Privacy policy
Privacy policy
1. CONTROLLER
Lippupiste Oy
Business ID: 17892324
Address: Kansikatu 5, 33100 TAMPERE
Email: tietosuoja @ lippu.fi
The Controller’s lippu.light online shop will hereinafter be referred to as the lippu.light online shop. The Controller and the event organisers will use it for their ticket sales. In this lippu.light online shop there is an additional Controller which is:
Satasirkus ry
Address: Rautatienpuistokatu 2, 28130 Pori
In addition to Lippupiste Oy, the event organisers will act as independent controllers to the extent that they determine the purposes of use and means of the personal data by setting up an event in the lippu.light online shop and processing data to organise the event and analyse the use of the online shop. The data protection practices of the event organiser are available on the event organisers’ website or otherwise through the event organisers. This privacy policy applies to Lippupiste Oy’s processing of personal data.
2. HOW DO WE PROCESS YOUR PERSONAL DATA?
We process data related to the following data categories as well as related changes:
Information related to ticket purchases and the customer relationship
• First name and last name
• Contact information (postal address, email address, telephone number) (optional)
• Country of residence
• Employer of the data subject, when the data subject is representing a community (optional)
• Payment methods
Automatically collected information on the use of the website
When you navigate to the lippu.light online shop or use the mobile application, we process the following information via cookies and other similar technologies:
• Information regarding your terminal device and online behaviour (e.g. IP address, browser type and browsing history)
• Browsing time and session duration
• What links or adds you click and what other adds or contents you have viewed
• Information derived and profiled based on analytics and tracking methods
3. IS IT MANDATORY TO PROVIDE INFORMATION?
We need the personal data we collect on you and information related to ticket purchases, their potential delivery and the customer relationship for the implementation of the online shop’s user agreement. Additionally, personal data processing related to complaints, for example, is based on our legal obligations.
The refusal to provide certain personal data may lead to us being unable to make a ticket sales agreement with you, i.e. sell you event tickets.
4. WHERE DO WE COLLECT YOUR PERSONAL DATA FROM?
We collect personal data primarily from you when you provide personal details upon using the lippu.light online shop.
We also collect personal data via your terminal devices by means of cookies or other similar technologies.
5. WHAT ARE THE PURPOSES OF COLLECTING AND PROCESSING YOUR PERSONAL DATA?
We process your personal data to maintain, manage and develop the customer relationship. The personal data are needed for the implementation of services, such as ticket deliveries, invoicing and customer communications.
We also process personal data for the performance of customer communications regarding changes or cancellations in relation to events, for example.
We also process personal data in order to analyse and develop our services and other business operations, as well as for statistical purposes.
6. WHAT ARE THE LEGAL GROUNDS FOR THE PROCESSING?
6.1. Legal obligation
We process your personal data in order to observe our legal obligations when transferring your data to the authorities upon request and also when processing your information in order to comply with accounting obligations.
6.2. Legitimate interest
Our right to process your personal data is based on the legitimate interest generated by the customer relationship. We process your data to e.g. provide services, practise marketing and sell tickets to the extent that the processing is necessary.
According to our assessment pursuant to the applicable data protection legislation and official guidelines, your interests, basic rights and freedoms do not override our right to process your personal data based on our legitimate interest. If you so desire, you may exercise your rights, as described in sections 9 and 10 of this policy, if you wish to object to or limit our processing of personal data.
6.3. Agreement
Furthermore, we process your personal data for the performance of the agreement between you and the Controller and for the implementation of the pre-contractual measures on your request. An agreement is formed between you and Lippupiste when you accept the terms of the user agreement for the lippu.light online shop and purchase tickets via the shop.
6.4. Consent
We process personal data collected through cookies and other tracking methods based on your consent for setting cookies.
You have the right to withdraw your consent to the processing of personal data at any time by erasing the cookies with your browser’s tools and/or by resetting your settings with the site’s cookie tools to withdraw your consent.
