We at Assembly understand how important privacy is to our customers. We are committed to respecting and protecting our customers’ privacy. As our customer or user, you trust us with confidential data, and we have an obligation to act every day in accordance with the trust you place in us.

In this Privacy Notice, we disclose:

  • how we collect your personal data
  • what personal data we process on you
  • for what purposes we process your personal data
  • how we protect and safeguard your personal data
  • to whom we disclose your personal data
  • how long we store your personal data
  • what rights and options you have regarding the processing of your personal data.

When processing your personal data, we comply with the EU and Finnish legislation applicable to Assembly and with authority regulations and instructions.

The Privacy Notice applies to the processing of personal data of natural persons, regardless of whether you are a consumer or business customer. In addition, Assembly may have service-specific privacy policies, which describe the processing of personal data in the service in question.

The Privacy Notice does not apply to services or websites provided by other companies, even if they were accessed through Assembly’s services.

Definitions

The below terms are used in the Privacy Notice as follows:

Anonymized data refers to data that can no longer be associated with you as a person, as all identifiable elements have been removed.

Customer is a subscriber, buyer, or user of our Services.

Personal data refers to data that can be associated with you either directly or indirectly. The types of personal data we process are described below in the Privacy Notice. Services refers to all offerings and services provided by Assembly.

How do we collect your personal data?

Assembly provides range of services for computer festival events and esports. What personal data we collect depends on the Services you use, subscribe to or buy, and on what data you submit to us or we collect in this connection or otherwise when you log in to our Service.

We can collect personal data from the following sources:

Directly from you yourself for instance, when you do business with us, buy or subscribe to our Services and products, or when you register with or log in to our Services, visit our website, subscribe to our newsletter, reply to our customer satisfaction survey or contact us.

From other sources

Detected data generated in connection with the Service use are processed by us to the extent permitted by law for instance when you buy event tickets, use our online services, mobile apps and other Services (e.g. in connection with phone calls and sending of email or website visits).

Derived data we have created on the basis of your personal data, such as conclusions about your possible interests, made by means of analytics in order to target direct marketing.

Data obtained specifically from other sources, such as other service providers like ticket sales systems we use, for example, adding your ticket sales related email to our event email contact list where we announce our event-related news.

Disclosure of personal data to Assembly is not compulsory, but if you choose not to disclose your personal data, we will not necessarily be able to provide you with our Services.

What personal data do we process on you?

We may process the following types of personal data:

  • Basic details, such as name and contact details, the desired communications channel, title or profession, for corporate contact persons also the area of responsibility / position, and social media identification data.
  • Demographic data, such as age, date of birth, gender, and mother tongue.
  • Personal identity number, if necessary in order to identify the customer for invoicing purposes, for example, or if otherwise permitted or required by law.
  • Data collected in connection with the registration with and login to Assembly’s services and portals, such as usernames and passwords.
  • Data related to the customer relationship and contractual relationships, such as information related to the Service, products and orders, and the information needed for their delivery, subscriber and user information, information related to invoicing, credit control and payments, bank details, information related to transactions (powers of attorney, authorizations), customer contacts and related recordings, e.g. calls, email and chat messages to customer service, video recordings of security cameras of your visit to our premises or events.
  • Data generated during the use of Assembly’s website and mobile apps.
  • Other data describing the Service use, including any personal data collected by means of cookies and similar technologies in connection with web or mobile browsing. Data related to the identification and registration of a customer or user
  • Data collected in connection with registration for events, competitions, and prize draws organized by Assembly.
  • Data related to direct marketing campaigns, permissions and prohibitions related to direct marketing, interests, subscriptions to newsletters and invitations to events, data related to the targeting of direct marketing.
  • Other data that we collect with your consent and that we specify when requesting your consent.

Assembly processes children’s personal data to the extent permitted by law, when appropriate in the case in question. Assembly takes reasonable efforts to ensure and verify that the custodian of a child under the age of 13 has agreed to the processing of personal data, taking into account the available technology and the privacy risks related to the processing.

How do we use your personal data?

We collect, process, and use personal data that are needed for conducting our business, efficient customer service, and appropriate commercial activities, including the processing of personal data for anonymizing data.

