Reissu Privacy Policy

23.1.2024

SEMEL REISSU MOBILE APPLICATION CUSTOMER DATABASE

1. DESCRIPTION OF FILE
Description of file as referred to EU GDPR and local data protection law (EU 2016/679)

2. CONTROLLER
Semel Oy
Business ID 0113821-2
Valimotie 21, 00380 Helsinki
Tel. +358 20 7429 400

3. NAME OF PERSONAL DATA FILE
Customer database of Semel Reissu mobile application

4. PURPOSE OF PROCESSING PERSONAL DATA
Processing of personal data related to Semel Internet services by the consent of the data subject or based on customer relationship.

5. PURPOSE OF USE OF THE PERSONAL DATA FILE
The personal data of the Reissu service are processed to maintain, manage, develop, analyse, and compile statistics of the customer relationships related to the service, and to provide, offer, and develop the service, and to carry out marketing campaigns, market surveys and marketing competitions for Semel and its partners.

6. DATA CONTAINED IN THE PERSONAL DATA FILE
The personal data file contains information within the scope of the following categories:
-    Basic information on the data subject, such as name, address, e-mail address and language
-    Information concerning the customer relationship, registration and contractual relationship
-    Purchase history on mobile tickets
-    User IDs and other identification information
-    Authorization information and prohibitions, such as direct marketing consents and prohibitions
-    Customer feedback information and possible recordings

7. REGULAR SOURCES OF PERSONAL DATA
Personal data is collected in connection with registration, when a service is used by permission, or otherwise directly from the data subject. Personal details can additionally be gathered and updated from the Population Register, the prohibition registers maintained by the Finnish Direct Marketing Association, and similar registers.

8. DISCLOSURE OF INFORMATION
Semel may disclose customer details within the limits allowed and required by the legislation in force.

Due to the technical way the processing of the data is implemented, some of the information may be located in cloud service systems of subcontractors to Semel. The data is only accessible by Semel, in aid of a technical interface. Semel may also use subcontractors for the processing of data.

The data will not be transferred outside the European Union or the European Economic Area, unless the implementation of the service so requires. Even in such a case, Semel will guarantee an adequate level of information security, as required by legislation.

Semel has the right to publish the e-mail address details of the data subjects by their consent either in a written or electronic catalogue. The information can also be used in a national or international directory service.

9. PROTECTION OF DATA FILE
As a rule, right of access to the data file requires a user ID granted by the administrator of the customer database. The administrator in such a case also defines the level of access rights granted to the users. A personal password is required for logging on to the application. The use of the data files as well as the logins are controlled.

The data is collected to the shared databases of the service. These databases are protected by firewalls, passwords, and other technical means. The databases are located on locked and guarded premises. Only predefined persons have access to the information. 

Everyone on Semel premises is required to have an ID card visible and entry is forbidden without an appropriate access control card.

10. RIGHT OF INSPECTION
In accordance with EU GDPR, the users have the right to check what information has been stored on them in the personal data file. You also have the right to request that inaccurate or incomplete personal data be corrected. The customer can check this free of charge once a year. The request for checking the data must be submitted in a personally signed document or a similarly certified document. You may also request that your personal data be erased.

The request must be sent in writing and signed to the address:

Semel Oy
GDPR
P.O. Box 1000
FIN-00380 Helsinki

The inspection request can also be presented at the address Valimotie 21, Helsinki.

11. OTHER RIGHTS CONSERNING HANDLING OF PERSONAL INFORMATION
Subject has right to deny action of direct marketing or other contacts when his data profile has been requested to be removed.