7. TO WHAT OTHER PARTIES DO WE TRANSFER OR DISCLOSE PERSONAL DATA?
We disclose personal data within the limits permitted and required by the legislation in force at the time.
The event organiser can access your personal data saved in the lippu.light system if you have purchased a ticket to an event by the event organiser in question. The event organiser has the right to process personal data for organising the event.
If necessary, we disclose personal data to parties that are entitled to receive them, such as the competent authorities.
Our IT service providers store and process personal data in accordance with our instructions for no other purposes than those defined by us and only on our behalf.
We mainly process your personal data within the EU and EEA. Our service providers, such as Google Inc., may transfer your personal data outside the EU and EEA. The requirements set forth in the relevant data protection legislation shall be applied to the data transfers, such as the model clauses approved by the EU Commission.
8. HOW LONG DO WE KEEP YOUR INFORMATION?
Based on our legal obligation, we store customer and ticket sales data at minimum for six years after the end of the calendar year during which the financial year ended (section 10 in chapter 2 of the Accounting Act (1336/1997)).
9. RIGHTS OF THE DATA SUBJECT: How can you affect the processing of your personal data?
The data protection legislation grants you a number of rights, which are described below. These rights enforce your privacy and provide you with the opportunity to control the processing of your own personal data.
Without undue delay and no later than in two months of you contacting us, we will inform you of the measures we have taken to fulfil your request to exercise your rights.
If you submit several requests or your request is particularly complex, we may extend the response time by no more than two months, as necessary. We will inform you separately of any such delay.
You can submit a request pertaining to your rights, as described in the Section ”Right to access data”, by post, email or telephone.
Contact information for exercising a data subject’s rights: contact the Controller, section 1.
Please note that we may ask you to provide more specific information in order to verify your identity.
10. RIGHT TO ACCESS DATA
You have the right to receive confirmation from us on whether or not we are processing your personal data. In addition to this, you have the right to access personal data on yourself and the right to receive the information on the processing of personal data, as specified in the GDPR.
When you exercise your right to access the data, we will provide you with a copy of the personal data we are processing. If you present the request electronically, we will deliver the information in a commonly-used electronic format, unless you specifically request another method of delivery, which we can reasonably arrange.
We may charge a reasonable fee, based on administrative costs, if you request multiple copies or submit repeated requests.
We cannot provide you with information that could reveal trade secrets or infringe upon the rights or freedoms of another person. For example, we cannot disclose the personal data of other persons regardless of your request.
10.1. Right to rectification
You have the right to request us to correct any inaccurate and erroneous information on you without undue delay. In addition to this, you are entitled to have incomplete personal data supplemented by providing us with a supplementary statement.
10.2. Right to erasure
You have the right to request us to erase personal data concerning you without undue delay if:
• your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (for example your personal data are no longer needed for customer management, accounting related to ticket sales or other similar purposes);
• you object to the processing on special grounds related to your personal situation, and there are no overriding legitimate grounds for the processing;
• you object to the processing of your personal data for direct marketing purposes and there are no other legal grounds for the processing;
• we have processed your personal data unlawfully; or
• your personal data must be erased for compliance with a legal obligation applicable to us.
However, you do not have the right to your personal data being erased if, and to the extent which, their processing is based on our legal obligation or is necessary in order to compile, present or defend a legal claim.
10.3. Right to restriction of processing
You have the right to have us restrict the processing of your personal data in such a way that, in addition to storing the data, we may only process them with your express consent or the establishment, exercise or defence of a legal claim or the protection of the rights of another person if:
• you contest the accuracy of the personal data, in which case processing is restricted for a period enabling us to verify the accuracy of the data;
• the processing of your personal data is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead;
• we no longer need your personal data for the processing purposes described in Section 6 of this policy, but they are required by the data subject for the establishment, exercise or defence of legal claims;
or
• you have objected to processing on special grounds based on your personal situation, pending the verification of whether the legitimate grounds of the controller override those of your objection.