The processing of personal data is most often based on an agreement you have concluded with us or on Assembly’s legitimate interest in connection with Service use and provision. Assembly is entitled to process personal data for customer relationship management and in order to serve our Customers. This makes it possible, for example, to conduct targeted marketing and advertising. We may also process personal data based on other grounds, such as on the basis of your consent or the law.

In all of the above cases, we process personal data only for a specified purpose and to the extent necessary for it, taking the protection of our customers’ privacy always into account. We may combine data collected in connection with different Services in so far as the data have been collected for the same purpose. If the customer is identifiable, we may combine their customer data with analytics data collected on them in order to be able to better target our Services for the customer’s needs.

Assembly processes personal data for the following purposes:

1. On the basis of a contractual relationship and in order to provide Services:

We process your personal data for the provision and production of Services. The provision of Services requires that we process personal data for managing a customer or contractual relationship, identifying customers or users, processing and delivering orders, invoicing, service and product quality control, credit control, debt collection, customer service, and for ensuring information security, fixing various faults and incidents or for processing complaints.

We also process personal data in customer communications, e.g. when sending notifications related to Services, and in order to contact customers in issues related to our Services.

We process your personal data internally for the development, management, and quality control of our business, Services, and related processes. Such processing may be necessary, for example, when we analyze delivery processes and complaints related to them in order to improve the efficiency of our delivery process and thereby to find a better and faster way to serve our customers. We also process personal data to better understand our customers’ needs and wishes as regards, for example, the features and contents of our Services.

2. On the basis of legitimate interest:

Assembly may process your personal data on the basis of legitimate interest. Assembly has a legitimate interest to process your personal data in the following situations, for example:

Direct marketing: We process and utilize both anonymized data and personal data for marketing purposes and for building target groups for marketing within the limits of the valid legislation. In addition, we may process your personal data in order to target our marketing at the products and services that each customer finds interesting. We may use your personal data within the limits of the law for marketing both our own and our cooperation partners’ products and services, such as for direct marketing and market research, and for customer satisfaction surveys.

Personalization of services: We may process personal data or anonymized data for personalizing and targeting Services for instance by giving recommendations and by showing targeted contents in our Services or customer channels. We also process personal data and anonymized data in order to get a comprehensive picture of the customer’s use of our Services and likings related to our Services. We use such profiled data in order to enable our customers to get a better experience of the use of our Services.

Statistical purposes: We may also process your personal data in order to create statistical analyses, which enable us to develop our customer offering or improve our services or products.

We process your personal data in order to meet our legal obligations, such as for accounting and authority purposes.

We may process your personal data for all purposes to which you have given your consent. You can, for example, give your consent to the processing of your location data in order for us to target such benefits at you that are topical or relevant to you. When requesting your consent, we inform you thoroughly of the meaning of the consent to personal data processing and how you can cancel your consent.

How do we protect and safeguard your personal data?

Information security and protection of customer data are of utmost importance to us. It is important for Assembly to ensure the availability, integrity, and security of personal data. We strive to take appropriate actions in order to protect personal data and to prevent and detect unauthorized access to personal data and loss of personal data. We take continuous efforts to safeguard our customers’ rights. We take care of the security of our personnel, data, information systems, and public communications networks as well as our offices and technical facilities. We pay special attention to protecting the data we process, such as your personal data.

In data protection, we take into account the risks posed to privacy protection and business operations by the processing of personal data, the available technical options, and different kinds of threats in accordance with the applicable legislation, regulations, and obligations under agreements.

To whom do we disclose your personal data?

We may disclose your personal data to the extent permitted and required by law. We may also process anonymized or statistical data that cannot be associated with you as a person. Such information can also be disclosed to third parties for other purposes than those described in the Privacy Notice.

We may disclose your personal data to the parties below.

1. The Telia Group companies to the extent permitted by applicable legislation. Our Group companies may use your personal data for the purposes defined in this Notice, including for marketing their products or services to you.

2. Assembly’s subcontractors that process personal data on our behalf based on our assignment. These third parties are not allowed to use the personal data for any other purpose than for providing the service agreed with us. When using subcontractors, we will ensure in an appropriate manner that the processing takes place in accordance with the Privacy Notice. The processors referred to herein include, for example, IT service providers and ticket sales partners.

