cookies and similar technologies from third parties. These third parties are measuring and monitoring services, such as Google Analytics, and ad networks, such as Facebook. These third parties can thus download cookies on the user’s device when our Services are being used.
The user can at any time empty or block cookies and all other tracking we are using in the settings of the browser or the device. Removal of cookies changes the user identifier, used by cookies to form a user profile. Removal of cookies will not entirely stop the collecting of data.
If the user does not want cookies to be saved on the device, the user can, before using Tiketti Services or at any time during the use, set the browser to disable cookies. These settings are called incognito or private browsing settings. The removal of cookies and tracking could affect the functionality of the Services.
Third parties, such as advertisers and ad networks, can benefit from cookies and similar tracking technologies to conclude the user’s probable areas of interest and to target advertising and marketing based on these conclusions.
We also benefit from this information in targeting our own advertising and marketing in third parties’ services.
8 With Whom Can We Share Personal Data?
Tiketti has made sure that the data is processed correctly with on data protection agreements.
Personal data is processed, among others
• Credit card companies
• Analysis services
• Campaign Monitor
• Provad, Giosg and Cuuma
Personal data can also be disclosed for justified purposes, such as to our partners for customer communication. We aim to inform about the disclosures beforehand on the sales website of tickets, merchandise, artwork and services.
In disclosures, we always comply with existing legislation.
Personal data can be shared for marketing purposes, such as direct marketing, to target digital marketing, and for surveys and market studies, data updates and other such reports to our partners.
For marketing purposes, we disclose only information of such users, who have given their consent during an order or a purchase.
Personal data can be transferred within the same group.
Personal data concerning the production and offering of the Services may be transferred outside the EU or the EEA area. When we transfer personal data outside the EU of the EEA area, we will make sure all data is protected, among others, by agreeing on confidentiality of personal data and on all matters related to the processing the manner provided by the data protection legislation, and using standard contractual clauses approved by the European Commission.
For sending newsletters, for marketing automation and targeting in marketing, Tiketti uses Australian Campaign Monitor. Campaign Monitor has offices, among others, in Sydney, London and San Francisco. Campaign Monitor is the processor of personal data register controlled by Tiketti.
9 What are the User’s Rights over the Collected Data?
The user has the right to check the collected user information.
The user can contact Tiketti and request to see all the data collected on the user.
The user has the right to ask the user information to be corrected or erased.
The user has the right to ask Tiketti to correct and to complete collected false information. The user has also the right to request Tiketti to erase all the user information.
Tiketti will erase the information upon request within reasonable time unless there is a legitimate obligation to keep the data in store or a legitimate right for the storage, e.g. related to the duties and obligations concerning the Services.
The user has the right to request transfer of personal data
The user has the right to request the stored user information Tiketti’s register to be transferred to another controller.
The user has the right to request limiting of the processing of personal data
The user can request Tiketti not to use the collected user data for certain purposes, such as direct marketing.
The user has the right to refuse direct marketing
The user can at any time cancel the sending of marketing messages either directly using a cancel link in the message or by informing Tiketti about the refusal. Refusing direct marketing will not block Tiketti from sending the user customer communication, such as emails concerning the user’s OmaTiketti account, Services offers or Tiketti business.
If processing of personal data is based on the user’s consent, such as ordering a newsletter without use of Services, direct marketing can be cancelled in the manner mentioned above.
Blocking the targeting of advertisement
The user can request Tiketti not to combine collected user information to create profiles and to use them for direct marketing and advertisement targeting. Profiling prohibition can be requested by contacting Tiketti.
The user can also block automatic advertisement targeting by changing the settings of the browser of mobile device. In applications, you can block advertisement targeting in application settings. In different applications and devices these settings are found in different places. More information from the developers of the applications and the devices.
The user can manage the third parties’ marketing and targeting related to browser use and cookies either as whole or by company on Your Online Choices site.
Disabling location data
The user can disable the use of the location data for targeted marketing in the settings of the applications used.
In situations where personal data suspected to be incorrect cannot be corrected or removed, or if the removal request is unclear, the company will limit the access to data.
11 How to Contact?
The user can report personal data breach to data protection authorities, if the user considers that the personal data has not been processed in accordance with existing legislation.
Contact Information of Data Protection Ombudsman:
Office of Data Protection Ombudsman
P.O Box 800
029 566 6700
Tiketti Data Protection Officer