10.4. Right to data portability
Insofar as you have submitted your personal data to us via a form available in our online service, for example, you have the right to receive the data in a structured, commonly-used and machine-readable format and to transmit those data to another controller to the extent that we have processed your personal data automatically and based on your consent (as regards electronic direct marketing, for example) or the processing of your personal data is necessary for the implementation of an agreement, such as the online shop user agreement.
The right to data portability is limited to procedures that do not adversely affect the rights or freedoms of other persons. You do not have the right to transfer data from one system to another if the personal data are being processed based on our legitimate interest.
10.5. Right to object to the processing of personal data
You have the right to object to the processing on special grounds related to your situation if there are no legitimate grounds for the processing.
10.6. Right to lodge a complaint with a supervisory authority
You have the right to submit a complaint to a supervisory authority (in Finland, the Data Security Ombudsman) if you find that your rights established in the applicable data protection legislation and specifically the GDPR have been infringed upon.
11. HOW DO WE ENSURE THE SAFETY OF YOUR PERSONAL DATA?
The proper protection of personal data is extremely important to us. We collect the information into databases secured with firewalls, passwords and other technical means. The databases and their backups are located in locked and guarded facilities, and the information can only be accessed by certain people designated in advance.
Access to the personal data requires a user ID granted by the main user of the customer database. The main user also defines the access level granted to a user. Furthermore, we have ensured by contractual means that any partners processing personal data on our behalf are also committed to the protection of personal data with regard to the actions of their own employees.
12. COOKIE POLICY
The lippu.light online shop utilises cookies and similar technologies such as the browser’s local storage. Cookies are text files that are stored in the memory of the browser you use when you access our online or mobile services. Cookies can be set by Lippupiste, event organisers and third parties.
Cookies help us identify the browser you are using and certain browser-related data regarding the use of the website.
Cookies enable more accurate analytics of our online shop, which helps us develop our website and improve the quality of our service. The cookies allow the contents of your shopping to remain in place even if you close the browser.
12.1. What data are collected?
As an example, cookies can be used to collect information on the page from which you have accessed the lippu.light site, which of our pages you have browsed and when, what browser you use, your screen resolution and operating system, and the IP address of your computer – i.e. which internet address is sending and receiving your data.
12.2. For what purposes are the cookies used?
12.2.1. Necessary cookies
These cookies enable the functions that are essential for the intended functioning of the website. In most cases, they offer you the functions you request, such as logging in, changing your privacy settings or filling in forms. The user’s consent is not required for the use of absolutely necessary cookies and they cannot be disabled in the settings of this website.
12.2.2. Statistical and functional cookies
These cookies provide us with additional opportunities to improve the quality of your visit to our website. We analyse how you use the site and create reports on the site’s traffic. Analytics allow us to determine where we have room for improvement. For this end, we co-operate with third parties, such as Google Analytics. The event organiser can analyse the use of the online shop with the Google Analytics service in its use.
The information on the use of the website generated by Google’s cookies is generally transferred to a Google server in the USA and stored there. However, the anonymisation of the IP address has been enabled for the lippu.light online shop. This means that Google abbreviates the IP addresses of persons living in the EU Member States or other EEA countries before their delivery to the United States.
You can read about Google’s data protection policy at https://policies.google.com/privacy/partners?hl=fi.
12.3. How can I manage the cookies?
When you visit our service for the first time, we will ask for your consent to the use of cookies for separate purposes. The consent only applies to cookies that are not necessary to the use of lippu.light services. The consent is browser-specific ande.g. if you use another browser to log in to the same account, the consent is not stored and you have to provide it again.
We use a separate tool called Consent manager, which is designed for the management of cookie consent and allows users to fully manage their own cookies. This tool also allows users to review how long the cookies will remain valid.
Privacy policy updated on 4 th May 2023.