Our partners processing personal data on our behalf may be located outside Finland, the European Union or the European Economic Area. When transferring personal data outside the EU or EEA, we ensure by means of agreements (e.g. by the use of the EU Commission’s standard contractual clauses) or otherwise that the transfers are implemented as required by law. In addition, we ensure, and also expect our processors to ensure, as required by legislation, that your personal data remain protected regardless of whether they are transferred outside the EU or EEA.

3. Other third parties with your consent, which we may have received in connection with a particular service, for example.

4. In relation to legal proceedings or at the request of an authority on the basis of applicable law or court order or in connection with a trial or authority process.

We may also disclose your data to a competent authority, such as the police or the emergency center authorities, to the extent required by law in accordance with a predefined procedure.

5. As required or permitted by law. 6. In connection with mergers and acquisitions and various business transactions and transfers.

How long do we store your personal data?

We store your personal data only as long as necessary to implement the purposes defined in the Privacy Policy unless otherwise required by legislation. No corresponding restrictions apply to the storing of anonymized data.

We do not store outdated or unnecessary information. We aim to make sure that your personal data and other customer data are up-to-date and correct.

Your data processed on the basis of a contractual relationship are stored, as a rule, for the duration of the contractual relationship or as long as the provision of the Services requires. After the expiry of the contractual relationship or the end of the Service provision, your personal data will be stored as long as they are needed, for example, for unfinished business, invoicing or complaints.

The data are stored for at least three years as a rule and no more than six years after the end of the customer relationship.

Data processed on the basis of legitimate interest are processed for as long as there are grounds for their processing. If the customer is entitled to object to the processing, the data are erased when the customer’s request related to the objection has been processed and approved. An example of this kind of processing falling within the scope of legitimate interest is direct marketing to the Customer after the end of a contractual relationship.

Data processed on the basis of legal obligations are processed and stored as long as required by law. Obligations related to the storage of personal data are set, for example, by the accounting and money laundering legislation.

The storage time of data processed with your consent is determined according to the purpose of the processing.

What rights and options do you have?

Your rights and options depend on the purposes of the processing of personal data and on the situation.

  • The right to access: You have the right to receive a confirmation of whether your personal data are processed, and if they are, to gain access to the data. If less than six months have passed since your previous inspection request, Assembly may charge you for the inspection request according to the price-list.
  • The right to give and withdraw your consent: If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time.
  • The right to rectify data: You are entitled to have your personal data rectified or, in certain cases, to have defective personal data supplemented.
  • The right to object to the processing of personal data: You are entitled to object to the processing of your personal data based on Assembly’s legitimate interests, including profiling. Assembly may reject the request if the processing is necessary in order to implement Assembly’s mandatory and legitimate interests. You are always entitled to oppose to the processing of your personal data for direct marketing purposes and for profiling related to direct marketing.
  • The right to data portability: You have the right to receive your personal data you have submitted to us for processing based on your consent or the implementation of an agreement. You are entitled to receive the data in a structured, commonly used and machine-readable format, and the right to transmit the data to another controller.
  • The right to be forgotten: You are entitled to ask Assembly to erase data related to you, for example, if (i) you consider them unnecessary for the purposes described above, (ii) you cancel the consent you have given, (iii) you consider Assembly to process your personal data unlawfully, or (iv) you object to the use of your personal data for direct marketing purposes.
  • The right to restriction of processing: You have the right under certain circumstances to require the controller to restrict the processing of your personal data. How will you know if the Privacy Notice has been amended? We will update the Privacy Notice, if necessary, as our operations and Services develop. We advise you to check for the latest version regularly on our website.

How can you exercise your rights and contact us?

You can exercise all the rights of a data subject by emailing us at privacy@assembly.org

You can send any questions related to the processing of personal data or the Privacy Notice to the addresses below.

Controller

Assembly Organizing Oy

Valimotie 13B B, 00380 Helsinki

Business ID 2245136-3

Complaints related to the processing of personal data and requests related to the exercise of rights:

Assembly Organizing Oy

Privacy Requests

Valimotie 13B B, 00380 Helsinki

If you think that Assembly has acted contrary to the Privacy Notice or the valid legislation, you are entitled to file a complaint about the matter. You can also file a complaint with the Data Protection Ombudsman, who monitors the lawfulness of the processing of personal data.

If you have any questions or want to discuss how Assembly protects your privacy, please contact privacy@assembly.org.

You should also check out Telia Company Group’s data protection: https://www.teliacompany.com/en/about-the-company/privacy