top of page

Register and Data Protection Statement

This is the register and data protection statement of Pro Events Mikkeli ry in accordance with the EU General Data Protection Regulation (GDPR).
Prepared on January 14, 2025. Last modified on January 14, 2025.

 

1. Data Controller

Festival X / Pro Events Mikkeli ry
Business ID: 3470115-5
Address: Aallontie 3, 50670 OTAVA
Email: teemu.laasanen@visitmikkeli.fi
Phone: +358405131864

2. Contact Person Responsible for the Register

Teemu Laasanen
Email: teemu.laasanen@visitmikkeli.fi
Phone: +358405131864

3. Name of the Register

Registration Register for the Midnight Sun Rave Event

4. Legal Basis and Purpose of Processing Personal Data

The purpose of the register is to:

  • Manage event registrations and ticket reservations

  • Identify participants and ensure the safe organization of the event

  • Communicate event-related information (e.g., confirmations, practical instructions, and possible changes)

  • Fulfill safety and responsibility requirements

Legal Basis:

  • Consent of the data subject when registering for the event (GDPR Art. 6(1)(a))

  • Compliance with legal obligations (GDPR Art. 6(1)(c))

5. Data Content of the Register

The register collects and stores the following information:

  • Name of the registrant

  • Email address

  • Phone number

  • Reservation details (e.g., event ticket and time of reservation)

6. Regular Sources of Data

Personal data is collected from the data subject themselves when they register for the event via the website (www.festivalx.fi).

7. Data Retention Period

Personal data is retained only as long as necessary for the following purposes:

  • Organizing the event and post-event actions

  • Compliance with legal obligations (e.g., accounting)

The data will be deleted no later than three months after the event has ended unless other legislation requires a longer retention period.

8. Regular Disclosures and Transfers of Data Outside the EU or EEA

Personal data is not transferred outside the EU or EEA.

9. Principles of Register Security

Care is taken in processing the register, and data processed through information systems is adequately protected. When register data is stored on internet servers, the physical and digital security of the hardware is appropriately ensured.

The data controller ensures that stored data, server access rights, and other critical personal data security details are handled confidentially and only by employees whose job description includes such tasks.

10. Right of Access and Right to Request Data Correction

Every person registered in the database has the right to check their stored personal data and request the correction of any incorrect or incomplete data. If a person wishes to review their stored data or request corrections, the request must be submitted in writing to the data controller.

If necessary, the data controller may ask the requester to verify their identity. The data controller will respond to the request within the time frame set by the GDPR (typically within one month).

11. Other Rights Related to Personal Data Processing

Registered individuals have the right to request the deletion of their personal data ("right to be forgotten"). They also have other rights under the EU General Data Protection Regulation, such as the right to restrict data processing in certain situations.

Requests must be submitted in writing to the data controller. If necessary, the data controller may ask the requester to verify their identity. The data controller will respond within the time frame set by the GDPR (typically within one month).

bottom of page