Privacy policy / register declaration Regulation (EU) 2016/679 of the European Parliament and Council and Finland’s Data Protection Act 1050/2018 Data ControllerHAM Helsinki Art Museum Foundation sr.Eteläinen Rautatienkatu 8, 00100 HelsinkiP.O. Box 16112Email: ham@hamhelsinki.fiTel: +358 (0)9 310 87001Business ID: 3272340-6 Contact Person for Data File Related MattersHAM’s Service Sales Responsible, Veera KauppiEmail: veera.kauppi@hamhelsinki.fi Name of the Data FileHAMin asiakas- ja sidosryhmärekisteri (HAM’s customer and stakeholder data file) Purpose of the Data FileThe data file is used for communication and marketing of HAM’s own and jointly produced exhibitions, events, and current matters, as well as for maintaining contact with customers and stakeholders, development of operations, and sending invitations to openings and events. The data file stores contact information of the museum’s stakeholders and customers. The data is used to manage customer relations, service relations, or membership. Content of the Data FileThe data file contains the following information: Customer IDFirst nameLast nameEmail addressCompanyJob titleTelephoneMobile phoneStreet addressPostal codeCityCountryActions taken with the contact (information about services ordered by the customer, their delivery, and billing) Regular Sources of InformationVarious organizationsSubscription form for newsletters on the museum’s websiteSubscription forms for newsletters available at museum pointsVisitor surveysPrize draws Regular Disclosures of InformationThe information is not regularly disclosed outside of HAM. Transfer of Information Outside the EU or EEAThe information is not transferred outside the EU or the European Economic Area. Principles of Data File ProtectionThe data stored in the registry is securely protected so that only authorized HAM employees can view and use it. Access to the registry is granted only with personal usernames and passwords. The technical protection of the data file is the responsibility of the service provider. Right of Access and Implementation of the Right of AccessA data subject may request access to their data by submitting a written request to the contact person of the data file. The decision regarding the implementation of the right of access will be made by the person responsible for the data file. The right of access will be carried out as soon as possible. The data file does not contain any information for which the right of access could not be granted. Right to Request Data CorrectionA data subject may request the correction of their data by submitting a written request to the contact person of the data file. The decision regarding the correction of data will be made by the person responsible for the data file. The data correction will be carried out as soon as possible. The data file does not contain any information for which the right to data correction could not be granted. Other Possible RightsThe data subject has the right to prohibit the data controller from processing their data for direct marketing, distance selling, other direct marketing purposes, or for market and opinion research.
